Blame - tomcat-cas/webapps/docs/changelog.html - UniIdentify/tomcat

Hongqing Liu

2014-05-10 16:32:51 +0800

<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 6.0 (6.0.39) - Changelog</title><meta name="author" content="Remy Maucherat"><meta name="author" content="Yoav Shapira"><meta name="author" content="Filip Hanik"><meta name="author" content="Rainer Jung"><meta name="author" content="Peter Rossbach"><meta name="author" content="Konstantin Kolinko"><meta name="author" content="Jean-Frederic Clere"><meta name="author" content="Keiichi Fujino"><meta name="author" content="Mladen Turk"><meta name="author" content="Tim Whittington"><meta name="author" content="Sylvain Laurent"><meta name="author" content="Christopher Schultz"><style type="text/css" media="print">

2

.noPrint {display: none;}

3

td#mainBody {width: 100%;}

4

</style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><tr><td><a href="http://tomcat.apache.org/"><img src="./images/tomcat.gif" align="right" alt="

5

The Apache Tomcat Servlet/JSP Container

6

" border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.39, Jan 27 2014</font></td><td><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li><a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li></ul></td><td width="80%" valign="top" align="left" id="mainBody"><h1>Apache Tomcat 6.0</h1><h2>Changelog</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)"></a><a name="Tomcat_6.0.39_(markt)"><strong>Tomcat 6.0.39 (markt)</strong></a></font></td></tr><tr><td><blockquote>

7

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Catalina"></a><a name="Tomcat_6.0.39_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

8

9

10

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55166">55166</a>: Fix regression that broke XML validation when running

11

on some Java 5 JVMs. (kkolinko)

12

</td></tr>

13

</table>

14

</blockquote></td></tr></table>

15

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Coyote"></a><a name="Tomcat_6.0.39_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

16

17

18

Make the HTTP NIO connector tolerant of whitespace in the individual

19

values used for the ciphers attribute. (markt)

20

</td></tr>

21

22

Remove dependency introduced on the jsp-api.jar as part of the XML

23

validation changes introduced in 6.0.38. (markt)

24

</td></tr>

25

</table>

26

</blockquote></td></tr></table>

27

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Jasper"></a><a name="Tomcat_6.0.39_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

28

29

30

Correct several errors in jspxml Schema and DTD. (kkolinko)

31

</td></tr>

32

</table>

33

</blockquote></td></tr></table>

34

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Cluster"></a><a name="Tomcat_6.0.39_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

35

36

37

Remove an empty TestTwoPhaseCommit test from Tribes. (kkolinko)

38

</td></tr>

39

</table>

40

</blockquote></td></tr></table>

41

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Web applications"></a><a name="Tomcat_6.0.39_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

42

43

44

Fix broken link in Jasper How-To documentation. (markt)

45

</td></tr>

46

47

Align index.html and index.jsp in ROOT web application. Correct links

48

to specifications and to the Tomcat mailing lists. (kkolinko)

49

</td></tr>

50

51

Remove second copy of RUNNING.txt from the full-docs distribution. Some

52

unpacking utilities can't handle multiple copies of a file with the same

53

name in a directory. (kkolinko)

54

</td></tr>

55

</table>

56

</blockquote></td></tr></table>

57

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.39 (markt)/Other"></a><a name="Tomcat_6.0.39_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

58

59

60

Update sample Eclipse IDE project: use JUnit 4 library and prefer a

61

Java 5 JDK when several JDKs are configured. Cleanup the Ant build

files. (kkolinko)

</td></tr>

Correct Maven dependencies for individual JAR files. (markt)

66

</td></tr>

67

</table>

68

</blockquote></td></tr></table>

69

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)"></a><a name="Tomcat_6.0.38_(markt)"><strong>Tomcat 6.0.38 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

70

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Catalina"></a><a name="Tomcat_6.0.38_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

71

72

73

Ensure that when Tomcat's anti-resource locking features are used

74

that the temporary copy of the web application and not the original is

75

removed when the web application stops. (markt/kkolinko)

76

</td></tr>

77

78

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55019">55019</a>: Fix a potential exception when accessing JSPs while

79

running under a SecurityManager. (jfclere)

80

</td></tr>

81

82

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55052">55052</a>: Make JULI's LogManager to additionally look for

83

logging properties without prefixes if the property cannot be found with

a prefix. (kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55266">55266</a>: Ensure that the session ID is parsed from the request

88

before any redirect as the session ID may need to be encoded as part of

89

the redirect URL. (markt)

90

</td></tr>

91

92

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55404">55404</a>: Log warnings about using security roles in web.xml as

warnings. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55268">55268</a>: Added optional --service-start-wait-time

97

command-line option to change service start wait time from default

98

of 10 seconds. (schultz)

99

</td></tr>

100

101

Correctly associate the default resource bundle with the English locale

102

so that requests that specify an Accept-Language of English ahead of

103

French, Spanish or Japanese get the English messages they asked for.

(markt)

</td></tr>

Add missing JavaEE 5 XML schema definitions. (markt)

108

</td></tr>

109

110

When Catalina parses TLD files, always use a namespace aware parser to

111

be consistent with how Jasper parses TLD files. The

112

<code>tldNamespaceAware</code> attribute of the Context is now ignored.

(markt)

</td></tr>

As per section SRV.14.4.3 of the Servlet 2.5 specification, a namespace

117

aware, validating parser will be used when processing <code>*.tld</code>

118

and <code>web.xml</code> files if the system property

119

<code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to

120

<code>true</code>. (markt)

121

</td></tr>

122

123

Ensure that sessions IDs are not parsed from URLs for Contexts where

124

<code>disableURLRewriting</code> is <code>true</code>. (markt)

125

</td></tr>

126

127

Add an option to the Context to control the blocking of XML external

128

entities when parsing XML configuration files and enable this blocking

129

by default when a security manager is used. The block is implemented via

130

a custom resolver to enable the logging of any blocked entities. (markt)

131

</td></tr>

132

133

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=56016">56016</a>: When loading resources for XML schema validation, take

134

account of the possibility that servlet-api.jar and jsp-api.jar may not

135

be loaded by the same class loader. Patch by Juan Carlos Estibariz.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

140

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Coyote"></a><a name="Tomcat_6.0.38_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

141

142

143

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52811">52811</a>: Fix parsing of Content-Type header in

144

<code>HttpServletResponse.setContentType()</code>. Introduces a new HTTP

145

header parser that follows RFC2616. (markt)

146

</td></tr>

147

148

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54691">54691</a>: Add configuration attribute "sslEnabledProtocols"

149

to HTTP connector and document it. (Internally this attribute has

150

been already implemented but not documented, under names "protocols"

151

and "sslProtocols". Those names of this attribute are now deprecated).

(schultz)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54947">54947</a>: Fix the HTTP NIO connector that incorrectly rejected a

156

request if the CRLF terminating the request line was split across

157

multiple packets. Patch by Konstantin Preißer. (markt)

158

</td></tr>

159

160

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55228">55228</a>: Allow web applications to set a HTTP Date header.

(markt)

</td></tr>

Better adherence to RFC2616 for content-length headers. (markt)

165

</td></tr>

166

167

Add support for limiting the size of chunk extensions when using chunked

encoding. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55749">55749</a>: Improve the error message when SSLEngine is disabled

172

in the AprLifecycleListener and SSL is configured for an APR/native

connector. (markt)

</td></tr>

Avoid possible NPE if a content type is specified without a character set.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

181

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Jasper"></a><a name="Tomcat_6.0.38_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

182

183

184

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55198">55198</a>: Ensure attribute values in tagx files that include EL

185

and quoted XML characters are correctly quoted in the output. (markt)

186

</td></tr>

187

188

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55671">55671</a>: Consistently use the configuration option name

189

<code>genStringAsCharArray</code> rather than a mixture of

190

<code>genStrAsCharArray</code> and <code>genStringAsCharArray</code> but

191

retain support for <code>genStrAsCharArray</code> as in initialisation

192

parameter for the JSP servlet to retain backwards compatibility with

193

existing configurations. (markt)

194

</td></tr>

195

196

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55691">55691</a>: Fix <code>javax.el.ArrayELResolver</code> to correctly

197

handle the case where the base object is an array of primitives. (markt)

198

</td></tr>

199

200

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55973">55973</a>: Fix processing of XML schemas when validation is

201

enabled in Jasper. (kkolinko)

202

</td></tr>

203

</table>

204

</blockquote></td></tr></table>

205

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Web applications"></a><a name="Tomcat_6.0.38_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

206

207

208

Add documentation for

209

<code>o.a.c.tribes.group.interceptors.TcpFailureDetector</code>.

(kfujino)

</td></tr>

Complete the documentation for

214

<code>MessageDispatch15Interceptor</code>. (kfujino)

215

</td></tr>

216

217

Add to cluster document a description of

218

<code>notifyLifecycleListenerOnFailure</code> and

219

<code>heartbeatBackgroundEnabled</code>. (kfujino)

220

</td></tr>

221

222

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55746">55746</a>: Add documentation on the <code>allRolesMode</code> to

223

the <code>CombinedRealm</code> and <code>LockOutRealm</code>. Patch by

224

Cédric Couralet. (markt)

225

</td></tr>

226

227

Fix the sample configuration of <code>StaticMembershipInterceptor</code>

228

in order to prevent warning log. uniqueId must be 16 bytes. (kfujino)

229

</td></tr>

230

231

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55119">55119</a>: Avoid CVE-2013-1571 when generating Javadoc. (markt)

232

</td></tr>

233

</table>

234

</blockquote></td></tr></table>

235

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.38 (markt)/Other"></a><a name="Tomcat_6.0.38_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

236

237

238

Update Maven Central location used to download dependencies at build

239

time to be <code>repo.maven.apache.org</code>. (kkolinko)

240

</td></tr>

241

242

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55663">55663</a>: Minor correction to the wording of the NOTICE files to

243

align them with the

244

<a href="http://www.apache.org/legal/src-headers.html#notice">requirements

245

for NOTICE files</a>. (violetagg)

246

</td></tr>

247

248

Add <code>@since</code> markers to the common annotations classes and

249

fix a few specification compliance issues. (markt)

250

</td></tr>

251

252

Update to Eclipse JDT Compiler 4.3.1. (markt)

253

</td></tr>

254

255

Update the Apache Jakarta JSTL implementation used by the exmaples web

256

application to 1.1.2. (markt)

257

</td></tr>

258

</table>

259

</blockquote></td></tr></table>

260

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)"></a><a name="Tomcat_6.0.37_(jfclere)"><strong>Tomcat 6.0.37 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2013-05-03</strong></font></td></tr><tr><td colspan="2"><blockquote>

261

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Catalina"></a><a name="Tomcat_6.0.37_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

262

263

264

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a>: Ensure that filters are recycled. (markt/kkolinko)

265

</td></tr>

266

267

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52184">52184</a>: Reduce log level for invalid cookies. (markt)

268

</td></tr>

269

270

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53481">53481</a>: Added support for SSLHonorCipherOrder to allow

271

the server to impose its cipher order on the client. Based on a patch

272

provided by Marcel Šebek. (schultz)

273

</td></tr>

274

275

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54044">54044</a>: Correct bug in timestamp cache used by logging

276

(including the access log valve) that meant entries could be made with

277

an earlier timestamp than the true timestamp. (markt)

278

</td></tr>

279

280

In FormAuthenticator: If it is configured to change Session IDs,

281

do the change before displaying the login form. (kkolinko)

282

</td></tr>

283

284

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54054">54054</a>: Do not share shell environment variables between

285

multiple instances of the CGI servlet. (markt)

286

</td></tr>

287

288

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54087">54087</a>: Correctly handle (ignore) invalid If-Modified-Since

289

header rather than throwing an exception. (markt/kkolinko)

290

</td></tr>

291

292

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54220">54220</a>: Ensure the ErrorReportValve only generates an error

293

report if the error flag on the response has been set. (markt)

294

</td></tr>

295

296

Fix memory leak of servlet instances when running with a

297

SecurityManager and either init() or destroy() methods fail

298

or the servlet is a SingleThreadModel one, and of filter instances

299

if their destroy() method fails with an Error. (kkolinko)

300

</td></tr>

301

302

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54382">54382</a>: Fix NPE when SSI processing is enabled and an empty

303

SSI directive is present. (markt)

304

</td></tr>

305

306

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54483">54483</a>: Correct one of the Spanish translations. Based on a

307

suggestion from adinamita. (kkolinko)

308

</td></tr>

309

310

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54527">54527</a>: Synchronize conf/web.xml mime mapping with Tomcat 7.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

315

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Coyote"></a><a name="Tomcat_6.0.37_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

316

317

318

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54248">54248</a>: Ensure that byte order marks are swallowed when using

319

a Reader to read a request body with a BOM for those encodings that

320

require byte order marks. (markt)

321

</td></tr>

322

323

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54324">54324</a>: Allow APR connector to disable TLS compression

324

if OpenSSL supports it. (schultz)

325

</td></tr>

326

327

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54456">54456</a>: Ensure that if a client aborts a request when sending

328

a chunked request body that this is communicated correctly to the client

329

reading the request body. (markt)

330

</td></tr>

331

332

Update the native component of the APR/native connector to 1.1.27 and

333

make that version the recommended minimum version. (kkolinko)

334

</td></tr>

335

</table>

336

</blockquote></td></tr></table>

337

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Jasper"></a><a name="Tomcat_6.0.37_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

338

339

340

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54615">54615</a>: Tomcat 6 doesn't build against ecj 4.x (kkolinko)

341

</td></tr>

342

</table>

343

</blockquote></td></tr></table>

344

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Cluster"></a><a name="Tomcat_6.0.37_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

345

346

347

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54045">54045</a>: Make sure getMembers() returns available member when

348

TcpFailureDetector works in static cluster. (kfujino)

349

</td></tr>

350

</table>

351

</blockquote></td></tr></table>

352

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Web applications"></a><a name="Tomcat_6.0.37_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

353

354

355

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=22278">22278</a>: Add a commented out sample configuration of

356

<code>RemoteAddrValve</code> to <code>META-INF/context.xml</code>

357

files of the Manager and Host Manager applications. (kkolinko)

358

</td></tr>

359

360

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54080">54080</a>: Clarify documentation for initial value of

361

<code>internalProxies</code> attribute of <code>RemoteIpValve</code>.

(schultz/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54198">54198</a>: Clarify that

366

<code>HttpServletResponse.sendError(int)</code> results in an HTML

367

response by default. (markt)

368

</td></tr>

369

370

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54207">54207</a>: Correct JNDI factory package name in Javadoc for

371

<code>org.apache.naming.java.javaURLContextFactory</code>. (markt)

372

</td></tr>

373

</table>

374

</blockquote></td></tr></table>

375

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.37 (jfclere)/Other"></a><a name="Tomcat_6.0.37_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

376

377

378

Add sample Apache Commons Daemon JSVC wrapper script bin/daemon.sh that

379

can be used with /etc/init.d. (kkolinko)

380

</td></tr>

381

382

In the build configuration: introduce property "tomcat.output" that is

383

used to specify location of the build output directory. This simplifies

384

configuration if someone wants to move the <code>output</code> directory

385

elsewhere (e.g. out of the source tree). (kkolinko)

386

</td></tr>

387

388

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54390">54390</a>: Use 'java_home' on Mac OS X to auto-detect JAVA_HOME.

(schultz)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54601">54601</a>: Change catalina.sh to consistently use LOGGING_MANAGER

393

variable to configure logging, instead of modifying JAVA_OPTS one.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54890">54890</a>: Update to Apache Commons Daemon 1.0.15. (mturk)

398

</td></tr>

399

</table>

400

</blockquote></td></tr></table>

401

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)"></a><a name="Tomcat_6.0.36_(jfclere)"><strong>Tomcat 6.0.36 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2012-10-19</strong></font></td></tr><tr><td colspan="2"><blockquote>

402

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Catalina"></a><a name="Tomcat_6.0.36_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

403

404

405

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48692">48692</a>: Provide option to parse

406

<code>application/x-www-form-urlencoded</code> PUT requests. (schultz)

407

</td></tr>

408

409

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50306">50306</a>: New StuckThreadDetectionValve to detect requests that

410

take a long time to process, which might indicate that their processing

411

threads are stuck. Based on a patch provided by TomLu. (kkolinko)

412

</td></tr>

413

414

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50570">50570</a>: Enable FIPS mode to be set in AprLifecycleListener.

415

Based upon a patch from Chris Beckey. Note that this mode requires

416

tomcat-native 1.1.23 or later linked to a FIPS-capable OpenSSL library,

417

which one has to build by themselves. (schultz/kkolinko)

418

</td></tr>

419

420

Improve synchronization and error handling in AprLifecycleListener.

421

Do not allow to change SSL options if SSL has already been initialized.

(schultz/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52225">52225</a>: Fix ClassCastException when adding an alias for an

426

existing host via JMX. (kkolinko)

427

</td></tr>

428

429

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52293">52293</a>: Correctly handle the case when

430

<code>antiResourceLocking</code> is enabled at the Context level when

431

<code>unpackWARs</code> is disabled at the Host level. Correctly

432

handle multi-level contexts when <code>antiResourceLocking</code>

433

is enabled. Patch by Justin Miller. (kkolinko)

434

</td></tr>

435

436

Do not throw IllegalArgumentException from parseParameters() call

437

when chunked POST request is too large, but treat it like an IO error.

438

The <code>FailedRequestFilter</code> filter can be used to detect this

439

condition. (kkolinko)

440

</td></tr>

441

442

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52384">52384</a>: Do not fail with parameter parsing when debug logging

443

is enabled. (kkolinko)

444

</td></tr>

445

446

Do not flag extra '&' characters in parameters as parse errors.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52488">52488</a>: Correct typos: exipre -> expire. Based on a patch by

prockter. (markt)

</td></tr>

Reduce log level for the message about hitting

455

<code>maxParameterCount</code> limit from WARN to INFO.

456

Fix limit comparison to allow exactly <code>maxParameterCount</code>

457

parameters, as documentation says, instead of

458

<code>(maxParameterCount-1)</code>. (kkolinko)

459

</td></tr>

460

461

Slightly improve performance of UDecoder.convert(). Align

462

<code>%2f</code> handling between implementations. (kkolinko)

463

</td></tr>

464

465

Add <code>denyStatus</code> attribute to <code>RequestFilterValve</code>

466

(<code>RemoteAddrValve</code>, <code>RemoteHostValve</code> valves).

467

It allows to use different HTTP response code when rejecting denied

468

request. E.g. 404 instead of 403. (kkolinko)

469

</td></tr>

470

471

Add <code>SetCharacterEncodingFilter</code> (similar to the one

472

contained in the examples web application) to the

473

<code>org.apache.catalina.filters</code> package so that it is

474

available for all web applications. (kkolinko)

475

</td></tr>

476

477

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52500">52500</a>: Added configurable mechanism to retrieve user names

478

from X509 client certificates. Based on a patch provided by

479

Michael Furman. (schultz/kkolinko)

480

</td></tr>

481

482

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52719">52719</a>: Fix a theoretical resource leak in the JAR validation

483

that checks for non-permitted classes in web application JARs. (markt)

484

</td></tr>

485

486

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52830">52830</a>: Correct JNDI lookups when using

487

<code>javax.naming.Name</code> to identify the resource rather than a

488

<code>java.lang.String</code>. (markt)

489

</td></tr>

490

491

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52850">52850</a>: Extend memory leak prevention and detection code to

492

work with IBM as well as Oracle JVMs. Based on a patch provided by

493

Rohit Kelapure. (kkolinko)

494

</td></tr>

495

496

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52996">52996</a>: In <code>StandardThreadExecutor</code>:

497

Add the ability to configure a job queue size

498

(<code>maxQueueSize</code> attribute).

499

Add a variant of execute method that allows to specify a timeout for

500

how long we want to try to add something to the queue.

501

Based on a patch by Rüdiger Plüm. (kkolinko)

502

</td></tr>

503

504

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53047">53047</a>: If a JDBCRealm or DataSourceRealm is configured for

505

an all roles mode that only requires authorization (and no roles) and no

506

role table or column is defined, don't populate the Principal's roles.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53050">53050</a>: Fix handling of entropy value when initializing

511

session id generator in session manager. Based on proposal by

512

Andras Rozsa. (kkolinko)

513

</td></tr>

514

515

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53056">53056</a>: Add APR version number to tcnative version INFO log

message. (schultz)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53057">53057</a>: Add OpenSSL version number INFO log message when

520

initializing. (schultz)

521

</td></tr>

522

523

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53071">53071</a>: Use the message from the Throwable for the error

524

report generated by the <code>ErrorReportValve</code> if none was

525

specified via <code>sendError()</code>. Use the standard text for HTTP

526

error codes. (markt/rjung)

527

</td></tr>

528

529

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53230">53230</a>: Change session managers to throw

530

TooManyActiveSessionsException instead of IllegalStateException

531

when the maximum number of sessions has been exceeded and a new

532

session will not be created. (schultz/kkolinko)

533

</td></tr>

534

535

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53267">53267</a>: Ensure that using the GC Daemon Protection feature of

536

the <code>JreMemoryLeakPreventionListener</code> does not trigger a

537

full GC every hour. (markt/kkolinko)

538

</td></tr>

539

540

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53531">53531</a>: Fix ExpandWar.expand to check the return value of

541

File.mkdir and File.mkdirs. (schultz)

542

</td></tr>

543

544

Make the CSRF nonce cache in <code>CsrfPreventionFilter</code>

545

serializable so that it can be replicated across a cluster and/or

546

persisted across Tomcat restarts. (markt)

547

</td></tr>

548

549

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53584">53584</a>: Ignore path parameters when comparing URIs for FORM

550

authentication. This prevents users being prompted twice for passwords

551

when logging in when session IDs are being encoded as path parameters.

(markt)

</td></tr>

Various improvements to the DIGEST authenticator including

556

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52954">52954</a>, the disabling caching of an authenticated user in the

557

session by default, tracking server rather than client nonces and better

558

handling of stale nonce values. (markt)

559

</td></tr>

560

561

CVE-2012-3546: Fix bypass of security constraint checks with FORM

562

authentication. Remove unneeded processing in <code>RealmBase</code>.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53800">53800</a>: <code>FileDirContext.list()</code> did not provide

567

correct paths for subdirectories. Patch provided by Kevin Wooten.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53830">53830</a>: Better handling of <code>Manager.randomFile</code>

572

default value on Windows. (kkolinko)

573

</td></tr>

574

575

CVE-2012-4431: Fix bypass of <code>CsrfPreventionFilter</code> when

576

there is no session. Improve session management in the filter.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

581

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Coyote"></a><a name="Tomcat_6.0.36_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

582

583

584

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42181">42181</a>: Better handling of edge conditions in chunk header

585

processing. (kkolinko)

586

</td></tr>

587

588

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51477">51477</a>: Support all SSL protocol combinations in the APR/native

589

connector. This only works when using the native library version 1.1.21

or later. (rjung)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a> (comment 14): Correctly reset

594

<code>ChunkedInputFilter.needCRLFParse</code> flag when the filter

595

is recycled. (kkolinko)

596

</td></tr>

597

598

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52606">52606</a>: Ensure replayed POST bodies are available when using

AJP. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52858">52858</a>, CVE-2012-4534: Fix high CPU load with SSL, NIO and

603

sendfile when client breaks the connection before reading all the

requested data.

(fhanik/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53119">53119</a>: Prevent buffer overflow errors being reported when a

609

client disconnects before the response has been fully written from an

610

AJP connection using the APR/native connector. (kkolinko)

611

</td></tr>

612

613

Improve <code>InternalNioInputBuffer.parseHeaders()</code>. (kkolinko)

614

</td></tr>

615

616

Implement <code>maxHeaderCount</code> attribute on Connector.

617

It is equivalent of LimitRequestFields directive of

618

<a href="http://httpd.apache.org/">Apache HTTPD</a>.

619

Default value is 100. (kkolinko)

620

</td></tr>

621

622

In JkCoyoteHandler connector for AJP/1.3 protocol

623

(in <code>JkMain.setProperty()</code>):

624

Fix setting of properties when connector has already started for

625

properties that have aliases. E.g. it now allows to change

626

<code>maxHeaderCount</code> attribute on Connector MBean via JMX.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53725">53725</a>: Fix possible corruption of GZIP'd output. (kkolinko)

631

</td></tr>

632

</table>

633

</blockquote></td></tr></table>

634

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Jasper"></a><a name="Tomcat_6.0.36_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

635

636

637

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48097">48097</a> (comment 7), <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53366">53366</a> (comment 1):

638

If JSP page unexpectedly fails to initialize PageContext instance,

639

write exception to the logs instead of silent swallowing. (kkolinko)

640

</td></tr>

641

642

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52335">52335</a>: Only handle <code><\%</code> and not

643

<code>\%</code> as escaped in template text. (markt)

644

</td></tr>

645

646

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52666">52666</a>: Correct coercion order in EL when processing the

647

equality and inequality operators. (markt)

648

</td></tr>

649

650

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53001">53001</a>: Revert the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46915">46915</a> since the use case

651

described in the bug is invalid since it breaks the EL specification.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53032">53032</a>: Modify <code>JspC</code> so it extends

656

<code>org.apache.tools.ant.Task</code> enabling it to work with features

657

such as namespaces within build.xml files. (markt)

658

</td></tr>

659

</table>

660

</blockquote></td></tr></table>

661

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Cluster"></a><a name="Tomcat_6.0.36_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

662

663

664

Replicate principal in ClusterSingleSignOn. (kfujino)

665

</td></tr>

666

667

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53513">53513</a>: Fix race condition between the processing of session

668

sync message and transfer complete message. (kfujino)

669

</td></tr>

670

671

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53606">53606</a>: Fix potential NPE in <code>TcpPingInterceptor</code>.

672

Based on a patch by F. Arnoud. (markt)

673

</td></tr>

674

675

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53607">53607</a>: To avoid NPE, set TCP PING data to ChannelMessage.

676

Patch provided by F.Arnoud (kfujino)

677

</td></tr>

678

679

Fix a behavior of TcpPingInterceptor#useThread.

680

Do not start a ping thread when useThread is set to false. (kfujino)

681

</td></tr>

682

</table>

683

</blockquote></td></tr></table>

684

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Web applications"></a><a name="Tomcat_6.0.36_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

685

686

687

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52243">52243</a>: Improve windows service documentation to clarify how

688

to include <code>#</code> and/or <code>;</code> in the value of an

689

environment variable that is passed to the service. (markt)

690

</td></tr>

691

692

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52515">52515</a>: Make it clear in the Realm how-to in the documentation

693

web application that digested password storage when using DIGEST

694

authentication requires that MD5 digests are used. (markt)

695

</td></tr>

696

697

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52641">52641</a>: Remove mentioning of ldap.jar from docs.

698

Patch provided by Felix Schumacher. (rjung)

699

</td></tr>

700

701

Remove obsolete bug warning from windows service

702

documentation page. (rjung)

703

</td></tr>

704

705

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52983">52983</a>: Remove unnecessary code that makes switching to

706

other authentication methods difficult. (markt)

707

</td></tr>

708

709

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53158">53158</a>: Fix documented defaults for DBCP.

710

Patch provided by ph.dezanneau at gmail.com. (rjung)

711

</td></tr>

712

713

Update JavaSE documentation links to point to the current

714

docs.oracle.com site, instead of obsolete ones (download.oracle.com,

715

java.sun.com). (kkolinko)

716

</td></tr>

717

718

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53289">53289</a>: Clarify <code>ResourceLink</code> example that

719

uses DataSource.getConnection(username, password) method. Not all

720

data source implementations support it. (kkolinko)

721

</td></tr>

722

723

Prevent the custom error pages for the Manager and Host Manager

724

applications from being accessed directly. Configure custom

725

pages for error codes 401 and 403 in Host Manager application.

(markt/kkolinko)

</td></tr>

Correct documentation for <code>enableLookups</code> attribute

730

of a Connector. By default DNS lookups are disabled. (kkolinko)

731

</td></tr>

732

733

Fix several HTML markup errors in servlets of examples web application.

(kkolinko)

</td></tr>

Change the index page of ROOT webapp to mention "manager-gui" role

738

instead of "manager" one. (kkolinko)

739

</td></tr>

740

741

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53473">53473</a>: Correct the allowed values for the SSI option

742

<code>isVirtualWebappRelative</code> which are <code>true</code> or

743

<code>false</code>. (markt)

744

</td></tr>

745

746

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53664">53664</a>: Minor JNDI Howto document enhancement concerning mail

747

properties. Patch provided by Mark Eggers. (schultz)

748

</td></tr>

749

750

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53601">53601</a>: Clarify that to build Apache Tomcat 6 from sources

751

a Java 5 JDK is recommended. (kkolinko)

752

</td></tr>

753

754

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53793">53793</a>: Change links on the list of applications in the

755

Manager to point to <code>/appname/</code> instead of

756

<code>/appname</code>. (kkolinko)

757

</td></tr>

758

</table>

759

</blockquote></td></tr></table>

760

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.36 (jfclere)/Other"></a><a name="Tomcat_6.0.36_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

761

762

763

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49402">49402</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52124">52124</a>: Fix Maven publishing script:

764

make sure it finds tomcat-juli.jar and use later version of

wagon-ssh. (jfclere)

</td></tr>

Update Apache Commons Daemon to 1.0.10. It resolves <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52548">52548</a>

769

which meant that services created with service.bat did not set the

770

<code>catalina.home</code> and <code>catalina.base</code> system

771

properties. (markt, kkolinko)

772

</td></tr>

773

774

Update Apache Commons Pool to 1.5.7. (kkolinko)

775

</td></tr>

776

777

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52579">52579</a>: Add a note about Sun's Charset.decode() bug to the

778

RELEASE-NOTES file. (kkolinko)

779

</td></tr>

780

781

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52805">52805</a>: Update to Eclipse JDT Compiler 3.7.2. (kkolinko)

782

</td></tr>

783

784

Update the native component of the APR/native connectors to 1.1.23

785

and take advantage of the simplified distribution. (kkolinko)

786

</td></tr>

787

788

When building a Windows installer do not copy whole "res" folder to

789

output/dist, but only the files that we need. Apply fixcrlf filter

790

only after the files are copied, so that <code>INSTALLLICENSE</code>

791

file had correct line ends. (kkolinko)

792

</td></tr>

793

794

Remove <code>res/License.rtf</code>. The file that is actually shown

795

by the Windows installer is <code>res/INSTALLLICENSE</code>.

(kkolinko)

</td></tr>

Improve <code>RUNNING.txt</code>. (kkolinko)

800

</td></tr>

801

802

Align the script that deploys Maven jars for Tomcat

803

(<code>res/maven/mvn-pub.xml</code>) with the Tomcat 7 version,

804

making full use of Nexus. (markt)

805

</td></tr>

806

807

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53034">53034</a>: Add <code>project.url</code> and

808

<code>project.licenses</code> sections to the POMs for the Maven

809

artifacts. (kkolinko)

810

</td></tr>

811

812

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53454">53454</a>: Return correct content-length header for HEAD requests

813

when content length is greater than 2GB. (markt)

814

</td></tr>

815

</table>

816

</blockquote></td></tr></table>

817

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.35 (jfclere)"></a><a name="Tomcat_6.0.35_(jfclere)"><strong>Tomcat 6.0.35 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-12-05</strong></font></td></tr><tr><td colspan="2"><blockquote>

818

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.35 (jfclere)/Catalina"></a><a name="Tomcat_6.0.35_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

819

820

821

Fix regression in decoding of parameters that contain spaces.

822

Patch by Willem Fibbe. (kkolinko)

823

</td></tr>

824

</table>

825

</blockquote></td></tr></table>

826

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)"></a><a name="Tomcat_6.0.34_(jfclere)"><strong>Tomcat 6.0.34 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

827

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Catalina"></a><a name="Tomcat_6.0.34_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

828

829

830

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51550">51550</a>: Display an error page rather than an empty response

831

for an IllegalStateException caused by too many active sessions. (markt)

832

</td></tr>

833

834

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51640">51640</a>: Improve the memory leak prevention for leaks

835

triggered by java.sql.DriverManager. (markt/kkolinko)

836

</td></tr>

837

838

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51688">51688</a>: JreMemoryLeakPreventionListener now protects against

839

AWT thread creation. (schultz)

840

</td></tr>

841

842

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51758">51758</a>: The digester (used for processing XML files) used the

843

logger name <code>org.apache.commons.digester.Digester</code> rather

844

than the expected <code>org.apache.tomcat.util.digester.Digester</code>.

845

The digester has been changed to use the expected logger name.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51862">51862</a>: Added a <code>classesToInitialize</code> attribute to

850

<code>JreMemoryLeakPreventionListener</code> to allow pre-loading of configurable

851

classes to avoid some classloader leaks. (slaurent)

852

</td></tr>

853

854

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51872">51872</a>: Ensure that the access log always uses the correct

855

value for the remote IP address associated with the request and that

856

requests with multiple errors do not result in multiple entries in

857

the access log. (markt)

858

</td></tr>

859

860

Allow to overwrite the check for distributability

861

of session attributes by session implementations. (rjung)

862

</td></tr>

863

864

Provide the log format "OneLineFormatter" for JULI that provides the same

865

information as the default plus thread name but on a single line.

(markt/rjung)

</td></tr>

Ensure the the memory leak protection for the HttpClient keep-alive

870

always operates even if the thread has already stopped. (markt)

871

</td></tr>

872

873

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51940">51940</a>: Do not limit saving of request bodies during FORM

874

authentication to POST requests since any HTTP method may include a

875

request body. Based on a patch by Nicholas Sushkin. (kkolinko)

876

</td></tr>

877

878

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52091">52091</a>: Address performance issues related to lock contention

879

in StandardWrapper. Based on patch provided by Taiki Sugawara.

(kkolinko)

</td></tr>

In GenericPrincipal, SerializablePrincipal: Do not sort lists of roles

884

that have only one element. (kkolinko)

885

</td></tr>

886

887

Make configuration issue for CsrfPreventionFilter result in the

888

failure of the filter rather than just a warning message. (kkolinko)

889

</td></tr>

890

891

Ensure changes to the configuration of RemoteAddrValve and

892

RemoteHostValve via JMX are thread-safe. (kkolinko)

893

</td></tr>

894

895

Make configuration issue for RemoteAddrValve and

896

RemoteHostValve result in the failure of the valve rather than

897

just a warning message. (kkolinko)

898

</td></tr>

899

900

In <code>RequestFilterValve</code> (<code>RemoteAddrValve</code>,

901

<code>RemoteHostValve</code>): refactor value matching logic into

902

separate method and expose this new method <code>isAllowed</code>

903

through JMX. (kkolinko)

904

</td></tr>

905

906

Improve performance of parameter processing for GET and POST requests.

907

Also add an option to limit the maximum number of parameters processed

908

per request. This defaults to 10000. Excessive parameters are ignored.

909

Note that <code>FailedRequestFilter</code> can be used to reject the

910

request if some parameters were ignored. (markt/kkolinko)

911

</td></tr>

912

913

New filter <code>FailedRequestFilter</code> that will reject a request

914

if there were errors during HTTP parameter parsing. (kkolinko)

915

</td></tr>

916

</table>

917

</blockquote></td></tr></table>

918

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Coyote"></a><a name="Tomcat_6.0.34_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

919

920

921

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50394">50394</a>: Return -1 from read operation instead of throwing an

922

exception when encountering an EOF with the HTTP APR connector.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51698">51698</a>: Fix CVE-2011-3190. Prevent AJP message injection.

(markt)

</td></tr>

Detect incomplete AJP messages and reject the associated request if one

is found. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51794">51794</a>: Fix race condition in NioEndpoint selector. Patch

935

provided by dlord. (fhanik)

936

</td></tr>

937

938

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51905">51905</a>: Fix infinite loop in AprEndpoint shutdown if

939

acceptor unlock fails. Reduce timeout before forcefully closing

940

the socket from 30s to 10s. (kkolinko)

941

</td></tr>

942

943

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52121">52121</a>: Fix possible output corruption when compression is

944

enabled for a connector and the response is flushed. Test

945

case provided by David Marcks. (kkolinko)

946

</td></tr>

947

948

Replace unneeded call that iterated events queue in NioEndpoint.Poller.

(kkolinko)

</td></tr>

Improve MimeHeaders.toString(). (kkolinko)

953

</td></tr>

954

955

Allow the BIO HTTP connector to be used with SSL when running under Java

7. (markt)

</td></tr>

Improve multi-byte character handling in all connectors. (rjung)

960

</td></tr>

961

</table>

962

</blockquote></td></tr></table>

963

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Jasper"></a><a name="Tomcat_6.0.34_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

964

965

966

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51220">51220</a>: Correct copy/paste error in original commit for this

issue. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52091">52091</a>: Address performance issues related to log creation

971

in TagHandlerPool. Patch provided by Taiki Sugawara. (markt)

972

</td></tr>

973

</table>

974

</blockquote></td></tr></table>

975

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Cluster"></a><a name="Tomcat_6.0.34_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

976

977

978

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51736">51736</a>: Make rpcTimeout configurable in BackupManager.

(kfujino)

</td></tr>

New cluster manager attribute <code>sessionAttributeFilter</code>

983

allows to filter which session attributes are replicated using a

984

regular expression applied to the attribute name. (rjung)

985

</td></tr>

986

987

Avoid an unnecessary session ID change notice.

988

Notice of changed session ID by JvmRouteBinderValve is unnecessary to

989

BackupManager. In BackupManager, change of session ID is replicated by

990

the call of a setId() method. (kfujino)

991

</td></tr>

992

993

Fix unneeded duplicate <code>resetDeltaRequest()</code> call in

994

<code>DeltaSession.setId(String)</code>. (kkolinko)

995

</td></tr>

996

997

When Context manager does not exist, no context manager message is

998

replied in order to avoid timeout (default 60 sec) of

999

GET_ALL_SESSIONS sync phase. (kfujino)

1000

</td></tr>

1001

</table>

1002

</blockquote></td></tr></table>

1003

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Web applications"></a><a name="Tomcat_6.0.34_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1004

1005

1006

Correct the documentation for the connectionLinger attribute of the HTTP

connector. (markt)

</td></tr>

Show build date and version in the header on every documentation

page. (kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52049">52049</a>: Improve setup instructions for running as a Windows

1015

service: correct information on how a JRE is identified and selected.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52172">52172</a>: Clarify Tomcat build instructions. Patch provided

1020

by bmargulies. (kkolinko)

1021

</td></tr>

1022

</table>

1023

</blockquote></td></tr></table>

1024

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.34 (jfclere)/Other"></a><a name="Tomcat_6.0.34_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

1025

1026

1027

Update the native component of the APR/native connectors to 1.1.22.

(markt)

</td></tr>

Update the recommended version of the native component of the APR/native

1032

connectors to 1.1.22. (kkolinko)

1033

</td></tr>

1034

1035

Update the Eclipse compiler (used for JSPs) to 3.7. (markt)

1036

</td></tr>

1037

1038

Correct two typos in the Windows installer. (kkolinko)

1039

</td></tr>

1040

1041

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52059">52059</a>: In Windows uninstaller: Do not forget to remove

1042

Tomcat keys from 32-bit registry on deinstallation. (kkolinko)

1043

</td></tr>

1044

</table>

1045

</blockquote></td></tr></table>

1046

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)"></a><a name="Tomcat_6.0.33_(jfclere)"><strong>Tomcat 6.0.33 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-08-18</strong></font></td></tr><tr><td colspan="2"><blockquote>

1047

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Catalina"></a><a name="Tomcat_6.0.33_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1048

1049

1050

Allow to search the virtual paths before the webapp or after it. (rjung)

1051

</td></tr>

1052

1053

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=27988">27988</a>: Improve reporting of missing files. (markt)

1054

</td></tr>

1055

1056

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=28852">28852</a>: Add URL encoding where missing to parameters in URLs

1057

presented by Ant tasks to the Manager application. Based on a patch by

1058

Stephane Bailliez. (markt)

1059

</td></tr>

1060

1061

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46252">46252</a>: Allow to specify character set to be used to write

1062

the access log in AccessLogValve. (kkolinko)

1063

</td></tr>

1064

1065

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48863">48863</a>: Provide an warning if there is a problem with a class

1066

path entry but use debug level logging if it is expected due to catalina

1067

home/base split. (kkolinko)

1068

</td></tr>

1069

1070

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49180">49180</a>: Add an option to disable file rotation in JULI

1071

FileHandler. (kkolinko)

1072

</td></tr>

1073

1074

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50189">50189</a>: Once the application has finished writing to the

1075

response, prevent further reads from the request since this causes

1076

various problems in the connectors which do not expect this. (markt)

1077

</td></tr>

1078

1079

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50700">50700</a>: Ensure that the override attribute of context

1080

parameters is correctly followed. (markt)

1081

</td></tr>

1082

1083

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50734">50734</a>: Return 404 rather than 400 for requests to the ROOT

1084

context when no ROOT context is deployed. Patch provided by Violeta

Georgieva. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50751">50751</a>: When authenticating with the JNDI Realm, only attempt

1089

to read user attributes from the directory if attributes are required.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50752">50752</a>: Fix typo in debug message in

1094

<code>org.apache.catalina.startup.Embedded</code>. (markt)

1095

</td></tr>

1096

1097

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50855">50855</a>: Fix NPE on AuthenticatorBase.register() when debug

1098

logging is enabled. (markt)

1099

</td></tr>

1100

1101

Correctly format the timestamp reported by version.[sh|bat]. (markt)

1102

</td></tr>

1103

1104

Remove unnecessary whitespace from MIME mapping entries in global

1105

web.xml file. (markt)

1106

</td></tr>

1107

1108

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51042">51042</a>: Don't trigger session creation listeners when a

1109

session ID is changed as part of the authentication process. (markt)

1110

</td></tr>

1111

1112

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51119">51119</a>: Add JAAS authentication support to the

1113

JMXRemoteLifecycleListener. Patch provided by Neil Laurance. (markt)

1114

</td></tr>

1115

1116

Implement display of multiple request headers in AccessLogValve:

1117

print not just the value of the first header, but of the all of them,

1118

separated by commas. (kkolinko)

1119

</td></tr>

1120

1121

Correct the SSLValve so it returns the SSL key size as an Integer rather

1122

than as a String. (markt)

1123

</td></tr>

1124

1125

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51162">51162</a>: Prevent possible NPE when removing a web application.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51249">51249</a>: Improve system property replacement code

1130

in ClassLoaderLogManager of Tomcat JULI to cover some corner cases.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51315">51315</a>: Fix IAE when removing an authenticator valve from a

1135

container. Patch provided by Violeta Georgieva. (markt)

1136

</td></tr>

1137

1138

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51324">51324</a>: Improve handling of exceptions when flushing the

1139

response buffer to ensure that the doFlush flag does not get stuck in

1140

the enabled state. Patch provided by Jeremy Norris. (kkolinko)

1141

</td></tr>

1142

1143

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51348">51348</a>: Fix possible NPE when processing WebDAV locks. (markt)

1144

</td></tr>

1145

1146

Add a container event that is fired when a session's ID is changed,

1147

e.g. on authentication. (markt)

1148

</td></tr>

1149

1150

Fix CVE-2011-2204. Prevent user passwords appearing in log files if a

1151

runtime exception (e.g. OOME) occurs while creating a new user for a

1152

MemoryUserDatabase via JMX. (markt)

1153

</td></tr>

1154

1155

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51400">51400</a>: Avoid jvm bottleneck on String/byte[] conversion

1156

triggered by a JVM bug. Based on patches by Dave Engberg and Konstantin

Preißer. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51403">51403</a>: Avoid NPE in JULI FileHandler if formatter is

1161

misconfigured. (kkolinko)

1162

</td></tr>

1163

1164

Create a directory for access log or error log (in AccessLogValve and

1165

in JULI FileHandler) automatically when it is specified as a part of

1166

the file name, e.g. in the <code>prefix</code> attribute. Earlier this

1167

happened only if it was specified with the <code>directory</code>

1168

attribute. (kkolinko)

1169

</td></tr>

1170

1171

Log a failure if access log file cannot be opened. Improve i18n

1172

of messages. (kkolinko)

1173

</td></tr>

1174

1175

Improve handling of URLs with path parameters and prevent incorrect 404

1176

responses that could occur when path parameters were present. (kkolinko)

1177

</td></tr>

1178

1179

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51473">51473</a>: Fix concatenation of values in

1180

<code>SecurityConfig.setSecurityProperty()</code>. (kkolinko)

1181

</td></tr>

1182

1183

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51509">51509</a>: Fix potential concurrency issue in CSRF prevention

1184

filter that may lead to some requests failing that should not. (markt)

1185

</td></tr>

1186

1187

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51588">51588</a>: Make it easier to extend the AccessLogValve to add

1188

support for custom elements. (markt)

1189

</td></tr>

1190

1191

Unregister DataSource MBeans when web application stops. (kfujino)

1192

</td></tr>

1193

1194

CVE-2011-1184: Add additional configuration options to the DIGEST

1195

authenticator. (markt)

1196

</td></tr>

1197

</table>

1198

</blockquote></td></tr></table>

1199

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Coyote"></a><a name="Tomcat_6.0.33_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1200

1201

1202

Reduce level of log message for invalid URL parameters from WARNING to

INFO. (kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48208">48208</a>: Provide an option to specify a custom trust manager

1207

for BIO and NIO HTTP connectors using SSL. Based on a patch by Luciana

Moreira. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49595">49595</a>: Protect against crashes when using the APR/native

connector. (jfclere)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49929">49929</a>: Make sure flush packet is not send after END_RESPONSE

1216

packet. (mturk/markt)

1217

</td></tr>

1218

1219

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50887">50887</a>: Enable the provider to be configured when generating

1220

SSL certs. Based on a patch by pknopp. (markt)

1221

</td></tr>

1222

1223

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51073">51073</a>: Throw an exception and do not start the APR connector

1224

if it is configured for SSL and an invalid value is provided for

SSLProtocol. (markt)

</td></tr>

Fix CVE 2011-2526. Protect against infinite loops (HTTP NIO) and crashes

1229

(HTTP APR) if sendfile is configured to send more data than is available

in the file. (markt)

</td></tr>

Prevent NPEs when a socket is closed in non-error conditions after

1234

sendfile processing when using the HTTP NIO connector. (markt)

1235

</td></tr>

1236

1237

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51515">51515</a>: Prevent immediate socket close when comet is used over

HTTPS. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

1242

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Jasper"></a><a name="Tomcat_6.0.33_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

1243

1244

1245

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=36362">36362</a>: Handle the case where tag file attributes (which can

1246

use any valid XML name) have a name which is not a Java identifier.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47371">47371</a>: Correctly coerce the empty string to zero when used as

1251

an operand in EL arithmetic. Patch provided by gbt. (markt)

1252

</td></tr>

1253

1254

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50726">50726</a>: Ensure that the use of the genStringAsCharArray does

1255

not result in String constants that are too long for valid Java code.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50895">50895</a>: Don't initialize classes created during the

1260

compilation stage. (markt)

1261

</td></tr>

1262

1263

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51124">51124</a>: Make Tomcat more robust if an OOME occurs. Usually

1264

after an OOME all bets are off but this change appears to help some

1265

users and the description of a 'recoverable' OOME in the bug

1266

is a plausible one. Based on a patch by Ramiro. (markt)

1267

</td></tr>

1268

1269

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51177">51177</a>: Ensure Tomcat's MapELResolver and ListELResolver

1270

always return <code>Object.class</code> for <code>getType()</code> as

1271

required by the EL specification. (markt)

1272

</td></tr>

1273

1274

Correct possible threading issue in JSP compilation when development

1275

mode is used. (markt)

1276

</td></tr>

1277

1278

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51220">51220</a>: Add a system property to enable tag pooling with JSPs

1279

that use a custom base class. Based on a patch by Dan Mikusa. (markt)

1280

</td></tr>

1281

1282

Broaden the exception handling in the EL Parser so that more failures to

1283

parse an expression include the failed expression in the exception

1284

message. Hopefully, this will help track down the cause of

1285

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51088">51088</a>. (markt)

1286

</td></tr>

1287

1288

Improve error reporting of Jasper compilation. (schultz)

1289

</td></tr>

1290

</table>

1291

</blockquote></td></tr></table>

1292

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Cluster"></a><a name="Tomcat_6.0.33_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1293

1294

1295

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50646">50646</a>: Fix cluster message data corruption if message size

1296

exceeds the underlying buffer size. Patch provided by Olivier Costet.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50771">50771</a>: Ensure HttpServletRequest#getAuthType() returns the

1301

name of the authentication scheme if request has already been

1302

authenticated. (kfujino)

1303

</td></tr>

1304

1305

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50950">50950</a>: Correct possible NotSerializableException for an

1306

authenticated session when running with a security manager. (markt)

1307

</td></tr>

1308

1309

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51306">51306</a>: Avoid NPE when handleSESSION_EXPIRED is processed

1310

while handleSESSION_CREATED is being processed. (kfujino)

1311

</td></tr>

1312

1313

The change in session ID is notified to the container event listener on

1314

the backup node in cluster. This notification is controlled by

1315

notifyContainerListenersOnReplication. (kfujino)

1316

</td></tr>

1317

</table>

1318

</blockquote></td></tr></table>

1319

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Web applications"></a><a name="Tomcat_6.0.33_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1320

1321

1322

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41498">41498</a>: Add the allRolesMode attribute to the Realm

1323

configuration page in the documentation web application. (markt)

1324

</td></tr>

1325

1326

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48997">48997</a>: Fixed some typos and improve cross-referencing to the

1327

HTTP Connector and APR documentation with the SSL How-To page of the

1328

documentation web application. (markt)

1329

</td></tr>

1330

1331

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50804">50804</a>: Update links for Servlet 2.5 and JSP 2.1 Javadoc.

(markt)

</td></tr>

Improve class loading documentation and logging documentation.

(kkolinko)

</td></tr>

Configure Security Manager How-To to include a copy of the actual

1340

conf/catalina.policy file when the documentation is built, rather

1341

than maintaining a copy of its content. (kkolinko)

1342

</td></tr>

1343

1344

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51147">51147</a>: Fix deployment via HTML Manager that was broken by

1345

addition of CRSF protection. Patch provided by Alexis Hassler. (markt)

1346

</td></tr>

1347

1348

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51156">51156</a>: Ensure session expiration option is available in

1349

Manager application was running web applications that were defined in

server.xml. (markt)

</td></tr>

Correct the log4j configuration settings when defining conversion

1354

patterns in the documentation web application. (markt)

1355

</td></tr>

1356

1357

Update Maven repository information in the documentation to reflect

1358

current usage. (markt)

1359

</td></tr>

1360

1361

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51346">51346</a>: Update the documentation web application to make clear

1362

the circumstances in which the RequestDumperValve will consume the

1363

request's InputStream. Based on a patch by pid. (markt)

1364

</td></tr>

1365

1366

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51443">51443</a>: Document the notifySessionListenersOnReplication

1367

attribute for the DeltaManager. (markt)

1368

</td></tr>

1369

1370

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51516">51516</a>: Correct documentation web application to show correct

1371

system property name for changing the name of the SSO session cookie.

(markt)

</td></tr>

Update documentation to be even more explicit about the implications

1376

of setting the <code>path</code> attribute on a <code>Context</code>

1377

element in <code>server.xml</code>. (markt/kkolinko)

1378

</td></tr>

1379

</table>

1380

</blockquote></td></tr></table>

1381

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.33 (jfclere)/Other"></a><a name="Tomcat_6.0.33_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

1382

1383

1384

Clarify error messages in *.sh files to mention that if a script is

1385

not found it might be because execute permission is needed. (kkolinko)

1386

</td></tr>

1387

1388

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=33262">33262</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40510">40510</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50949">50949</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51135">51135</a>:

1389

Various improvements to the Windows installer to be able to install

1390

several copies of Tomcat 6 side by side. Allow to configure service

1391

name, connector and shutdown ports. Allow to choose whether to install

1392

Start menu shortcuts and Apache Tomcat monitor application for all

1393

users or for the current one only. Improve auto-detection of JAVA_HOME

1394

for 64-bit Windows platforms: autoselect 32-bit JRE if it exists and

1395

64-bit one is not available. Improve server.xml file handling.

1396

Fix uninstallation icon. (markt/kkolinko)

1397

</td></tr>

1398

1399

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50854">50854</a>: Add additional entries to the default catalina.policy

1400

file to support running the manager web application from CATALINA_HOME

1401

or CATALINA_BASE. (markt)

1402

</td></tr>

1403

1404

Update default download sources to use the central Apache Maven 2

1405

repository as some libraries have been removed from the central Apache

1406

Maven 1 repository. (kkolinko)

1407

</td></tr>

1408

1409

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51155">51155</a>: Add comments to @deprecated tags that have none. Patch

1410

provided by sebb. (kkolinko)

1411

</td></tr>

1412

1413

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51309">51309</a>: Correct logic in catalina.sh stop when using a PID

1414

file to ensure the correct message is shown. Patch provided by Caio

Cezar. (markt)

</td></tr>

Update Apache Commons Pool to 1.5.6. (kkolinko)

1419

</td></tr>

1420

1421

Update Apache Commons Daemon to 1.0.7. (kkolinko)

1422

</td></tr>

1423

1424

At build time use two alternative download locations for components

1425

downloaded from apache.org. (kkolinko)

1426

</td></tr>

1427

</table>

1428

</blockquote></td></tr></table>

1429

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.32 (jfclere)"></a><a name="Tomcat_6.0.32_(jfclere)"><strong>Tomcat 6.0.32 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-02-03</strong></font></td></tr><tr><td colspan="2"><blockquote>

1430

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.32 (jfclere)/Catalina"></a><a name="Tomcat_6.0.32_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1431

1432

1433

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48822">48822</a>: Include context name in reload and stop log statements.

1434

Based on the patch provided by Marc Guillemot. (kkolinko)

1435

</td></tr>

1436

1437

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50673">50673</a>: Improve Catalina shutdown when running as a service.

1438

Do not call System.exit(). (kkolinko)

1439

</td></tr>

1440

1441

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50689">50689</a>: Provide 100 Continue responses at appropriate points

1442

during FORM authentication if client indicates that they are expected.

(kkolinko)

</td></tr>

Improve HTTP specification compliance in support of

1447

<code>Accept-Language</code> header. This protects from known exploit

1448

of the Oracle JVM bug that triggers a DoS, CVE-2010-4476. (kkolinko)

1449

</td></tr>

1450

</table>

1451

</blockquote></td></tr></table>

1452

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.32 (jfclere)/Coyote"></a><a name="Tomcat_6.0.32_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1453

1454

1455

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49795">49795</a>: Backport AprEndpoint shutdown improvements, to make

1456

it more robust. (mturk/kkolinko)

1457

</td></tr>

1458

1459

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50325">50325</a>: When the JVM indicates support for RFC 5746, disable

1460

Tomcat's <code>allowUnsafeLegacyRenegotiation</code> configuration

1461

attribute and use the JVM configuration to control renegotiation.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50631">50631</a>: InternalNioInputBuffer should honor

1466

<code>maxHttpHeadSize</code>. (kkolinko)

1467

</td></tr>

1468

1469

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50651">50651</a>: Fix NPE in InternalNioOutputBuffer.recycle().

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

1474

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.32 (jfclere)/Cluster"></a><a name="Tomcat_6.0.32_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1475

1476

1477

Be consistent with locks on sessionCreationTiming,

1478

sessionExpirationTiming in DeltaManager.resetStatistics(). (kkolinko)

1479

</td></tr>

1480

</table>

1481

</blockquote></td></tr></table>

1482

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.31 (jfclere)"></a><a name="Tomcat_6.0.31_(jfclere)"><strong>Tomcat 6.0.31 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

1483

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.31 (jfclere)/Catalina"></a><a name="Tomcat_6.0.31_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1484

1485

1486

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49543">49543</a>: Allow Tomcat to use shared data sources with per

1487

application credentials. (fhanik)

1488

</td></tr>

1489

1490

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50205">50205</a>: Add the deployIgnorePaths attribute to the Host

1491

element. Based on a patch by Jim Riggs. (markt/kkolinko)

1492

</td></tr>

1493

1494

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50413">50413</a>: Additional fix that ensures the error page is served

1495

regardless of any Range headers in the original request. (kkolinko)

1496

</td></tr>

1497

1498

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50550">50550</a>: When a new directory is created (e.g. via WebDAV)

1499

ensure that a subsequent request for that directory does not result in a

1500

404 response. (markt/kkolinko)

1501

</td></tr>

1502

1503

Provide session creation and destruction rate metrics in the session

managers. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50606">50606</a>: Improve CGIServlet: Provide support for specifying

1508

empty value for the <code>executable</code> init-param. Provide support

1509

for explicit additional arguments for the executable. Those were

1510

broken when implementing fix for bug <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49657">49657</a>. (kkolinko)

1511

</td></tr>

1512

1513

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50620">50620</a>: Stop exceptions that occur during

1514

<code>Session.endAccess()</code> from preventing the normal completion

1515

of <code>Request.recycle()</code>. (markt)

1516

</td></tr>

1517

</table>

1518

</blockquote></td></tr></table>

1519

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.31 (jfclere)/Coyote"></a><a name="Tomcat_6.0.31_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1520

1521

1522

Remove a huge memory leak in the NIO connector introduced by the fix

1523

for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49884">49884</a>. (markt)

1524

</td></tr>

1525

</table>

1526

</blockquote></td></tr></table>

1527

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.31 (jfclere)/Cluster"></a><a name="Tomcat_6.0.31_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1528

1529

1530

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50600">50600</a>: Prevent a <code>ConcurrentModificationException</code>

1531

when removing a WAR file via the FarmWarDeployer. (markt)

1532

</td></tr>

1533

</table>

1534

</blockquote></td></tr></table>

1535

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)"></a><a name="Tomcat_6.0.30_(jfclere)"><strong>Tomcat 6.0.30 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-01-13</strong></font></td></tr><tr><td colspan="2"><blockquote>

1536

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/General"></a><a name="Tomcat_6.0.30_(jfclere)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

1537

1538

1539

Filter input of manager app servlets. (kkolinko)

1540

</td></tr>

1541

1542

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43960">43960</a>: Expose available property of StandardWrapper via JMX.

(markt)

</td></tr>

Update to Commons Daemon 1.0.5. (mturk)

1547

</td></tr>

1548

1549

Switch to using the Eclipse compiler JAR directly rather than creating

1550

it from the larger JDT download. (markt)

1551

</td></tr>

1552

1553

Allow the off-line building of the extras package. (markt)

1554

</td></tr>

1555

1556

Update to Commons Pool 1.5.5. (markt)

1557

</td></tr>

1558

1559

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49728">49728</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50084">50084</a>: Improve PID file handling when

1560

another process is managing the PID file and Tomcat does not have write

access. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49909">49909</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50201">50201</a>: Provide a mechanism to log requests

1565

rejected before they reach the AccessLogValve to appear in the access

1566

log. (markt/kkolinko)

1567

</td></tr>

1568

</table>

1569

</blockquote></td></tr></table>

1570

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Catalina"></a><a name="Tomcat_6.0.30_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1571

1572

1573

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38113">38113</a>: Provide a system property that enables a strict

1574

interpretation of the specification for <code>getQueryString()</code>

1575

when an empty query string is provided by the user agent. (markt)

1576

</td></tr>

1577

1578

Return a copy of the current URLs for the <code>WebappClassLoader</code>

1579

to prevent modification. This facilitated, although it wasn't the root

1580

cause, CVE-2010-1622. (markt)

1581

</td></tr>

1582

1583

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48837">48837</a>: Extend thread local memory leak detection to include

1584

classes loaded by subordinate class loaders to the web

1585

application's class loader such as the Jasper class loader.

1586

Patch provided by Sylvain Laurent. (kkolinko)

1587

</td></tr>

1588

1589

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48973">48973</a>: Avoid creating a SESSIONS.ser file when stopping an

1590

application if there's no session. Patch provided by Marc Guillemot.

(slaurent)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49030">49030</a>: Failure during start of one connector should not leave

1595

some connectors started and some ignored. (kkolinko)

1596

</td></tr>

1597

1598

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49195">49195</a>: Don't report an error when shutting down a Windows

1599

service for a Tomcat instance that has a disabled shutdown port. (markt)

1600

</td></tr>

1601

1602

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49209">49209</a>: Fix problem with JDBC driver memory leak prevention

1603

when running under a security manager. Patch provided by Sylvain

Laurent. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49613">49613</a>: Improve performance when using SSL for applications

1608

that make multiple class to <code>Request.getAttributeNames()</code>.

1609

Patch provided by Sampo Savolainen. (markt)

1610

</td></tr>

1611

1612

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49657">49657</a>: Handle CGI executables with spaces in the path.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49667">49667</a>: Ensure that using the JDBC driver memory leak

1617

prevention code does not cause a one of the memory leaks it is meant to

avoid. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49749">49749</a>: Respect <code>httpOnly</code> setting of Context

1622

when creating SSO cookie. (markt)

1623

</td></tr>

1624

1625

Provide better web application state information via JMX. (markt)

1626

</td></tr>

1627

1628

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49811">49811</a>: Add an option to disable URL rewriting on a per

1629

Context basis. The option name is <code>disableURLRewriting</code>.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49856">49856</a>: Expose the executor name for the connector via JMX.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49915">49915</a>: Make error more obvious, particularly when accessed

1638

via JConsole, if StandardServer.storeConfig() is called when there is

1639

no StoreConfig implementation present. (markt)

1640

</td></tr>

1641

1642

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49965">49965</a>: Use correct i18n resources for StringManager in

1643

JAASRealm. (kkolinko)

1644

</td></tr>

1645

1646

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49987">49987</a>: Fix potential data race in the population of the

1647

Servlet Context initialisation parameters. (markt)

1648

</td></tr>

1649

1650

Code clean-up. Avoid some casts in StandardContext. (markt)

1651

</td></tr>

1652

1653

Add security policy and token poller protection to the JRE memory leak

1654

protection provided in Tomcat 6. (markt/kkolinko)

1655

</td></tr>

1656

1657

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50026">50026</a>: Add support for mapping the default servlet to URLs

other than /. (timw)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50128">50128</a>: Improve exception handling in PersistentManagerBase

1662

when running with a security manager. (kkolinko)

1663

</td></tr>

1664

1665

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50131">50131</a>: Avoid possible NPE in debug output in PersistentValve.

1666

Patch provided by sebb. (kkolinko)

1667

</td></tr>

1668

1669

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50138">50138</a>: Fix threading issues in

1670

<code>org.apache.catalina.security.SecurityUtil</code>. (markt)

1671

</td></tr>

1672

1673

Add a new filter, <code>org.apache.catalina.filters.CsrfPreventionFilter</code>,

1674

to provide generic cross-site request forgery (CSRF)

1675

protection for web applications. (markt)

1676

</td></tr>

1677

1678

Make sure Contexts defined in server.xml pick up any <code>configClass</code>

1679

setting from the parent Host. (markt)

1680

</td></tr>

1681

1682

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50222">50222</a>: Modify memory leak prevention code so it pins the

1683

system class loader in memory rather than than the common class loader,

1684

which is better for embedded systems. (schultz)

1685

</td></tr>

1686

1687

Make memory leak prevention code that clears ThreadLocal instances more

1688

robust against objects with <code>toString()</code> methods that throw

exceptions. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50282">50282</a>: Load <code>javax.security.auth.login.Configuration</code>

1693

with <code>JreMemoryLeakPreventionListener</code> to avoid memory leak

1694

when stopping a webapp that would use JAAS.

(slaurent)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50413">50413</a>: Ensure 304s are not returned when using static files

1699

as error pages. (markt)

1700

</td></tr>

1701

1702

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50453">50453</a>: Correctly handle multiple <code>X-Forwarded-For</code>

1703

headers in the RemoteIpValve. Patch provided by Jim Riggs. (markt)

1704

</td></tr>

1705

1706

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50459">50459</a>: Fix thread/classloader binding issues in

1707

StandardContext. (slaurent)

1708

</td></tr>

1709

1710

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50527">50527</a>: Improve an error message shown by HttpServlet. (markt)

1711

</td></tr>

1712

1713

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50556">50556</a>: Improve JreMemoryLeakPreventionListener to prevent

1714

a potential class loader leak caused by a thread spawned when the class

1715

<code>com.sun.jndi.ldap.LdapPoolManager</code> is initialized and the

1716

system property <code>com.sun.jndi.ldap.connect.pool.timeout</code> is

1717

set to a value greater than 0. (slaurent)

1718

</td></tr>

1719

1720

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50642">50642</a>: Move the <code>sun.net.www.http.HttpClient</code>

1721

keep-alive thread memory leak protection from the

1722

JreMemoryLeakPreventionListener to the WebappClassLoader since the

1723

thread that triggers the memory leak is created on demand. (markt)

1724

</td></tr>

1725

</table>

1726

</blockquote></td></tr></table>

1727

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Coyote"></a><a name="Tomcat_6.0.30_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1728

1729

1730

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47913">47913</a>: Return the IP address rather than null for

1731

<code>getRemoteHost()</code> with the APR connector if the IP address

1732

does not resolve. (markt)

1733

</td></tr>

1734

1735

Avoid a NPE for APR connector unlockAccept with default soTimeout.

(mturk)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48545">48545</a>: Allow JSSE trust stores to be used without providing

1740

a password. Based on a patch by smmwpf54. (kkolinko)

1741

</td></tr>

1742

1743

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48738">48738</a>: Add support for flushing gzipped output. Based on a

1744

patch by Jiong Wang. (markt)

1745

</td></tr>

1746

1747

Avoid a NPE in the DeltaManager when a parallel request invalidates the

1748

session before the current request has a chance to send the replication

message. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48925">48925</a>: <code>request.getLocalAddr()</code> returns

1753

<code>null</code> when using the default Jk AJP/1.3 connector. (rjung)

1754

</td></tr>

1755

1756

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49497">49497</a>: Stop accepting new requests (inc keep-alive) once the

1757

BIO connector is paused and the current request has finished processing.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49521">49521</a>: Disable scanning for a free port in Jk AJP/1.3

1762

connector by default. Do not change <code>maxPort</code> field value of ChannelSocket

1763

in its <code>setPort()</code> and <code>init()</code> methods. Add

1764

support for <code>maxPort</code> attribute on a <code>Connector</code>

1765

element as a synonym for <code>channelSocket.maxPort</code>. (kkolinko)

1766

</td></tr>

1767

1768

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49625">49625</a>: Ensure Vary header is set if response may be

1769

compressed rather than only setting it if it is compressed. (markt)

1770

</td></tr>

1771

1772

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49730">49730</a>: Fix race condition in StandardThreadExecutor that can

1773

lead to long delays in processing requests. Patch provided by Sylvain

Laurent. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49860">49860</a>: Add support for trailing headers in chunked HTTP

1778

requests. The header length is limited to 8192 by default and the limit

1779

can be changed via a system property. (markt/kkolinko)

1780

</td></tr>

1781

1782

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49972">49972</a>: Fix potential thread safe issue when formatting dates

1783

for use in HTTP headers. (markt)

1784

</td></tr>

1785

1786

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50072">50072</a>: NIO connector can mis-read request line if not sent in

1787

a single packet. (markt/kkolinko)

1788

</td></tr>

1789

1790

Improve recycling of processors in Http11NioProtocol. (kkolinko)

1791

</td></tr>

1792

1793

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50273">50273</a>: Provide a workaround for an HP-UX issue that can

1794

result in large numbers of SEVERE log messages appearing in the logs as

1795

a result of normal operation. (markt)

1796

</td></tr>

1797

1798

Make SSL certificate encoding algorithm consistent between connectors by

1799

using the JVM default for all connectors. This also fixes an issue with

1800

the NIO connector on IBM JVMs. (markt)

1801

</td></tr>

1802

1803

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50467">50467</a>: Protected against NPE triggered by a race condition

1804

that causes the NIO poller to fail, preventing the processing of further

requests. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

1809

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Jasper"></a><a name="Tomcat_6.0.30_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

1810

1811

1812

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49217">49217</a>: Ensure that identifiers used in EL meet the

1813

requirements of the Java Language Specification. This check is off by

1814

default and can be enabled by setting a system property. (markt)

1815

</td></tr>

1816

1817

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49555">49555</a>: Correctly handled Tag Libraries where functions are

1818

defined in static inner classes. (markt)

1819

</td></tr>

1820

1821

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49665">49665</a>: Provide better information including JSP file name and

1822

location when a missing file is detected during TLD handling. Patch

1823

provided by Ted Leung. (markt)

1824

</td></tr>

1825

1826

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49985">49985</a>: Fix thread safety issue in EL parser. (markt)

1827

</td></tr>

1828

1829

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49986">49986</a>: Fix thread safety issue in JSP reloading. (timw))

1830

</td></tr>

1831

1832

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49998">49998</a>: Make jsp:root detection work with single quoted

1833

attributes as well. (timw)

1834

</td></tr>

1835

1836

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50066">50066</a>: Compile a recursive tag file if it depends on a JAR.

1837

Patch provided by Sylvain Laurent. (markt)

1838

</td></tr>

1839

1840

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50078">50078</a>: Fix threading issues in EL caches and make cache sizes

1841

configurable. Threading patch provided by Takayoshi Kimura. (markt)

1842

</td></tr>

1843

1844

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50105">50105</a>: When processing composite EL expressions use

1845

<code>Enum.name()</code> rather than <code>Enum.toString()</code> as

1846

required by the EL specification. (markt)

1847

</td></tr>

1848

1849

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50228">50228</a>: Improve recycling of <code>BodyContentImpl</code>.

1850

This avoids keeping a cached reference to a webapp-provided Writer

1851

used in JspFragment.invoke() calls. (kkolinko)

1852

</td></tr>

1853

1854

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50460">50460</a>: Fix memory leak in JspDocumentParser triggered by

1855

first access to a jspx page. (kkolinko)

1856

</td></tr>

1857

1858

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50500">50500</a>: Use correct coercions (as per the EL spec) for

1859

arithmetic operations involving string values containing '.',

1860

'e' or 'E'. Based on a patch by Brian Weisleder.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

1865

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Cluster"></a><a name="Tomcat_6.0.30_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1866

1867

1868

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49343">49343</a>: When ChannelException is thrown, remove listener from

channel. (kfujino)

</td></tr>

Add Null check when CHANGE_SESSION_ID message received. (kfujino)

1873

</td></tr>

1874

1875

When a cluster node disappears when using the backup manager, handle the

1876

failed ping message rather than propagating the exception (which just

1877

logs the stack trace but doesn't do anything to deal with the failure).

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49905">49905</a>: Fix potential memory leak when using asynchronous

1882

session replication. (markt)

1883

</td></tr>

1884

1885

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49924">49924</a>: When non-primary node changes into a primary node,

1886

make sure isPrimarySession is changed to true. (kfujino)

1887

</td></tr>

1888

1889

Add support for <code>maxActiveSessions</code> attribute to

1890

BackupManager. (kfujino)

1891

</td></tr>

1892

1893

Improve sending an access message in DeltaManager.

1894

Use <code>maxInactiveInterval</code> not of the Manager, but of the session.

1895

If <code>maxInactiveInterval</code> is negative, the access message is not

1896

being sent. (kfujino)

1897

</td></tr>

1898

1899

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50547">50547</a>: Add time stamp for CHANGE_SESSION_ID message and

1900

SESSION_EXPIRED message. (kfujino)

1901

</td></tr>

1902

</table>

1903

</blockquote></td></tr></table>

1904

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Web applications"></a><a name="Tomcat_6.0.30_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1905

1906

1907

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49585">49585</a>: Update JSVC documentation to reflect new packaging

1908

of Commons Daemon. (markt)

1909

</td></tr>

1910

1911

Configure the Manager web application to use the new CSRF protection. To

1912

take advantage of this protection, the <code>manager</code> role must be

1913

removed from all users and the new <code>manager-gui</code> and

1914

<code>manager-script</code> roles used instead. (markt)

1915

</td></tr>

1916

1917

Configure the Host Manager web application to use the new CSRF

1918

protection. To take advantage of this protection, the <code>admin</code> role

1919

must be removed from all users and the new <code>admin-gui</code> and

1920

<code>admin-script</code> roles used instead. (markt)

1921

</td></tr>

1922

1923

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50303">50303</a>: Update JNDI how-to to reflect new JavaMail and JAF

1924

download locations and that JAF is now included in Java SE 6. (markt)

1925

</td></tr>

1926

1927

CVE-2010-4172: Multiple XSS in Manager application. (markt/kkolinko)

1928

</td></tr>

1929

1930

Improve Tomcat Logging documentation. (kkolinko)

1931

</td></tr>

1932

1933

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50242">50242</a>: Provide a sample log4j configuration that more

1934

closely matches the default JULI configuration. Patch provided by

1935

Christopher Schultz. (kkolinko)

1936

</td></tr>

1937

1938

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50294">50294</a>: Add more information to documentation regarding format

1939

of configuration files. Patch provided by Luke Meyer. (markt)

1940

</td></tr>

1941

1942

Configure the Manager and Host-Manager web applications to use HttpOnly

1943

flag for their session cookies. (kkolinko)

1944

</td></tr>

1945

1946

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50316">50316</a>: Fix display of negative values in the Manager web

1947

application. (kkolinko)

1948

</td></tr>

1949

1950

Improve documentation of database connection factory. (rjung)

1951

</td></tr>

1952

</table>

1953

</blockquote></td></tr></table>

1954

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.30 (jfclere)/Other"></a><a name="Tomcat_6.0.30_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

1955

1956

1957

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48716">48716</a>: Do not call reset if the default LogManager is in use.

(markt)

</td></tr>

Use native line endings for example Eclipse configuration files in

1962

source distribution. (markt)

1963

</td></tr>

1964

1965

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49428">49428</a>: Add a work-around for the known namespace issues for

1966

some Microsoft WebDAV clients. Based on the patch provided by

1967

Panagiotis Astithas. (kkolinko)

1968

</td></tr>

1969

1970

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49861">49861</a>: Fix formatting of log messages in JXM remote listener.

1971

Do not use commas when printing RMI port numbers. (markt)

1972

</td></tr>

1973

1974

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50140">50140</a>: Don't ignore a user specified install directory

1975

on 64-bit platforms when using the Windows installer. (markt)

1976

</td></tr>

1977

1978

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50552">50552</a>: Avoid NPE that hides error message when using Ant

tasks. (schultz)

</td></tr>

Numerous improvements to the Windows installer: update install/uninstall

1983

icons, create an installation log, allow 32-bit JVMs to be selected when

1984

installing on a 64-bit platform, replace the .ini files with the script

1985

equivalents, use the new manager and host-manager roles, provide the

1986

ability to edit the roles for the added user, add support for the

1987

<code>/?</code> command line switch, clean up fully after installation,

1988

add DetailPrint statements for operations that may take time and

1989

improve the descriptions of the components. (kkolinko, mturk, markt)

1990

</td></tr>

1991

</table>

1992

</blockquote></td></tr></table>

1993

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.29 (jfclere)"></a><a name="Tomcat_6.0.29_(jfclere)"><strong>Tomcat 6.0.29 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2010-07-22</strong></font></td></tr><tr><td colspan="2"><blockquote>

1994

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.29 (jfclere)/Catalina"></a><a name="Tomcat_6.0.29_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1995

1996

1997

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48960">48960</a>: Add a new option to the SSI Servlet and SSI Filter to

1998

allow the disabling of the <code>exec</code> command. This is now

1999

disabled by default. Based on a patch by Yair Lenga. (markt)

2000

</td></tr>

2001

2002

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49551">49551</a>: Allow default context.xml location to be specified

2003

using an absolute path. (markt)

2004

</td></tr>

2005

2006

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49598">49598</a>: When session is changed and the session cookie is

2007

replaced, ensure that the new Set-Cookie header overwrites the old

2008

Set-Cookie header. (markt)

2009

</td></tr>

2010

2011

Fix order when listing Webapp loader search URLs. (rjung)

2012

</td></tr>

2013

2014

Add support for <code>*.jar</code> pattern in VirtualWebappLoader.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2019

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.28 (jfclere)"></a><a name="Tomcat_6.0.28_(jfclere)"><strong>Tomcat 6.0.28 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2010-07-09</strong></font></td></tr><tr><td colspan="2"><blockquote>

2020

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.28 (jfclere)/Catalina"></a><a name="Tomcat_6.0.28_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2021

2022

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td>Arrange filter logic. (jfclere)

2023

</td></tr>

2024

2025

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49230">49230</a>: Enhance JRE leak prevention listener with protection

2026

for the keep-alive thread started by

2027

<code>sun.net.www.http.HttpClient</code>. Patch provided by Rob Kooper.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49351">49351</a>: Fix possible NPE when embedding and no name is

2032

specified for the Service. (markt)

2033

</td></tr>

2034

2035

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49424">49424</a>: Avoid NPE if client provides no data with a chunked

2036

POST request. (markt)

2037

</td></tr>

2038

2039

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49414">49414</a>: Improve diagnostic of memory leaks.

2040

Differentiate between request threads and application

2041

created threads when warning about still running threads when an

2042

application stops. (markt)

2043

</td></tr>

2044

2045

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49443">49443</a>: Fix RemoteIpValve documentation. Use remoteIpHeader

2046

rather than remoteIPHeader consistently. (markt)

2047

</td></tr>

2048

2049

Add property <code>searchExternalFirst</code> to WebappLoader.

2050

If set, the external repositories will be searched before

2051

the WEB-INF ones. (rjung)

2052

</td></tr>

2053

</table>

2054

</blockquote></td></tr></table>

2055

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.28 (jfclere)/Cluster"></a><a name="Tomcat_6.0.28_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

2056

2057

2058

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49445">49445</a>: When session ID is changed after authentication,

2059

ensure the DeltaManager replicates the change in ID to the other nodes

2060

in the cluster. (kfujino)

2061

</td></tr>

2062

</table>

2063

</blockquote></td></tr></table>

2064

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.28 (jfclere)/Web applications"></a><a name="Tomcat_6.0.28_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2065

2066

2067

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49213">49213</a>: Grant permissions required by manager application when

2068

running under a security manager. (markt/kkolinko)

2069

</td></tr>

2070

2071

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49436">49436</a>: Correct documented default for <code>readonly</code>

2072

attribute of the UserDatabase component. (markt)

2073

</td></tr>

2074

</table>

2075

</blockquote></td></tr></table>

2076

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)"></a><a name="Tomcat_6.0.27_(jfclere)"><strong>Tomcat 6.0.27 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2077

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/General"></a><a name="Tomcat_6.0.27_(jfclere)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

2078

2079

2080

Update DBCP to 1.3. (markt)

2081

</td></tr>

2082

</table>

2083

</blockquote></td></tr></table>

2084

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Catalina"></a><a name="Tomcat_6.0.27_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2085

2086

2087

Fix CVE-2010-1157. Prevent possible disclosure of host name or IP

2088

address via the HTTP WWW-Authenticate header when using BASIC or DIGEST

2089

authentication. (markt)

2090

</td></tr>

2091

2092

Include context name when reporting memory leaks to aid root cause

2093

identification. (markt)

2094

</td></tr>

2095

2096

Improve exception handling on session de-serialization to assist in

2097

identifying the root cause of <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48007">48007</a>. (kkolinko)

2098

</td></tr>

2099

2100

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48379">48379</a>: Make session cookie name, domain and path configurable

per context. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48589">48589</a>: Make JNDIRealm easier to extend. Based on a patch by

2105

Candid Dauth. (markt/kkolinko)

2106

</td></tr>

2107

2108

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48629">48629</a>: Allow user names as well as DNs to be used with the

2109

nested role search. Add roleNested to the documentation. Patch provided

2110

by Felix Schumacher. (markt)

2111

</td></tr>

2112

2113

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48661">48661</a>: Make error page behavior consistent, regardless of how

2114

the error page is defined. If a response has been committed, always

2115

include the error page. (markt)

2116

</td></tr>

2117

2118

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48729">48729</a>: Return roles defined by both userRoleName and roleName

2119

mechanisms. Patch provided by 'eric'. Also make user's role list

immutable.(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48760">48760</a>: Fix potential multi-threading issue in static resource

2124

serving where multiple threads could try to use the the same

InputStream. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48790">48790</a>: Fix thread safety issue in the count of the maximum

2129

number of active session. (markt/kkolinko)

2130

</td></tr>

2131

2132

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48793">48793</a>: Make catalina.sh more robust to different return

2133

values on different platforms. Patch provided by Thomas GL. (markt)

2134

</td></tr>

2135

2136

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48840">48840</a>: Swallow output (if any) from use of cd when determining

2137

$CATALINA_HOME in catalina.sh and tool-wrapper.sh scripts. Based on patch

2138

provided by mdietze. (markt/kkolinko)

2139

</td></tr>

2140

2141

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48895">48895</a>: Make clearing of ThreadLocals that are causing memory

2142

leaks on web application stop, reload or undeploy configurable since the

2143

process of clearing them is not thread-safe. (markt)

2144

</td></tr>

2145

2146

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48903">48903</a>: Fix deadlock in webapp class loader. (rjung)

2147

</td></tr>

2148

2149

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48971">48971</a>: Make stopping of leaking Timer threads optional and

2150

disabled by default. (markt)

2151

</td></tr>

2152

2153

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48976">48976</a>: Document JAVA_ENDORSED_DIRS in start-up scripts. Patch

2154

provided by Laurent Vaills. (markt)

2155

</td></tr>

2156

2157

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48983">48983</a>: Improve debug logging for situations when

2158

<code>RemoteIpValve</code> is bypassed. Patch provided by Cyrille Le

Clerc. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49018">49018</a>: Fix processing of time argument in the Expire sessions

2163

action in the Manager web application. (kkolinko)

2164

</td></tr>

2165

2166

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49116">49116</a>: If session is already invalid, expire session to

2167

prevent memory leak. (kfujino)

2168

</td></tr>

2169

2170

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49158">49158</a>: Ensure only one session cookie is returned for a

2171

single request. (markt/fhanik)

2172

</td></tr>

2173

2174

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49245">49245</a>: Fix session expiration check in cross-context

requests. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49398">49398</a>: ByteChunk.indexOf(String, int, int, int) could not

2179

find a string of length 1. (kkolinko)

2180

</td></tr>

2181

2182

Fix possible overflows when calculating session statistics. (kkolinko)

2183

</td></tr>

2184

2185

Log unexpected exceptions when providing access to web application

2186

resources in ApplicationContext. (kkolinko)

2187

</td></tr>

2188

2189

Improve exception handling in CatalinaShutdownHook. (kkolinko)

2190

</td></tr>

2191

2192

Expose properties of VirtualWebappLoader and WebappClassLoader via JMX.

(rjung)

</td></tr>

</table>

</blockquote></td></tr></table>

2197

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Coyote"></a><a name="Tomcat_6.0.27_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2198

2199

2200

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48839">48839</a>: Correctly handle HTTP header folding in the NIO

2201

connector. Patch suggested by Richa Baronia. (markt)

2202

</td></tr>

2203

2204

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48843">48843</a>: Prevent possible deadlock for worker allocation in

2205

connectors. (kkolinko)

2206

</td></tr>

2207

2208

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48843">48843</a>: Fix handling of add queues in AprEndpoint.Poller and

2209

AprEndpoint.Sendfile. Do not miss wakeups. (kkolinko)

2210

</td></tr>

2211

2212

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48862">48862</a>: Add support for the backlog parameter to the AJP

2213

connector. (pero/markt)

2214

</td></tr>

2215

2216

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48917">48917</a>: Correct name of mod_jk module in ApacheConfig. Patch

2217

provided by Todd Hicks. (markt)

2218

</td></tr>

2219

2220

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49095">49095</a>: AprEndpoint did not wakeup acceptors during shutdown

2221

when deferAccept option was enabled. Based on a patch provided by

2222

Ruediger Pluem. (kkolinko)

2223

</td></tr>

2224

2225

Use chunked encoding for http 1.1 requests with no content-length

2226

(regardless of keep-alive) so client can differentiate between complete

2227

and partial responses. (markt)

2228

</td></tr>

2229

2230

Correct the SSL session timeout attribute name so the code agrees with

2231

the documentation. (markt)

2232

</td></tr>

2233

2234

CoyotePrincipal now implements Serializable. (fhanik)

2235

</td></tr>

2236

2237

Enable the BIO AJP connector to run under a security manager. (markt)

2238

</td></tr>

2239

</table>

2240

</blockquote></td></tr></table>

2241

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Jasper"></a><a name="Tomcat_6.0.27_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2242

2243

2244

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45015">45015</a>: Correct a regression in quote handling caused by the

2245

re-factoring of attribute parsing. (markt)

2246

</td></tr>

2247

2248

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48701">48701</a>: Add a system property to allow disabling enforcement

2249

of JSP.5.3. The specification recommends, but does not require, this

2250

enforcement. (kkolinko)

2251

</td></tr>

2252

2253

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48737">48737</a>: Don't assume paths that start with /META-INF/... are

2254

always in JARs. This is not true for some IDEs. Patch provided by

2255

Fabrizio Giustina. (markt)

2256

</td></tr>

2257

2258

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49081">49081</a>: Correctly handle EL expressions of the form #${...}.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49196">49196</a>: Avoid NullPointerException in PageContext.getErrorData()

2263

if an error-handling JSP page is called directly. (markt)

2264

</td></tr>

2265

</table>

2266

</blockquote></td></tr></table>

2267

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Cluster"></a><a name="Tomcat_6.0.27_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

2268

2269

2270

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48717">48717</a>: When a node joins a cluster and it receives all the

2271

current sessions, ensure the sessionCreated event is fired if the

2272

Manager is configured to replicate session events. (markt)

2273

</td></tr>

2274

2275

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48934">48934</a>: Previous fix to handle dropped connections incorrectly

2276

permanently disabled session replication. (fhanik)

2277

</td></tr>

2278

2279

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49051">49051</a>: memberAlive is not called if member has not already

2280

existed in membership. (kfujino)

2281

</td></tr>

2282

2283

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49151">49151</a>: Avoid ClassCastException in BackupManager#stop.

(kfujino)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49170">49170</a>: Do not send duplicated session. (kfujino)

2288

</td></tr>

2289

2290

Add missing messages and ensure cluster listeners log messages to

2291

correct logger. (markt)

2292

</td></tr>

2293

</table>

2294

</blockquote></td></tr></table>

2295

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Web applications"></a><a name="Tomcat_6.0.27_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2296

2297

2298

Use underscores instead of spaces in anchor names in Tomcat

2299

documentation. (kkolinko)

2300

</td></tr>

2301

2302

Add support for displaying the Spring Security user name (if present) in

2303

the Manager application. (markt)

2304

</td></tr>

2305

2306

Improve the ChatServlet <a href="aio.html">Comet</a> example

2307

(/examples/jsp/chat/). (kkolinko)

2308

</td></tr>

2309

</table>

2310

</blockquote></td></tr></table>

2311

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.27 (jfclere)/Other"></a><a name="Tomcat_6.0.27_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2312

2313

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Update to Commons Daemon 1.0.2. Use service launcher (procrun)

2314

from the Commons Daemon release. Do not keep a copy of it in our source

2315

tree. (mturk/kkolinko)</td></tr>

2316

2317

Update to NSIS 2.46. (kkolinko)

2318

</td></tr>

2319

2320

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48990">48990</a>: Fix the <code>skip.installer</code> build property

2321

so if set, only the Windows installer is skipped. (markt)

2322

</td></tr>

2323

2324

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49178">49178</a>: Provide in catalina.policy an example of additional

2325

permissions that might be needed for code located in

2326

<code>$CATALINA_BASE/lib</code>. (markt)

2327

</td></tr>

2328

2329

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49236">49236</a>: Do not use indexing when packing Tomcat JARs.

(kkolinko)

</td></tr>

Remove unused code from org.apache.tomcat.util.buf classes. (kkolinko)

2334

</td></tr>

2335

2336

Rearrange tomcat-juli.jar permissions and wrap long lines in the

2337

<code>conf/catalina.policy</code> file, to make the text more readable

2338

when cited in documentation. (kkolinko)

2339

</td></tr>

2340

2341

Do not evaluate the <code>execute.installer</code> property when building

2342

a release. The <code>skip.installer</code> property is used instead.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2347

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)"></a><a name="Tomcat_6.0.26_(jfclere)"><strong>Tomcat 6.0.26 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2010-03-11</strong></font></td></tr><tr><td colspan="2"><blockquote>

2348

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)/Catalina"></a><a name="Tomcat_6.0.26_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2349

2350

2351

Close security hole in unreleased 6.0.25 by ensuring new find leaks

2352

functionality is protected by a security constraint. (kkolinko)

2353

</td></tr>

2354

2355

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48831">48831</a>: Improve logging shutdown behaviour. Use Catalina's

2356

shutdown hook to shutdown JULI. This enables them to be shutdown in the

2357

correct order. Do not shutdown global handlers several times.

(markt/kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2362

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)/Coyote"></a><a name="Tomcat_6.0.26_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2363

2364

2365

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48584">48584</a>: Prevent the APR connector logging an error if the

2366

acceptor fails during shutdown since this is expected. (mturk)

2367

</td></tr>

2368

2369

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48660">48660</a>: Using compression should not overwrite any Vary header

2370

set by a web application. (markt)

2371

</td></tr>

2372

</table>

2373

</blockquote></td></tr></table>

2374

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)/Jasper"></a><a name="Tomcat_6.0.26_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2375

2376

2377

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48371">48371</a>: Ensure generated servlet mappings are inserted at the

2378

correct location when using JspC and allow the option that controls this

2379

to be configured on the command line. Also allow the encoding of web.xml

2380

to be configured when using JspC and deprecate some unused JspC methods.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48498">48498</a>: Avoid ArrayIndexOutOfBoundsException triggered by a

2385

Java 6/7 XML parser bug. (markt/kkolinko)

2386

</td></tr>

2387

2388

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48668">48668</a>: Additional fixes to ensure deferred syntax is handled

2389

correctly. (kkolinko)

2390

</td></tr>

2391

2392

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48827">48827</a>: Correct a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47977">47977</a>

2393

that caused an incorrect non-empty body error to be reported for valid

2394

JSP documents. (markt)

2395

</td></tr>

2396

</table>

2397

</blockquote></td></tr></table>

2398

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)/Web applications"></a><a name="Tomcat_6.0.26_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2399

2400

2401

Make changelog.xml be directly rendered as HTML by certain browsers.

(kkolinko)

</td></tr>

Add support for automated generation of TOC tables and for links to svn

2406

revisions to tomcat-docs.xsl in documentation. (kkolinko/fhanik)

2407

</td></tr>

2408

2409

Move Manager application JSPs that are not intended to be accessed

2410

directly under the WEB-INF directory. (kkolinko)

2411

</td></tr>

2412

2413

Improve the messages displayed by the find leaks diagnostic in the

2414

Manager application. (kkolinko)

2415

</td></tr>

2416

</table>

2417

</blockquote></td></tr></table>

2418

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.26 (jfclere)/Other"></a><a name="Tomcat_6.0.26_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2419

2420

2421

Encode all property files using ascii escaped UTF-8. Also fixes

2422

deployment problem when using French locale. (jfclere/rjung)

2423

</td></tr>

2424

</table>

2425

</blockquote></td></tr></table>

2426

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)"></a><a name="Tomcat_6.0.25_(jfclere)"><strong>Tomcat 6.0.25 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2427

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Catalina"></a><a name="Tomcat_6.0.25_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2428

2429

2430

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48039">48039</a>: Return immediately if start() is called on an already

2431

started StandardService. (markt)

2432

</td></tr>

2433

2434

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48109">48109</a>: Ensure InputStream is closed on error condition in web

2435

application class loader. (markt)

2436

</td></tr>

2437

2438

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48179">48179</a>: Clean up dead code that was used to read tldCache

file. (kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48318">48318</a>: Handle case where WebDAV resource is in directory

2443

listing but is not accessible. (markt)

2444

</td></tr>

2445

2446

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48384">48384</a>: Add a per context xslt option for directory listings.

2447

Make the fallback options work as described in the documentation.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48577">48577</a>: Filter URL when displaying missing included page.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48612">48612</a>: Prevent exception on shutdown if the address attribute

2456

is specified for a connector. (markt)

2457

</td></tr>

2458

2459

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48613">48613</a>: Further fixes to ensure APRLifecycleListener is only

2460

used if defined in server.xml. (fhanik)

2461

</td></tr>

2462

2463

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48614">48614</a>: Correct JULI log file buffering so default behaviour

2464

is no buffering. (fhanik)

2465

</td></tr>

2466

2467

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48625">48625</a>: Provide an option to exit if an error occurs during

2468

the initialization phase. (fhanik)

2469

</td></tr>

2470

2471

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48645">48645</a>: Use specified encoding rather than null in calls to

2472

<code>RequestUtil.URLDecode(byte[] bytes, String enc)</code> (markt)

2473

</td></tr>

2474

2475

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48653">48653</a>: Force request.secure and request.scheme to

2476

<code>false</code> and <code>http</code> if the X-Forwarded-Proto header

2477

has the value http. Patch provided by Cyrille Le Clerc. (markt)

2478

</td></tr>

2479

2480

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48678">48678</a>: Remove duplicate server field from

2481

<code>org.apache.catalina.startup.Catalina</code>. (markt)

2482

</td></tr>

2483

2484

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48694">48694</a>: Remove potential deadlock in web application class

loader. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48716">48716</a>: Provide additional configuration options for JULI.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48726">48726</a>: Prevent OOME when uploading large WAR files with the

2493

deployer. Patch provided by adam. (markt)

2494

</td></tr>

2495

2496

Improve memory leak protection by safely stopping threads started via

2497

<code>java.util.Timer</code> that an application starts but fails to

2498

stop and by clearing references retained due to the use of

2499

<code>java.util.ResourceBundle</code>. (markt)

2500

</td></tr>

2501

2502

Modify ThreadLocal memory leak detection to not report false positives

2503

and to simplify implementation. (markt/kkolinko)

2504

</td></tr>

2505

2506

Basic memory leak detection was added to the standard Host

2507

implementation and exposed via JMX to detect memory leaks on web

2508

application reload. (markt/kkolinko)

2509

</td></tr>

2510

</table>

2511

</blockquote></td></tr></table>

2512

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Coyote"></a><a name="Tomcat_6.0.25_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2513

2514

2515

Update the native/APR library version bundled with Tomcat to 1.1.20.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2520

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Jasper"></a><a name="Tomcat_6.0.25_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2521

2522

2523

Add some debug logging to the compiler where exceptions were previously

swallowed. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48170">48170</a>: Remove unnecessary synchronization that is causing

2528

issues under load. (markt)

2529

</td></tr>

2530

2531

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48580">48580</a>: Prevent AccessControlException if first access is to a

2532

JSP that uses a FunctionMapper. (markt)

2533

</td></tr>

2534

2535

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48582">48582</a>: Avoid NPE on background compilation failure. (markt)

2536

</td></tr>

2537

2538

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48616">48616</a>: Don't declare or synchronize scripting variables for

2539

JSP fragments since they are scriptless. This is an alternative fix for

2540

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42390">42390</a> that avoids both the original problem and the

2541

regression in the first fix. (kkolinko)

2542

</td></tr>

2543

2544

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48627">48627</a>: Fix regression in re-factored EL parsing. Keep

2545

literals as literals and handle deferredSyntaxAllowedAsLiteral.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48668">48668</a>: When parsing JSPs only parse EL as EL if EL is enabled

2550

else strings such as ${ will be silently dropped. (markt)

2551

</td></tr>

2552

2553

Various EL TCK failures. (markt)

2554

</td></tr>

2555

</table>

2556

</blockquote></td></tr></table>

2557

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Cluster"></a><a name="Tomcat_6.0.25_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

2558

2559

2560

Force a disconnect if an error occurs during replication such as

2561

a firewall dropping the connection. (fhanik)

2562

</td></tr>

2563

</table>

2564

</blockquote></td></tr></table>

2565

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Web applications"></a><a name="Tomcat_6.0.25_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2566

2567

2568

Add new "Find leaks" command to the Manager application. It allows to

2569

detect web applications that have caused memory leaks on stop,

2570

reload or undeploy. (markt/kkolinko)

2571

</td></tr>

2572

</table>

2573

</blockquote></td></tr></table>

2574

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.25 (jfclere)/Other"></a><a name="Tomcat_6.0.25_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2575

2576

2577

Ensure files in conf directory have CRLF line endings when using the

2578

Windows installer. (kkolinko)

2579

</td></tr>

2580

2581

Allow special characters recognized by the Windows command-line shell to

2582

be present in the names of CATALINA_HOME/_BASE and the current directory

2583

used to call the Tomcat scripts. (kkolinko)

2584

</td></tr>

2585

2586

Don't use @Deprecated annotations in

2587

<code>javax.servlet.jsp.JspContext</code> since the specification does

2588

not include them in the API definition. (markt)

2589

</td></tr>

2590

2591

Improve the information in the JAR manifest files. (markt)

2592

</td></tr>

2593

</table>

2594

</blockquote></td></tr></table>

2595

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.24 (jfclere)"></a><a name="Tomcat_6.0.24_(jfclere)"><strong>Tomcat 6.0.24 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2010-01-21</strong></font></td></tr><tr><td colspan="2"><blockquote>

2596

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.24 (jfclere)/Catalina"></a><a name="Tomcat_6.0.24_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2597

2598

2599

Correct TCK failures with security manager caused by the original fix

2600

for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47774">47774</a>. (markt)

2601

</td></tr>

2602

</table>

2603

</blockquote></td></tr></table>

2604

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.24 (jfclere)/Other"></a><a name="Tomcat_6.0.24_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2605

2606

2607

Remove broken link in README.html. (jfclere)

2608

</td></tr>

2609

2610

Add <code>.notice</code> files to the set of files that have their line

2611

endings changed. (markt)

2612

</td></tr>

2613

2614

<code>.zip</code> distributions should have windows line endings.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

2619

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)"></a><a name="Tomcat_6.0.23_(jfclere)"><strong>Tomcat 6.0.23 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2620

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)/Catalina"></a><a name="Tomcat_6.0.23_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2621

2622

2623

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47774">47774</a>: Ensure web application class loader is used when

2624

calling session listeners. (markt)

2625

</td></tr>

2626

2627

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48006">48006</a>: Add additional information to the optional

2628

X-Powered-By header to align with the content suggested in the Servlet

2629

specification. (markt)

2630

</td></tr>

2631

2632

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48345">48345</a>: Sessions timed out too early when using

2633

PersistentManager. Patch provided by Keiichi Fujino. (markt)

2634

</td></tr>

2635

2636

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48398">48398</a>: Make objects used as locks final to ensure correct

2637

operation. Patch provided by sebb. (markt)

2638

</td></tr>

2639

2640

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48417">48417</a>: Update French translations. Patch provided by André

2641

Warnier. (markt/kkolinko)

2642

</td></tr>

2643

2644

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48421">48421</a>: Fix file descriptor and potential memory leak when a

2645

web application uses a local logging.properties file. Allow a web

2646

application's log files to be deleted once the web application has been

stopped. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48454">48454</a>: Ensure stderr is completely read before terminating

2651

the CGI process. Patch provided by Markus Grieder. (markt)

2652

</td></tr>

2653

2654

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48516">48516</a>: Prevent NPE in JNDIRealm if requested user does not

2655

exist. Patch provided by Kevin Conaway. (markt)

2656

</td></tr>

2657

2658

Fix implementation of log buffer size and provide a cleaner interface.

(fhanik/kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2663

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)/Coyote"></a><a name="Tomcat_6.0.23_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2664

2665

2666

Update version of native bundled in Windows installer to 1.1.19. (mturk)

2667

</td></tr>

2668

2669

Update recommended version for native to 1.1.19. (rjung)

2670

</td></tr>

2671

2672

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48004">48004</a>: All web applications to set the http

2673

<code>Server</code> header. (markt)

2674

</td></tr>

2675

2676

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48470">48470</a>: Ensure Tomcat does not lock up if shut down under

load. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

2681

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)/Jasper"></a><a name="Tomcat_6.0.23_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2682

2683

2684

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47977">47977</a>: Using a body with a tag that has an empty body should

2685

cause an error. (markt)

2686

</td></tr>

2687

2688

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48112">48112</a>: Correct handling of } character in literals when parsing

2689

expressions. This also improves the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47413">47413</a>. (markt)

2690

</td></tr>

2691

</table>

2692

</blockquote></td></tr></table>

2693

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)/Web applications"></a><a name="Tomcat_6.0.23_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2694

2695

2696

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48530">48530</a>: Add information on the Manager Server Status page to

2697

the Manager How-To in the documentation webapp. Based on a patch by

Arnaud Espy. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48532">48532</a>: Add information to the BIO/NIO SSL configuration page

2702

in the documentation web application to specify how the defaults for the

2703

various trust store attributes are determined. (markt)

2704

</td></tr>

2705

</table>

2706

</blockquote></td></tr></table>

2707

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.23 (jfclere)/Other"></a><a name="Tomcat_6.0.23_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2708

2709

2710

Remove hard coded version numbers and instead apply version filter

2711

already defined in ant scripts. (rjung)

2712

</td></tr>

2713

2714

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47609">47609</a>: Correct regression in previous fix. (markt)

2715

</td></tr>

2716

2717

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48464">48464</a>: Provide an option to specify the command window title

2718

in catalina.bat on Windows. Patch provided by LiuYan. (markt)

2719

</td></tr>

2720

2721

Add some missing deprecation markers for

2722

<code>javax.servlet.jsp.JspContext</code>. (markt/kkolinko)

2723

</td></tr>

2724

</table>

2725

</blockquote></td></tr></table>

2726

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.22 (jfclere)"></a><a name="Tomcat_6.0.22_(jfclere)"><strong>Tomcat 6.0.22 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2727

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.22 (jfclere)/Catalina"></a><a name="Tomcat_6.0.22_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2728

2729

2730

Log errors if a web application starts a thread but fails to stop the

2731

thread when the web application stops or is reloaded. Failure to stop a

2732

thread is very likely to result in a memory leak. (markt)

2733

</td></tr>

2734

2735

Provide an option to stop any threads a web application starts but fails

2736

to stop when the web application stops or is reloaded. Using this option

2737

is very likely to result in instability and should be viewed as a last

2738

resort in development and is not recommended at all in production.

(markt)

</td></tr>

Log errors if a web application creates a ThreadLocal but fails to clear

2743

it when the web application stops or is reloaded. Failure to clear a

2744

ThreadLocal is very likely to result in a memory leak. (markt)

2745

</td></tr>

2746

2747

Clear any unintentional references remaining in

2748

<code>sun.rmi.transport.Target</code> when the web application stops or

2749

is reloaded. Failure to clear these is very likely to result in a memory

leak. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

2754

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.22 (jfclere)/Coyote"></a><a name="Tomcat_6.0.22_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2755

2756

2757

Remove unneeded line from the method that normalizes decodedURI.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2762

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.22 (jfclere)/Other"></a><a name="Tomcat_6.0.22_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2763

2764

2765

Correct MD5 generation in the build process. (jfclere/kkolinko)

2766

</td></tr>

2767

2768

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47609">47609</a>: Provide fail-safe EOL conversion for build process.

2769

Based on patches by sebb/kkolinko. (markt)

2770

</td></tr>

2771

</table>

2772

</blockquote></td></tr></table>

2773

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)"></a><a name="Tomcat_6.0.21_(jfclere)"><strong>Tomcat 6.0.21 (jfclere)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2774

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Catalina"></a><a name="Tomcat_6.0.21_(jfclere)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2775

2776

2777

Fix issues with expression language when running under a

2778

SecurityManager. (markt)

2779

</td></tr>

2780

2781

Remove duplicate mime-mapping entries in web.xml. Re-order entries

2782

alphabetically to make it easier to identify duplicates. (markt)

2783

</td></tr>

2784

2785

Use a more sensible default (webapps) for a Host's appBase.

(markt/idarwin)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37794">37794</a>: Support the parsing of parameters from chunked POSTs.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37984">37984</a>: Strip {MD5} as well as {SHA} if present in digest

2794

passwords in LDAP directories. (markt)

2795

</td></tr>

2796

2797

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38352">38352</a>: Allow JSPs to write to the directory defined by

2798

<code>javax.servlet.context.tempdir</code> when running under a security

manager. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39231">39231</a>: Call LoginContext.logout() when using JAAS realm and

2803

session expires. (markt/kkolinko)

2804

</td></tr>

2805

2806

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40380">40380</a>: Fix potential synchronization issue in

2807

StandardSession.expire(). (markt)

2808

</td></tr>

2809

2810

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41059">41059</a>: Reduce chances of errors when ENABLE_CLEAR_REFERENCES

2811

is used. Patch provided by Curt Arnold. (markt)

2812

</td></tr>

2813

2814

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43343">43343</a>: Fix additional concurrency issues identified with the

2815

persistent session manager. (markt)

2816

</td></tr>

2817

2818

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44041">44041</a>: Fix threading issue in WebappClassLoader that can lead

2819

to duplicate class definition under high load. (markt/fhanik)

2820

</td></tr>

2821

2822

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44943">44943</a>: Use the same engine name in server.xml comments to

2823

reduce copy and pastes issues. (markt/kkolinko)

2824

</td></tr>

2825

2826

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45255">45255</a>: Provide protection against session fixation by

2827

changing session ID automatically on authentication. (markt/kkolinko)

2828

</td></tr>

2829

2830

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45403">45403</a>: Add additional checks on web application deployment

2831

and do not swallow IO errors. (kkolinko)

2832

</td></tr>

2833

2834

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45785">45785</a>: Additional fix required for the extension validator.

2835

Based on a patch by Rolf Wojtech. (markt)

2836

</td></tr>

2837

2838

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46908">46908</a>: Try and support java encoding names when using an xml

2839

parser provided via the endorsed mechanism. (markt)

2840

</td></tr>

2841

2842

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46967">46967</a>: Better handling of errors when trying to use

2843

Manager.randomFile. Based on a patch by Kirk Wolf. (markt)

2844

</td></tr>

2845

2846

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47046">47046</a>: Unregister all MBeans, including when non-default

2847

engine names are used. (markt)

2848

</td></tr>

2849

2850

Use native2ascii to ensure non-ASCII characters in property files are

2851

handled correctly in all circumstances. (markt)

2852

</td></tr>

2853

2854

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47050">47050</a>: Remove unnecessary filtering of error messages.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47080">47080</a>: Fix NPE in RealmBase when uri is null. (markt)

2859

</td></tr>

2860

2861

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47158">47158</a>: Fix some thread safety issues in the AccessLogValve.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47228">47228</a>: Correct French translations. Patch provided by sebb.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47299">47299</a>: Simplify code and make embedding easier. (markt)

2870

</td></tr>

2871

2872

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47316">47316</a>: Allow different values for Service name and Engine

2873

name. This corrects a regression introduced by the fix for

2874

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42707">42707</a>. (markt)

2875

</td></tr>

2876

2877

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47343">47343</a>: Editing context.xml for a directory should not delete

2878

the directory. This was a regression caused by the fix for

2879

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42747">42747</a>. (markt)

2880

</td></tr>

2881

2882

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47364">47364</a>: Improve Javadoc for

2883

org.apache.catalina.connector.Request.getAttributeNames() to include

2884

information on the handling of Tomcat's internal request attributes.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47451">47451</a>: Don't throw an NPE if the various response.setHeader()

2889

methods are called with null header name, zero length header name or

2890

null value. Silently ignore the calls in the same way they are ignored

2891

if the response has already been committed. (markt)

2892

</td></tr>

2893

2894

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47462">47462</a>: Allow individual web applications to override metadata

2895

complete if set in the global web.xml. Patch provided by Keiichi Fujino.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47495">47495</a>: Provide a more meaningful error message is server.xml

2900

is not readable and exit immediately if a server cannot be created.

(funkman/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47518">47518</a>: Correct reference in Valve Javadoc that referred to an

2905

old method. Patch provided by Christopher Schultz. (markt)

2906

</td></tr>

2907

2908

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47537">47537</a>: Return an error page rather than a zero length 200

2909

response if the forward to the login or error page fails during FORM

2910

authentication. (markt)

2911

</td></tr>

2912

2913

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47718">47718</a>: Fix file descriptor leak on context stop/reload. Patch

2914

provided by George Sexton. (markt)

2915

</td></tr>

2916

2917

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47796">47796</a>: Fix OpenEJB integration. Reset annotation processor on

2918

context stop. (markt)

2919

</td></tr>

2920

2921

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47826">47826</a>: Correct error in debug message in

2922

org.apache.catalina.Bootstrap (markt)

2923

</td></tr>

2924

2925

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47836">47836</a>: Clear cached TLD information on context reload.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47841">47841</a>: When using the CombinedRealm, if one of the nested

2930

Realms fails to start, skip that Realm rather than preventing the

2931

CombinedRealm from starting. (markt)

2932

</td></tr>

2933

2934

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47881">47881</a>: Fix processing of startd and stopd arguments. Patch

2935

provided by Qingyang Xu. (kkolinko)

2936

</td></tr>

2937

2938

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47918">47918</a>: Correct mbean descriptors for the host deployer. Patch

2939

provided by Uwe Günther. (markt)

2940

</td></tr>

2941

2942

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47930">47930</a>: Fix thread safety issues on session swap-in in the

2943

persistent session manager. (markt/kkolinko)

2944

</td></tr>

2945

2946

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47976">47976</a>: Correct usage message and Javadoc for

2947

<code>org.apache.catalina.startup.Catalina</code>. (markt)

2948

</td></tr>

2949

2950

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47997">47997</a>: Ensure the NamingContextListener applies to all naming

2951

contexts, not just the global one. Patch provided by Michael Allman.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48049">48049</a>: Fix copy and paste error so

2956

<code>NamingContext.destroySubContext()</code> works correctly.

2957

Patch provided by gingyang.xu (markt)

2958

</td></tr>

2959

2960

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48097">48097</a>: Make WebappClassLoader to do not swallow

2961

AccessControlException. (kkolinko)

2962

</td></tr>

2963

2964

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48097">48097</a>: Avoid throwing an AccessControlException which can

2965

lead to a NoClassDefFoundError on first access of first jsp.

(kkolinko/markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48257">48257</a>: Correct error in Spanish translations. Patch provided

2970

by Guillermo Gutiérrez. (markt)

2971

</td></tr>

2972

2973

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48306">48306</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48307">48307</a>: Correct French translations. Patches

2974

provided by Marc Paquette. (markt)

2975

</td></tr>

2976

2977

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48322">48322</a>: Single quote characters are not HTTP separators and

2978

should not be treated as such in the cookie handling. (markt)

2979

</td></tr>

2980

2981

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48413">48413</a>: Correct some French translations. Patch provided by

2982

André Warnier. (markt)

2983

</td></tr>

2984

2985

Deprecate the <code>caseSensitive</code> option on the

2986

<code>StandardContext</code> which will be removed in Tomcat 7 onwards.

(markt)

</td></tr>

Log deployments consistently for WAR, directory and descriptor

deployments. (markt)

</td></tr>

Better logging for parameter decoding issues to help identify broken

requests. (markt)

</td></tr>

Update Apache Commons Pool from 1.4 to 1.5.4. This update includes

2999

various fixes to prevent deadlocks, reduces synchronization and makes

3000

object allocation occur fairly - i.e. objects are allocated to threads

3001

in the order that the threads request them. This update fixes a number

3002

of issues in Tomcat's built-in copy of DBCP. (markt)

3003

</td></tr>

3004

3005

Allow log file encoding to be configured for JULI FileHandler. (kkolinko)

3006

</td></tr>

3007

3008

Provide debug logging for JNDI lookups. (markt)

3009

</td></tr>

3010

3011

Correct JDBC driver de-registration on web application stop and fix NPE

3012

that is exposed by the fix. (markt)

3013

</td></tr>

3014

3015

Ensure JDBC driver de-registration works with a security manager.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48214">48214</a>: Ensure JDBC driver de-registration is not too zealous.

(markt)

</td></tr>

Various JNDI realm improvements for Active Directory. These include the

3024

ability to specify a default role, optional handling for nested roles

3025

and an option to ignore PartialResultExceptions (markt).

3026

</td></tr>

3027

3028

Expose Servlet Filters via JMX. Based on a patch by Xie Xiaodong as part

of GSOC2009. (markt)

</td></tr>

Tomcat now uses the Platform MBean server by default so all MBeans

3033

registered by Tomcat will be exposed via JMX (eg via JConsole) without

3034

requiring any additional configuration. (markt)

3035

</td></tr>

3036

3037

The JMX Remote Lifecycle Listener allows the ports used by JMX to be

3038

fixed, making it easier to configure firewalls to all JMX traffic to

3039

pass through. Part of the extras package. (markt)

3040

</td></tr>

3041

3042

Make context deployment error message for fixDocBase() more meaningful.

(markt)

</td></tr>

Add an additional permission required by JULI when running under newer

3047

JDKs and a security manager. (markt)

3048

</td></tr>

3049

3050

Remove unnecessary reference to tomcat-coyote.jar from the bootstrap JAR

manifest. (kkolinko)

</td></tr>

Use correct method to create URLs in VirtualWebappLoader. (kkolinko)

3055

</td></tr>

3056

3057

Provide a new listener to protect against a memory leak caused by a

3058

change in the Sun JRE from version 1.6.0_15 onwards. Also include

3059

protection against locked JAR files, memory leaks triggered by

3060

XML parsing and the GC Daemon. (markt)

3061

</td></tr>

3062

3063

Don't swallow exceptions in ApplicationContextFacade.doPrivileged()

(kkolinko)

</td></tr>

Close resource stream in WebappClassLoader after read error. (pero)

3068

</td></tr>

3069

3070

Include attribute name into the text of Non-serializable exception

3071

that might be thrown by Session.setAttribute() in distributable

3072

applications. (mturk)

3073

</td></tr>

3074

3075

Add RemoteIpValve, a port of mod_remoteip. Patch provided by Cyrille Le

Clerc. (markt)

</td></tr>

Allow per instance configuration of JULI or log4j for core Tomcat

3080

logging when using CATALINA_BASE. (markt/kkolinko)

3081

</td></tr>

3082

3083

Prevent NPE in JULI during shutdown when resources try to log messages

3084

after JULI has been shutdown. (fhanik/kkolinko)

3085

</td></tr>

3086

3087

Make the JULI FileHandler easier to extend. (fhanik)

3088

</td></tr>

3089

3090

Make buffer size for FileHandler configurable. (fhanik)

3091

</td></tr>

3092

3093

Make JULI FileHandler thread safe. (fhanik)

3094

</td></tr>

3095

3096

Provide an option to disable buffering in the JULI FileHandler.

(kkolinko)

</td></tr>

Ensure log messages are not lost on shutdown. (markt)

3101

</td></tr>

3102

3103

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44679">44679</a>: Provide an option to allow the equals character in

3104

unquoted cookie values. (markt)

3105

</td></tr>

3106

3107

Add support for a connectionTimeout parameter to the JNDIRealm. (markt)

3108

</td></tr>

3109

3110

Various (un)deployment related improvements including better handling of

3111

failed (un)deployment, additional checking for valid zip entries that

3112

don't make sense in a WAR and improved validation of WAR file names.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3117

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Coyote"></a><a name="Tomcat_6.0.21_(jfclere)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

3118

3119

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Implement <code>socket.unlockTimeout</code> attribute for NIO connector.</td></tr>

3120

3121

Update version of native bundled in Windows installer

3122

to 1.1.18. (kkolinko)

3123

</td></tr>

3124

3125

Update minimum required version for native to 1.1.17. (rjung)

3126

</td></tr>

3127

3128

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46950">46950</a>: Fix doing SSL renegotiation when a resource with CLIENT-CERT

3129

auth is requested. (markt)

3130

</td></tr>

3131

3132

Align tcnative native and Java method names. (rjung)

3133

</td></tr>

3134

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Dont report thread count from connector if an external executor is used.</td></tr>

3135

3136

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39637">39637</a>: Enable the AJP connectors to correctly handle client

3137

certificate chains. Patch by Patrik Schnellmann. (markt)

3138

</td></tr>

3139

3140

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46985">46985</a>: Clean up code and remove impossible condition.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47225">47225</a>: Fix error in calculation of a buffer length in the

mapper. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47320">47320</a>: Don't rely on the platform default encoding being

3149

suitable to parse the session ID. (markt)

3150

</td></tr>

3151

3152

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47499">47499</a>: Don't swallow bind exceptions. (markt)

3153

</td></tr>

3154

3155

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47744">47744</a>: Prevent a medium term memory leak if using SSL with

3156

the JSSE provider and also using a security manager. Based on a patch by

Greg Vanore. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47963">47963</a>: Ensure that any HTTP status messages are compliant

3161

with RFC2616. (markt/kkolinko)

3162

</td></tr>

3163

3164

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47987">47987</a>: Limit size of not found resources cache. (markt)

3165

</td></tr>

3166

3167

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48009">48009</a>: Protect against the situation where editing a

3168

context.xml file may result in the file disappearing for a very short

time. (markt)

</td></tr>

Use correct connector attribute (SSLEnabled) rather than secure to

3173

determine if SSL should be used. (fhanik)

3174

</td></tr>

3175

3176

Provide a workaround for CVE-2009-3555, the TLS renegotiation issue, for

3177

the default Blocking IO Java connector.

3178

</td></tr>

3179

3180

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48252">48252</a>: Fix stack overflow exception when setting jkHome on

3181

NIO connector. (fhanik)

3182

</td></tr>

3183

3184

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48311">48311</a>: Only the APR lifecycle listener should try and

3185

initialise APR. (markt)

3186

</td></tr>

3187

</table>

3188

</blockquote></td></tr></table>

3189

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Jasper"></a><a name="Tomcat_6.0.21_(jfclere)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

3190

3191

3192

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38797">38797</a>: Fix a regression in the previous patch for

3193

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37933">37933</a>. (markt)

3194

</td></tr>

3195

3196

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38897">38897</a>: Add uri of broken TLD to error message to aid

debugging. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41661">41661</a>: Fix thread safety issue with JspConfig.init() (markt)

3201

</td></tr>

3202

3203

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41824">41824</a>: Need to use canonical rather than binary form when

3204

writing code. (markt)

3205

</td></tr>

3206

3207

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42390">42390</a>: Fix compilation issue with some nested tag files and

3208

simple tags. (kkolinko/markt)

3209

</td></tr>

3210

3211

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43656">43656</a>: Correctly coerce <code>null</code> to zero when the

3212

target type is <code>Number</code>. (markt)

3213

</td></tr>

3214

3215

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46907">46907</a>: Don't swallow input stream when debug logging is

enabled. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47318">47318</a>: Process directives found in include preludes and

codas. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47331">47331</a>: Treat uninterpreted tags as template text for JSP.2.2.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47413">47413</a>: Ensure expressions of the form "${a}${b}"

3228

are correctly coerced to String. (kkolinko)

3229

</td></tr>

3230

3231

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47453">47453</a>: Handle void return types for deferred methods.

(funkman)

</td></tr>

Remove the code that auto-detects the value for compilerSourceVM,

3236

compilerTargetVM options of Jasper, because we know that this version

3237

of Tomcat cannot run on JDK 1.4 and thus the value is always "1.5".

(kkolinko)

</td></tr>

Change default values for JDK version compliance options of JspC

3242

(-source and -target when running from command line)

3243

to be "1.5", to be the same as the ones used by Jasper servlet.

(kkolinko)

</td></tr>

Make constants in the TagHandlerPool really constant. (markt)

3248

</td></tr>

3249

3250

When development mode is enabled and a JSP is deleted, ensure next

3251

request for that JSP is consistent with the JSP having been removed.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48019">48019</a>: Be more careful about skipping content that does not

3256

need to be parsed. (markt)

3257

</td></tr>

3258

3259

Better handling of exception in JSP if parsed JSP source is not

available. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3264

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Cluster"></a><a name="Tomcat_6.0.21_(jfclere)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

3265

3266

3267

DeltaSession needs endAccess so that CrossContext replication works. (pero)

3268

</td></tr>

3269

3270

DeltaManager needs to replicate changed attributes even if session

3271

gets invalidated. Otherwise session listeners will not see the right

3272

data on the secondary nodes. (rjung)

3273

</td></tr>

3274

3275

Spurious startup errors during session transfer.

3276

Sessions get transferred, but node still waits until timeout. (rjung)

3277

</td></tr>

3278

3279

Perform deserializtion events with context class loader. (fhanik)

3280

</td></tr>

3281

3282

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47515">47515</a>: Correctly replicate timestamp during startup. (fhanik)

3283

</td></tr>

3284

3285

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47478">47478</a>: Call replication listeners when using BackupManager. (fhanik)

3286

</td></tr>

3287

3288

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47369">47369</a>: Reset data diff after replication. (fhanik)

3289

</td></tr>

3290

3291

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40551">40551</a>: Enable the JvmRouteBinderValve to work with

3292

PersistentManagers as well as clustering. Based on a patch by Chris

Chandler. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47342">47342</a>: Fix potential NPE on replicated context start. Patch

3297

provided by Keiichi Fujino. (markt)

3298

</td></tr>

3299

3300

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47389">47389</a>: DeltaManager doesn't do session replication if

3301

notifySessionListenersOnReplication=false.

3302

Patch by Keiichi Fujino. (fhanik)

3303

</td></tr>

3304

3305

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47502">47502</a>: Don't replicate session attributes known not to be

3306

serializable. (funkman)

3307

</td></tr>

3308

3309

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47554">47554</a>: Include httpOnly attribute when re-writing session

3310

cookie after fail over. (markt)

3311

</td></tr>

3312

3313

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47799">47799</a>: Enable the domain to be configured for Membership and

3314

DomainFilterInterceptor. Patch provided by Keiichi Fujino. (markt)

3315

</td></tr>

3316

3317

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48113">48113</a>: Display IP addresses using 0 to 255 rather than -128

3318

to +127. Based on a patch by Quintin Beukes. (fhanik/kkolinko)

3319

</td></tr>

3320

</table>

3321

</blockquote></td></tr></table>

3322

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Web applications"></a><a name="Tomcat_6.0.21_(jfclere)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

3323

3324

3325

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41564">41564</a>: Add some documentation on installing Tomcat as a

3326

service on operating systems with User Account Control, e.g. Vista.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47161">47161</a>: Report thread count correctly in Manager when exectors

3331

are used and return -1 when it can not easily be determined. (markt)

3332

</td></tr>

3333

3334

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47235">47235</a>: Remove use of autoReconnect from MySQL examples.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47324">47324</a>: Fix submit URL for session list page so it works

3339

behind a reverse proxy. Patch provided by Maik Jablonski. (markt)

3340

</td></tr>

3341

3342

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47425">47425</a>: Add crlFile attribute to the SSL configuration

3343

documentation. (markt)

3344

</td></tr>

3345

3346

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47444">47444</a>: Remove Jakarta references from the documentation.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47656">47656</a>: Add information to documentation on system property

3351

replacement in configuration files. (markt)

3352

</td></tr>

3353

3354

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47705">47705</a>: Fix division by zero error in the manager when trying

3355

to expire sessions when the session timeout is set to infinite.

(funkman)

</td></tr>

Fix display of session information pages of Manager application

3360

in Internet Explorer. (kkolinko)

3361

</td></tr>

3362

3363

Do not reuse windows (tabs) for session detail pages in Manager

3364

application. (kkolinko)

3365

</td></tr>

3366

3367

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47769">47769</a>: Clarify the JNDI docs with repect to use of

3368

<resource-ref> and related elements, specifically when they are

3369

required and when they may be omitted. (markt)

3370

</td></tr>

3371

3372

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48381">48381</a>: Add information on how Tomcat treats host names to the

3373

host configuration documentation. (markt)

3374

</td></tr>

3375

</table>

3376

</blockquote></td></tr></table>

3377

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.21 (jfclere)/Other"></a><a name="Tomcat_6.0.21_(jfclere)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

3378

3379

3380

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37847">37847</a>: Make location and filename of catalina.out configurable

3381

in catalina.sh. (fhanik)

3382

</td></tr>

3383

3384

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37848">37848</a>: Re-fix not outputting info messages when there is no

terminal. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39194">39194</a>: Make classpath configuration consistent in the startup

3389

scripts. (markt/kkolinko)

3390

</td></tr>

3391

3392

Update Tomcat Windows service application (procrun) to version 2.0.5.

3393

It contains a fix for issue <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41538">41538</a> (mturk)

3394

</td></tr>

3395

3396

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40786">40786</a>: Include 64-bit Windows service wrapper in

3397

distributions. Update the Windows installer to automatically use the

3398

correct binary on 64-bit machines. (markt)

3399

</td></tr>

3400

3401

Update Windows Installer to use NSIS 2.45. They say that this version

3402

provides support for the upcoming Microsoft Windows 7. (kkolinko)

3403

</td></tr>

3404

3405

Don't add blank lines to end of files when fixing line-endings for

3406

tar.gz distribution. (markt)

3407

</td></tr>

3408

3409

Use explicit encoding during filtering operations when building Tomcat

3410

for distribution. (kkolinko)

3411

</td></tr>

3412

3413

Remove references to unused commons-collections from the build scripts.

(markt)

</td></tr>

Fix download task check for commons-pool and commons-dbcp in the

3418

build scripts. (kkolinko)

3419

</td></tr>

3420

3421

Include deployer-howto.html into the deployer distributive. (kkolinko)

3422

</td></tr>

3423

3424

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47149">47149</a>: Build scripts: Explicitly specify encoding when

3425

compiling. (kkolinko)

3426

</td></tr>

3427

3428

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47267">47267</a>: Ensure release notes displayed by Windows installer

3429

have CRLF line-endings regardless of which OS the install package is

3430

built on. (markt/kkolinko)

3431

</td></tr>

3432

3433

Include NOTICE, LICENSE and manifest files in all Tomcat JARs and add a

3434

mechanism to the build process to enable these files to be customised

3435

per JAR as required. (markt)

3436

</td></tr>

3437

3438

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47699">47699</a>: Provide better handling of PID files. (markt)

3439

</td></tr>

3440

3441

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47824">47824</a>: Make Servlet API an optional dependency for JULI when

using Maven. (markt)

</td></tr>

Add support for per instance (using $CATALINA_BASE) log4j.properties

3446

files, JDBC drivers etc by adding ${catalina.base}/lib and

3447

${catalina.base}/lib/*.jar to the start of the common loader class

path. (markt)

</td></tr>

Correct CVE-2009-3548. When installed via the Windows installer and

3452

using defaults, don't create an administrative user with a blank

3453

password. Additionally, the administrative user is only created if the

3454

manager or host-manager web applications are selected for installation.

(markt)

</td></tr>

Further improvements to the administrative user name and password

3459

handling in the Windows installer. (kkolinko)

3460

</td></tr>

3461

</table>

3462

</blockquote></td></tr></table>

3463

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)"></a><a name="Tomcat_6.0.20_(remm)"><strong>Tomcat 6.0.20 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2009-06-03</strong></font></td></tr><tr><td colspan="2"><blockquote>

3464

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Catalina"></a><a name="Tomcat_6.0.20_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

3465

3466

3467

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42579">42579</a>: Handle both relative and absolute search results in

3468

the JNDIRealm. Patch provided by Brandon DuRette. (markt)

3469

</td></tr>

3470

3471

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46562">46562</a>: Close shtml files after processing to allow other

3472

processes to modify the files. (markt)

3473

</td></tr>

3474

3475

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46815">46815</a>: Make the MemoryUserDatabase read-only by default.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46816">46816</a>: Align session manager mbean descriptor with

3480

implementation. (markt)

3481

</td></tr>

3482

3483

Fix a typo in the OPTIONS response from the default servlet. (markt)

3484

</td></tr>

3485

3486

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46822">46822</a>: Remove unnecessary object creation from

3487

StandardContext. Patch provided by Anthony Whitford. (markt)

3488

</td></tr>

3489

3490

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46866">46866</a>: Better initialisation of Random objects. (markt)

3491

</td></tr>

3492

3493

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46875">46875</a>: Catch and handle possible IllegalStateExceptions

3494

in CometConnectionManagerValve related to session expiration. (markt)

3495

</td></tr>

3496

3497

Correct some errors reported when testing the WebDAV servlet with the

3498

Litmus test suite. (markt)

3499

</td></tr>

3500

3501

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46933">46933</a>: Update StringManager to use Java 5 features. Patch

3502

provided by Jens Kapitza. (markt)

3503

</td></tr>

3504

3505

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46990">46990</a>: Fix synchronization issues reported by FindBugs. Patch

3506

provided by Sebb. (markt)

3507

</td></tr>

3508

</table>

3509

</blockquote></td></tr></table>

3510

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Coyote"></a><a name="Tomcat_6.0.20_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

3511

3512

3513

Allow huge request body packets for AJP13. (rjung)

3514

</td></tr>

3515

3516

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45026">45026</a>: Never return an empty HTTP status reason phrase.

3517

mod_jk and httpd 2.x do not like that. (rjung)

3518

</td></tr>

3519

3520

Set remote port for AJP connectors from the optional request

3521

attribute AJP_REMOTE_PORT. (rjung)

3522

</td></tr>

3523

3524

Update tc-native to 1.1.16 (markt)

3525

</td></tr>

3526

3527

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46982">46982</a>: Correct reporting of DST offset in access logs.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46984">46984</a>: Invalid characters in HTTP request method now result

3532

in a 400 response. (markt)

3533

</td></tr>

3534

3535

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46991">46991</a>: Fix AJP connector always reporting bytes received as

zero. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3540

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Jasper"></a><a name="Tomcat_6.0.20_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

3541

3542

3543

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37929">37929</a>: Fix invalidated session causing pageContext methods to

fail. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41606">41606</a>: Prevent double initialisation of JSPs. Patch provided

3548

by Chris Halstead. (markt)

3549

</td></tr>

3550

3551

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46354">46354</a>: ArrayIndexOutOfBoundsException when using

3552

org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true

3553

Patch provided by Konstantin Kolinko. (markt)

3554

</td></tr>

3555

3556

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46909">46909</a>: Only include semi-colon in type attribute for

3557

<jsp:plugin> when it is required. (markt)

3558

</td></tr>

3559

3560

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47013">47013</a>: Use system property rather than hard-coded string for

3561

pre-compilation flag. (markt)

3562

</td></tr>

3563

</table>

3564

</blockquote></td></tr></table>

3565

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Cluster"></a><a name="Tomcat_6.0.20_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

3566

3567

3568

A node should ignore its own heartbeat messages. (rjung)

3569

</td></tr>

3570

</table>

3571

</blockquote></td></tr></table>

3572

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Web applications"></a><a name="Tomcat_6.0.20_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

3573

3574

3575

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46509">46509</a>: Use correct link on error page in JSP security

3576

example. Patch provided by Michael Moody. (markt)

3577

</td></tr>

3578

3579

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46599">46599</a>: Document known DAEMON issue. (markt)

3580

</td></tr>

3581

3582

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46807">46807</a>: Correct docs for configuration of tag pooling. (markt)

3583

</td></tr>

3584

3585

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46924">46924</a>: Clarify behaviour when auto deployment is enabled and

3586

a WAR, directory or context file is deleted or updated. (markt)

3587

</td></tr>

3588

3589

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46958">46958</a>: All xml manager status output to work regardless of

3590

context path. (markt)

3591

</td></tr>

3592

</table>

3593

</blockquote></td></tr></table>

3594

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.20 (remm)/Other"></a><a name="Tomcat_6.0.20_(remm)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

3595

3596

3597

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46351">46351</a>: Refactor the build script. Patch provided by Marc

Guillemot. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46910">46910</a>: Properties files corrupted by build process. (remm)

3602

</td></tr>

3603

3604

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46915">46915</a>: When resolving ResourceBundle properties, don't claim

3605

to have resolved the property unless we really have resolved it. (markt)

3606

</td></tr>

3607

3608

Fix .pdf and .exe corruption in -src.tar.gz distribution. (markt)

3609

</td></tr>

3610

3611

Enable running Tomcat directly from the build directory on linux

systems. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3616

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)"></a><a name="Tomcat_6.0.19_(remm)"><strong>Tomcat 6.0.19 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

3617

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Catalina"></a><a name="Tomcat_6.0.19_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

3618

3619

3620

Manager application prints FAIL if application was deployed but failed to start (fhanik)

3621

</td></tr>

3622

3623

When shutdown port is disabled, print user friendly message and not a stack trace. (fhanik)

3624

</td></tr>

3625

3626

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37458">37458</a>: Correct sync issue that leads to NPE in rare

3627

circumstances. Patch provided by Konstantin Kolinko. (markt)

3628

</td></tr>

3629

3630

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38553">38553</a>: Return 401 rather than 400 if client does not present

3631

a certificate CLIENT-CERT authentication. (markt)

3632

</td></tr>

3633

3634

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38570">38570</a>: When checking docBase against appBase, make sure we

3635

check for an exact match against the appBase. (markt)

3636

</td></tr>

3637

3638

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39013">39013</a>: When testing for invalid docBase, test for an exact

3639

match with the appBase dir. (markt)

3640

</td></tr>

3641

3642

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39396">39396</a>: Don't include TRACE in OPTIONS response unless we

3643

know it hasn't been disabled in the connector. (markt)

3644

</td></tr>

3645

3646

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42747">42747</a>: Ensure context.xml takes effect on first deployment

3647

for WAR and DIR deployments. context.xml is now copied to

3648

CATALINA_BASE/<engine name>/<host name> for DIR as well as

3649

WAR deployments. (markt)

3650

</td></tr>

3651

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43071">43071</a>: Start poller before acceptor (r719267)</td></tr>

3652

3653

Fix read/write timeout of async comet operations

(r719264)

</td></tr>

Implement async close behaviour for Comet/NIO.

3658

No-op for APR (same behavior as before)

(r719262)

</td></tr>

Default thread count for HTTP connectors is 200. (r713186)

3663

</td></tr>

3664

3665

Comet should always invoke END and properly invoke READ (r713174)

3666

</td></tr>

3667

3668

Fix class cast exception when shutting down a replicated context but no cluster has been configured in server.xml (r713177)

3669

</td></tr>

3670

3671

Dererence socket when its no longer used. Frees up socket buffers and memory. No functional change. (r713175)

3672

</td></tr>

3673

3674

Correct wrong "No role found" debug message,

3675

logged in RealmBase even if a role was found. (rjung)

3676

</td></tr>

3677

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44809">44809</a>: Improve AprLifecycleListener Error Messages. (jfclere)</td></tr>

3678

3679

Log AccessControlException for context specific logging.properties

3680

during startup with security manager. (rjung)

3681

</td></tr>

3682

3683

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41407">41407</a>: Add CLIENT-CERT support to the JAAS Realm. (markt)

3684

</td></tr>

3685

3686

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42409">42409</a>: Make custom and standard error page handling

3687

consistent by using resetBuffer() which will not alter previously set

headers. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42673">42673</a>: Fix SSI virtual includes for multi-level contexts.

3692

Patch provided by Peter Jodeleit. (markt)

3693

</td></tr>

3694

3695

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42707">42707</a>: Make adding a host alias via JMX take effect

immediately. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43656">43656</a>: Correct regression in previous fix for this bug. Patch

3700

provided by Nils Eckert. (markt)

3701

</td></tr>

3702

3703

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45419">45419</a>: Set Accept-Ranges for static resources served by

3704

DefaultServlet. (markt)

3705

</td></tr>

3706

3707

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45441">45441</a>: Correctly map filters for FORWARD and INCLUDE. (markt)

3708

</td></tr>

3709

3710

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45447">45447</a>: Convert Spanish resource files to use UTF-8 and provide

3711

translations where previously missing. Patch provided by Jesus Marin.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45453">45453</a>: Remove potential race condition in JDBC Realm.

3716

Based on a patch by Santtu Hyrkk. (markt)

3717

</td></tr>

3718

3719

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45576">45576</a>: Add DIGEST support to the JAAS Realm. (markt)

3720

</td></tr>

3721

3722

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45585">45585</a>: Allow Tomcat to start if using

3723

<code>$CATALINA_BASE</code> but not JULI. Patch based on a suggestion by

3724

Ian Ward Comfort. (markt)

3725

</td></tr>

3726

3727

The JAAS Realm did not assign roles to authenticated users. (markt)

3728

</td></tr>

3729

3730

Provide full stacktrace and message when the ErrorReportValveClass can't

3731

be instantiated. (funkman)

3732

</td></tr>

3733

3734

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45608">45608</a>: Make allocated servlet count synchronized to ensure

3735

the correct allocated servlet count is available during shutdown.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45628">45628</a>: When checking MANIFEST dependancies, JARs without

3740

dependencies should allows be considered to be full-filled. (markt)

3741

</td></tr>

3742

3743

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45735">45735</a>: Improve ETag handling. (remm)

3744

</td></tr>

3745

3746

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45785">45785</a>: Ignore directories named xxx.jar in WEB-INF/lib.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45823">45823</a>: Log missing request headers as '-' not 'null'. Based

3751

on a patch by Per Landberg. (markt)

3752

</td></tr>

3753

3754

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45825">45825</a>: Correctly handle annotations in parent classes. Based

3755

on a patch by Florent Benoit. (markt)

3756

</td></tr>

3757

3758

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45906">45906</a>: Further ETag handling improvements. Patch provided by

3759

Chris Hubick. (markt)

3760

</td></tr>

3761

3762

Add the CombinedRealm that enables authentication to be attempted

3763

against multiple realms. (markt)

3764

</td></tr>

3765

3766

Add the LockOutRealm that enables a standard Realm to be wrapped with

3767

the functionality to lock out a user after too many failed logins.

(markt)

</td></tr>

Make the upper size limit of the static resource cache configurable

3772

since the default of <code>cacheMaxSize/20</code> gave too high a value

3773

for large caches. (markt)

3774

</td></tr>

3775

3776

Fix HTML decoding error in SSI processing. (markt)

3777

</td></tr>

3778

3779

Fix cast error in JULI log factory. (markt)

3780

</td></tr>

3781

3782

Fix some thread safety issues in date formatting. (markt)

3783

</td></tr>

3784

3785

Fix a String comparison bug in the digester property replacement that

3786

resulted in non-optimal operation. (markt)

3787

</td></tr>

3788

3789

Correct handle multi-level contexts defined using context.xml files.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45933">45933</a>: Don't use xml parser from web-app to process tld

files. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45951">45951</a>: Support changing of JSESSIONID cookie name and

3798

jsessionid path parameter name. Based on a patch by Jean-frederic Clere.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46011">46011</a>: Make Principal accessible (if set) via

3803

<code>Subject.getSubject(AccessController.getContext())</code> when

3804

processing filters. Based on a patch by tsveg1. (markt)

3805

</td></tr>

3806

3807

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46075">46075</a>: When uploading files, don't create buffers at the

3808

maximum configured size. Use the default size and let the buffers grow

3809

to the maximum size if necessary. (markt)

3810

</td></tr>

3811

3812

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46085">46085</a>: Fix a rare thread safety issue with session

expiration. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46096">46096</a>: Support annotation processing whilst running under a

3817

security manager. (markt)

3818

</td></tr>

3819

3820

The invoker servlet has been deprecated and will be removed in Tomcat 7

onwards. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46105">46105</a>: Correctly set URI encoding when replaying a request

3825

after FORM authentication. (markt)

3826

</td></tr>

3827

3828

Remove unnecessary reference to commons-logging from the bootstrap JAR

manifest. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46232">46232</a>: Enabled the XMl parser to be over-ridden using the

3833

standard endorsed mechanism. (markt)

3834

</td></tr>

3835

3836

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46261">46261</a>: Treat %2F in a context name literally rather than

3837

converting it (inconsistently) to '/' - that is what '#' is for. (markt)

3838

</td></tr>

3839

3840

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46298">46298</a>: Throw an SQLException with a useful message rather

3841

than a NPE if the URL for the JDBCRealm is invalid. Based on a patch by

3842

Owen Jacobson. (markt)

3843

</td></tr>

3844

3845

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46304">46304</a>: Further fixes to make Principal accessible (if set)

3846

via <code>Subject.getSubject(AccessController.getContext())</code> when

3847

processing filters. (markt)

3848

</td></tr>

3849

3850

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46403">46403</a>: Provide a workaround for an IE and Safari bug that

3851

means the Max-Age attribute of a cookie is ignored. (markt)

3852

</td></tr>

3853

3854

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46408">46408</a>: Fix invalid cast in security utility package. (markt)

3855

</td></tr>

3856

3857

Remove duplicate normalisation implementations and make normalise

3858

behaviour consistent throughout code base. (markt)

3859

</td></tr>

3860

3861

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46683">46683</a>: Fix typo in French localisation file name for the

3862

org.apache.catalina.loader package. (markt)

3863

</td></tr>

3864

3865

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46606">46606</a>: Make the max DEPTH for a WebDAV request configurable.

3866

The default is still 3. (markt)

3867

</td></tr>

3868

3869

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44382">44382</a>: Add support for using httpOnly for session cookies.

3870

This is disabled by default. (markt/fhanik)

3871

</td></tr>

3872

3873

Fix possible NCDFE when using FORM authentication. (jfclere)

3874

</td></tr>

3875

3876

Fix possible synchronisation bottleneck in cookie creation. (markt)

3877

</td></tr>

3878

3879

Fix various spelling errors reported on the mailing lists. (markt)

3880

</td></tr>

3881

3882

Make the logging manager and properties file configurable via

3883

environment variables. (fhanik)

3884

</td></tr>

3885

</table>

3886

</blockquote></td></tr></table>

3887

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Coyote"></a><a name="Tomcat_6.0.19_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

3888

3889

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45154">45154</a>:

3890

Implement SEND_FILE behavior for SSL connections using NIO (fhanik)

3891

</td></tr>

3892

3893

Fix file descriptor leak during NIO send file behavior. (fhanik)

3894

</td></tr>

3895

3896

Implement usage of keyAlias attribute for NIO, previously attribute was ignored. (fhanik)

3897

</td></tr>

3898

3899

Prevent server from calling close on an already closed NIO socket. One that had timed out. (fhanik)

3900

</td></tr>

3901

3902

Fix bug with SEND_FILE behavior in NIO. Send file would delay until selector timed out, even though socket was ready to be written. (fhanik)

3903

</td></tr>

3904

3905

Fix possible NPE in NioEndpoint.java (fhanik)

3906

</td></tr>

3907

3908

Update tc-native to 1.1.15 in build.properties.default (jfclere)

3909

</td></tr>

3910

3911

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43327">43327</a>: Socket bind fails when using APR on a system with IPv6

3912

enabled but no explicit IPv6 address configured. (markt/jfclere)

3913

</td></tr>

3914

3915

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44285">44285</a>: Make the SSL session cache size and timeout

3916

configurable. (markt)

3917

</td></tr>

3918

3919

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45074">45074</a>: Add configuration parameters to enable the tuning

3920

of sendfile and poller thread count in the APR HTTP connector. Patch

3921

provided by Alex Barclay. (jfclere/markt)

3922

</td></tr>

3923

3924

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45528">45528</a>: Add detection for invalid SSL configuration to prevent

3925

infinite logging loop on start-up. (markt)

3926

</td></tr>

3927

3928

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45591">45591</a>: NPE on start-up failure in some cases. Based on a

3929

patch by Matt Passell. (markt)

3930

</td></tr>

3931

3932

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46077">46077</a>: Expose deferAccept for configuration. Patch provided

3933

by Michael Leinartas. (markt)

3934

</td></tr>

3935

3936

Don't swallow input if we know the connection is going to be closed. (billbarker)

3937

</td></tr>

3938

3939

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46125">46125</a>: Return a status code of 400 if the request headers are

too large. (markt)

</td></tr>

Make certain that classes are first loaded by trusted code when working in a sandbox. (billbarker)

3944

</td></tr>

3945

3946

Log a message if we reach maxThreads in a connector thread pool. (markt)

3947

</td></tr>

3948

3949

Enable the thread pool limits to be modified via JMX. (markt)

3950

</td></tr>

3951

3952

Fix HTTP/1.0 redirects handling with APR AJP connector. (remm)

3953

</td></tr>

3954

3955

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46666">46666</a>: keepAliveTimeout should be used regardless of setting

3956

of disableUploadTimeout. (markt)

3957

</td></tr>

3958

</table>

3959

</blockquote></td></tr></table>

3960

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Jasper"></a><a name="Tomcat_6.0.19_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

3961

3962

3963

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=36923">36923</a>: Treat EL expressions as template text if EL

3964

expressions are disabled. (markt)

3965

</td></tr>

3966

3967

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37515">37515</a>: Support 1.6 and 1.7 as source and target for

compilation. (markt)

</td></tr>

ClassCastException in EL ExpressionBuilder. (rjung)

3972

</td></tr>

3973

3974

Use more generics in EL to improve type safety. (rjung)

3975

</td></tr>

3976

3977

Use a lookahead to remove potential ambiguity in EL parsing. (markt)

3978

</td></tr>

3979

3980

Correct typo in JSP EL examples. (markt)

3981

</td></tr>

3982

3983

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38197">38197</a>: Take account of jsp:attribute elements when pooling

tags. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42077">42077</a>: Ensure the iterator returned by

3988

javax.el.CompositeELResolver#getFeatureDescriptor() skips any null

3989

FeatureDescriptors. Patch provided by Mathias Broekelmann. (markt)

3990

</td></tr>

3991

3992

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42693">42693</a>: Fix JSP generation error with recursive tag file

structure. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45427">45427</a>: Correctly handle unmatched quotes in EL expressions.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45511">45511</a>: The failure of the <code>empty</code> keyword was a

4001

regression caused by the previous fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42565">42565</a>. The original

4002

fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42565">42565</a> has been reverted and a new fix applied.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45648">45648</a>: Don't trim the last character when parsing the EL

namespace. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45666">45666</a>: Prevent infinite loop on include. (markt)

4011

</td></tr>

4012

4013

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45691">45691</a>: Prevent generation of duplicate variable names when

4014

generating code for JSPs. (markt)

4015

</td></tr>

4016

4017

Correct signed/unsigned conversion error in ASCII parsing. (markt)

4018

</td></tr>

4019

4020

Fix various edge-cases when parsing EL, particularly inside attribute

4021

values. Note the the Expert Group has confirmed that JSP.1.6 takes

4022

precedence over JSP.1.3.10. Therefore EL in attributes must be escaped

twice. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46047">46047</a>: Include the path to the JAR when recording

4027

dependencies that are located inside a JAR file. Patch provided by

4028

Cédric Mailleux. (markt)

4029

</td></tr>

4030

4031

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46381">46381</a>: Composite expressions used for attribute values must

4032

be coerced to Strings. (markt)

4033

</td></tr>

4034

4035

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46397">46397</a>: Don't pool tag instances that implement JspIdConsumer.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46462">46462</a>: Limit package test to just the o.a.jsp package to

4040

allow use of packages such as o.a.jspwiki. (markt)

4041

</td></tr>

4042

4043

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46471">46471</a>: Fix naming clash when tags in different libraries have

4044

the same name. (markt)

4045

</td></tr>

4046

4047

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46564">46564</a>: Make page encoding check for tagx compilation

4048

case-insensitive. (markt)

4049

</td></tr>

4050

</table>

4051

</blockquote></td></tr></table>

4052

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Cluster"></a><a name="Tomcat_6.0.19_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4053

4054

4055

Prevent NPE for ReplicationValve (pero)

4056

</td></tr>

4057

4058

Provide TCP only start-up option when using static membership. (fhanik)

4059

</td></tr>

4060

4061

Document the multicast recovery options. (fhanik)

4062

</td></tr>

4063

4064

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45261">45261</a>: Add a new SimpleCoordinator for tribes provided by

4065

Robert Newson. (markt)

4066

</td></tr>

4067

4068

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45618">45618</a>: Make sure NIO selector is closed when no longer used.

4069

Unlikely to be an issue in normal usage. (markt)

4070

</td></tr>

4071

4072

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45851">45851</a>: Fix out of order message processing issues with the

4073

FarmWarDeployer. (markt)

4074

</td></tr>

4075

4076

Fix small memory leak in FarmWarDeployer. (markt)

4077

</td></tr>

4078

4079

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46357">46357</a>: Corrected test for host's parent must be an engine.

(markt)

</td></tr>

Fix so that JvmrouteBinderValve can rewrite session suffix with parallel

4084

requests from same client. (pero)

4085

</td></tr>

4086

</table>

4087

</blockquote></td></tr></table>

4088

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Web applications"></a><a name="Tomcat_6.0.19_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4089

4090

4091

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45940">45940</a>: Correct name of username attribute for JDBC resources

4092

in JNDI how to. (markt)

4093

</td></tr>

4094

4095

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46035">46035</a>: Fix multiple typos in monitoring how to. (markt)

4096

</td></tr>

4097

4098

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46067">46067</a>: Fix typos in Advanced IO how to. (markt)

4099

</td></tr>

4100

4101

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46115">46115</a>: Correct Manager UI to show that path is required when

4102

using the deploy command. (markt)

4103

</td></tr>

4104

4105

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46121">46121</a>: Add note to manager documentation regarding possible

4106

naming clash with new Ant 1.7 resources datatype and how to avoid it.

(markt)

</td></tr>

Remove unsed parameters from Native/APR example connector configuration

in docs. (markt)

</td></tr>

Use CSS based solution for printer-friendly docs. Patch provided by

4115

vitezslav.smid as part of GSoc with additional work by Tim Funk. (markt)

4116

</td></tr>

4117

4118

Update the FAQ linsk in the docs to refer to the wiki. Use xlst task

4119

rather than style task to generate docs. (funkman/markt)

4120

</td></tr>

4121

4122

Document the LifecycleListeners. (markt)

4123

</td></tr>

4124

4125

Fix broken URL mapping in the examples. (markt)

4126

</td></tr>

4127

4128

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46563">46563</a>: Update doc for correct default for pollerThreadCount.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46600">46600</a>: Document maxKeepAliveRequests for the NIO connector.

(markt)

</td></tr>

Fix CVE-2009-0781. XSS in calendar example. (markt)

4137

</td></tr>

4138

</table>

4139

</blockquote></td></tr></table>

4140

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.19 (remm)/Other"></a><a name="Tomcat_6.0.19_(remm)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4141

4142

4143

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41861">41861</a>: Update service name to Apache Tomcat 6 to prevent

4144

conflicts with previous major Tomcat versions. (markt/rjung)

4145

</td></tr>

4146

4147

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45852">45852</a>: Add special handling for cp932 (aka ms932) when

4148

creating tomcat-users.xml with Windows installer. (markt)

4149

</td></tr>

4150

4151

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45878">45878</a>: Restore manifest, licence and notice files to the jsp

4152

and servlet jars. (markt)

4153

</td></tr>

4154

4155

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45879">45879</a>: Move NOTICE file from documentation webapp to the

4156

installation directory. (markt)

4157

</td></tr>

4158

4159

Add a workaround for DBCP-191. Tomcat will now build without error on a

4160

1.6 JDK but because it does this by skipping DBCP, release builds must

4161

be generated with a 1.5 JDK. (costin/markt)

4162

</td></tr>

4163

4164

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46366">46366</a>: Correct information in RUNNING.txt regarding use of

4165

CATALINA_HOME and CATALINA_BASE. (markt)

4166

</td></tr>

4167

4168

Use more useful JPDA defaults in catalina.bat. (markt)

4169

</td></tr>

4170

4171

Correct error in 2.5 web-app XSD.

4172

</td></tr>

4173

</table>

4174

</blockquote></td></tr></table>

4175

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)"></a><a name="Tomcat_6.0.18_(remm)"><strong>Tomcat 6.0.18 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2008-07-31</strong></font></td></tr><tr><td colspan="2"><blockquote>

4176

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)/Catalina"></a><a name="Tomcat_6.0.18_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4177

4178

4179

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42727">42727</a>: Correctly handle request lines that are exact

4180

multiples of 4096 in length. Patch provided by Will Pugh. (markt)

4181

</td></tr>

4182

4183

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42678">42678</a>: Only ignore docBase if it really is a subdir of

4184

appBase. Patch provided by juergen. (markt)

4185

</td></tr>

4186

4187

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42722">42722</a>: Possible NPE in CGI Servlet. (markt)

4188

</td></tr>

4189

4190

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45285">45285</a>: Look for annotations in class hierarchy. (markt)

4191

</td></tr>

4192

4193

Add additional checks for URI normalization. (remm)

4194

</td></tr>

4195

</table>

4196

</blockquote></td></tr></table>

4197

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)/Jasper"></a><a name="Tomcat_6.0.18_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4198

4199

4200

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42565">42565</a>: Make EL ternary expression without space before colon

4201

work. Patch provided by Lucas Galfaso. (markt)

4202

</td></tr>

4203

</table>

4204

</blockquote></td></tr></table>

4205

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)/Web applications"></a><a name="Tomcat_6.0.18_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4206

4207

4208

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45323">45323</a>: Add note that context.xml files can only contain a

4209

single Context element. (markt)

4210

</td></tr>

4211

</table>

4212

</blockquote></td></tr></table>

4213

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)/Cluster"></a><a name="Tomcat_6.0.18_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4214

4215

4216

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45317">45317</a>: Properly document and log the value of the state transfer timeout flag (fhanik)

4217

</td></tr>

4218

</table>

4219

</blockquote></td></tr></table>

4220

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.18 (remm)/Other"></a><a name="Tomcat_6.0.18_(remm)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4221

4222

4223

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45332">45332</a>: Specify the correct encoding (the current Windows code

4224

page) rather than assuming UTF-8 when creating tomcat-users.xml with the

4225

Windows installer. (markt)

4226

</td></tr>

4227

</table>

4228

</blockquote></td></tr></table>

4229

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)"></a><a name="Tomcat_6.0.17_(remm)"><strong>Tomcat 6.0.17 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

4230

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/General"></a><a name="Tomcat_6.0.17_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

4231

4232

4233

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45315">45315</a>: Add Unix support for NSIS. (remm)

4234

</td></tr>

4235

</table>

4236

</blockquote></td></tr></table>

4237

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Catalina"></a><a name="Tomcat_6.0.17_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4238

4239

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45272">45272</a>: Put in work around for Internet Explorer not accepting a quoted Path: value using the Set-Cookie header (fhanik)</td></tr>

4240

4241

APR connector now adds connection to poller after using send file.

(remm)

</td></tr>

Add ManagerBase session getLastAccessedTimestamp and

4246

getCreationTimestamp for better remote JMX access. (pero)

4247

</td></tr>

4248

4249

Expose alwaysSend flag for message dispatch interceptor. (fhanik)

4250

</td></tr>

4251

4252

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=29936">29936</a>: Create digesters and parsers earlier so we aren't

4253

using the webapp class loader when we create them. (markt)

4254

</td></tr>

4255

4256

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42662">42662</a>: Properly resolve reflection proxies during session

4257

replication. (fhanik)

4258

</td></tr>

4259

4260

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42750">42750</a>: Request line should be tolerant of multiple

4261

whitespaces. (markt/fhanik)

4262

</td></tr>

4263

4264

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42934">42934</a>: Change the order of events on context start so

4265

<code>contextInitialized()</code> event is fired before

4266

<code>sessionDidActivate()</code>. The spec isn't 100% clear on the

4267

required order but this seems more logical than the current behaviour.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43079">43079</a>: Fix identification of suspicious URL patterns. Patch

4272

provided by John Kew. (markt)

4273

</td></tr>

4274

4275

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43080">43080</a>: Log suspicious URL patterns to the correct web app.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43117">43117</a>: Setting an empty workDir could result in all of

4280

CATALINA_HOME being deleted. Patch provided by Takayuki Kaneko. (markt)

4281

</td></tr>

4282

4283

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43142">43142</a>: Don't assume a directory named xxx.war is a war file.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43150">43150</a>: Allow Tomcat to start correctly when installed on a

4288

path that contains a # character. (markt)

4289

</td></tr>

4290

4291

The fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43285">43285</a> had the side-effect of coercing

4292

<code>null</code> values to zero. This side-effect has been made

4293

configurable with a system property,

4294

<code>org.apache.el.parser.COERCE_TO_ZERO</code> which defaults to

4295

<code>true</code>. Patch provided by Nils Eckert. (markt)

4296

</td></tr>

4297

4298

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43343">43343</a>: Correctly handle requesting a session we are in the

4299

middle of persisting. Based on a suggestion by Wade Chandler. (markt)

4300

</td></tr>

4301

4302

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43425">43425</a>: Make annotations spec compliant. Patch provided by

4303

Dain Sundstrom. (markt)

4304

</td></tr>

4305

4306

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43470">43470</a>: Fix various class cast exceptions. Based on a patch

4307

by Lucas Galfaso. (markt)

4308

</td></tr>

4309

4310

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43578">43578</a>: Fix startup when installation path contains a space.

4311

Patch provided by Ray Sauers. (markt)

4312

</td></tr>

4313

4314

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43683">43683</a>: Fix 404 that could occur if a Servlet is accessed

4315

while the context is reloading. (markt)

4316

</td></tr>

4317

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td>ExtendedAccessLogValve cs-uri not print empty querystring. (pero)

4318

</td></tr>

4319

4320

ServletContext.getResource("noslash/resource") only requires forward

4321

slash if STRICT_SERVLET_COMPLIANCE flag is set to true. This mimics the

4322

behavior of 6.0.15 and earlier. (fhanik)

4323

</td></tr>

4324

4325

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44021">44021</a>: Add support for using the # character to define

4326

multi-level contexts in WARs and directories in the appBase. (markt)

4327

</td></tr>

4328

4329

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44282">44282</a>: Fix TRACE level class loader logging message when a

4330

security manager is used. (markt)

4331

</td></tr>

4332

4333

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44337">44337</a>: Dir listing crashes if no readme-file present.

(funkman)

</td></tr>

If listener declared in web.xml, only add it once. (funkman)

4338

</td></tr>

4339

4340

Fix NPE when iterating through sessions for expiration. (fhanik/jim)

4341

</td></tr>

4342

4343

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44380">44380</a>: Don't scan non-file URLs for TLDs. Patch provided by

4344

Florent Benoit. (markt)

4345

</td></tr>

4346

4347

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44389">44389</a>: Fix memory leak that occurred if using a

4348

RequestDispatcher. Patch provided by Arto Huusko. (markt)

4349

</td></tr>

4350

4351

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44529">44529</a>: Correct handling of resource constraints so no roles

4352

(deny all) overrides no aoth-constraint (allow all). (markt)

4353

</td></tr>

4354

4355

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44562">44562</a>: HEAD requests cannot use includes. Patch provided by

4356

David Jencks. (markt)

4357

</td></tr>

4358

4359

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44595">44595</a>: Add possibility to request the QueueSize of an

4360

executor via JMX. (jfclere)

4361

</td></tr>

4362

4363

Fix CGI Servlet so it correctly reads the environment variables on

Vista. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44611">44611</a>: DirContextURLConnection didn't implement

4368

getHeaderFields(), getHeaderField(String name) was case sensitive and

4369

returned "" rather than null for header values that did not exist. Patch

4370

provided by Chris Hubick. (markt)

4371

</td></tr>

4372

4373

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44633">44633</a>: Provide a more helpful error message if a class can't

4374

be loaded due to a version error. (rjung/markt)

4375

</td></tr>

4376

4377

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44646">44646</a>: Correct various issues, including an ISE, in

4378

CometConnectionManagerValve. (markt)

4379

</td></tr>

4380

4381

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44673">44673</a>: ServletInputStream is no longer readable once closed.

(markt)

</td></tr>

Better handling of lack of permission for context specific logging.

(markt)

</td></tr>

Add permission required to read JDK logging config. (markt)

4390

</td></tr>

4391

4392

Update web.xml to reflect packaging of SSI and CGI. (markt)

4393

</td></tr>

4394

4395

Add missing access check for ThreadWithAttributes. (markt)

4396

</td></tr>

4397

4398

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44833">44833</a>: Correctly override StandardSession methods from

4399

DeltaSession. (fhanik)

4400

</td></tr>

4401

4402

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44943">44943</a>: Use the same engine name in server.xml comments to

4403

reduce copy and pastes issues. (markt)

4404

</td></tr>

4405

4406

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44988">44988</a>: Use Java5 syntax for debug options. Patch provided

4407

by Cédrik Lime. (markt)

4408

</td></tr>

4409

4410

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45101">45101</a>: Format header dates obtained from

4411

<code>DirContextURLConnection</code> as per the HTTP spec. Patch

4412

provided by Chris Hubick. (markt)

4413

</td></tr>

4414

4415

A new valve, <code>org.apache.catalina.valves.WebdavFixValve</code>,

4416

that forces MS clients connecting to the WebDAV Servlet on port 80 to

4417

use a client that works rather than the default broken one. (markt)

4418

</td></tr>

4419

4420

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45195">45195</a>: Passing in null into setAttribute or removeAttribute

cause NPE. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4425

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Coyote"></a><a name="Tomcat_6.0.17_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4426

4427

4428

NIO: Fix bug in NIO sendfile, symptoms during heavy traffic is that

4429

connection don't get closed. For previous versions, one can disable

4430

sendfile to work around the problem. (fhanik)

4431

</td></tr>

4432

4433

APR: Allow to specify the "random device" to use to collect the entropy.

(jfclere)

</td></tr>

Fix NIO/SSL live lock during client disconnect. (fhanik)

4438

</td></tr>

4439

4440

Fix possible ArrayIndexOutOfBoundsException. Patch provided by Charles R

4441

Caldarale. (markt/jim)

4442

</td></tr>

4443

4444

Add support for keystore types that do not need a file. Based on a patch

4445

by Bruno Harbulot. (markt)

4446

</td></tr>

4447

4448

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43094">43094</a>: Allow specification of keystore providers. Based on a

4449

patch by Bruno Harbulot. (markt)

4450

</td></tr>

4451

4452

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43191">43191</a>: Make it possible to override the defaults with the

4453

compressableMimeType attribute. Based on a patch by Len Popp. (markt)

4454

</td></tr>

4455

4456

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44391">44391</a>: Correct handling of escaped values in SSI processing.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44392">44392</a>: HTML entities now handled correctly in SSI processing.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44558">44558</a>: Improve error message so address is included if

4465

binding fails. (markt)

4466

</td></tr>

4467

4468

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44494">44494</a>: Character input limited to 8KB. (remm)

4469

</td></tr>

4470

4471

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44620">44620</a>: Infinite loop in NIO connector. (markt)

4472

</td></tr>

4473

4474

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44785">44785</a>: Correctly document default maxThreads for AJP

connector. (markt)

</td></tr>

Log errors for AJP signoffs at DEBUG level,

4479

since it is harmless if mod_jk has hung up the phone. (billbarker)

4480

</td></tr>

4481

4482

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44968">44968</a>: Provide more information when the load of a keystore

fails. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4487

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Jasper"></a><a name="Tomcat_6.0.17_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4488

4489

4490

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=31257">31257</a>: Quote endorsed dirs if they contain a space. (markt)

4491

</td></tr>

4492

4493

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42943">42943</a>: Make sure nested element is inside <jsp:text>

4494

element before throwing exception. (markt)

4495

</td></tr>

4496

4497

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43617">43617</a>: Correctly escape attribute values in tag files.

4498

Based on a patch by Lucas Galfaso. (markt)

4499

</td></tr>

4500

4501

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43656">43656</a>: Fix various numeric coercion bugs. Includes a patch by

4502

Nils Eckert and fixes related issues identified in a test case provided

4503

by Konstantin Kolinko. (markt)

4504

</td></tr>

4505

4506

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43741">43741</a>: Correctly handle dependencies for tag files in JARs.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44408">44408</a>: Reduce synchronisation when evaluating EL expressions.

4511

Patch provided by Robert Andersson. (markt)

4512

</td></tr>

4513

4514

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44428">44428</a>: Fix possible NPE during serialization. (markt)

4515

</td></tr>

4516

4517

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44766">44766</a>: EL doesn't coerce custom Number subclasses. (markt)

4518

</td></tr>

4519

4520

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44877">44877</a>: Prevent collisions on tag pool names. (markt)

4521

</td></tr>

4522

4523

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44986">44986</a>: Make page encoding consistency checks

4524

case-insensitive. (markt)

4525

</td></tr>

4526

4527

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44994">44994</a>: Enable nested conditional expressions in JSP EL. Patch

4528

provided by James Manger. (markt)

4529

</td></tr>

4530

4531

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45015">45015</a>: You can't use an unescaped quote if you quote the

4532

value with that character. (markt/fhanik)

4533

</td></tr>

4534

4535

Add HTML filtering of error messages for included resources in case the

4536

app has tried to include an unsafe URL that does not exist. This is

4537

really an app responsibility but the filtering has been added for XSS

safety. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4542

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Web applications"></a><a name="Tomcat_6.0.17_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4543

4544

4545

Update documentation to use correct version number, correct file paths

4546

and to use $CATALINA_BASE rather than $CATALINA_HOME where applicable.

(markt/jim)

</td></tr>

Add a section on available system property configuration options.

(markt)

</td></tr>

Amend the JNDI datasource doc to reflect new value for no limit used by

4555

updated commons-pool and commons-DBCP. (markt)

4556

</td></tr>

4557

4558

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43333">43333</a>: Fix errors in sendfile documentation. (markt)

4559

</td></tr>

4560

4561

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43366">43366</a>: Provide backwards compatibility for manager sessions

command. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44541">44541</a>: Document packetSize attribute for AJP connector.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44715">44715</a>: Document secret attribute for AJP connector. (markt)

4570

</td></tr>

4571

4572

Fix some links in the ROOT application that are broken if ROOT is

renamed. (markt)

</td></tr>

Align the Realm documentation so that both the configuration and the

4577

how-to are consistent. (markt)

4578

</td></tr>

4579

4580

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45277">45277</a>: Fix typo in logging docs. (markt)

4581

</td></tr>

4582

</table>

4583

</blockquote></td></tr></table>

4584

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Cluster"></a><a name="Tomcat_6.0.17_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4585

4586

4587

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45212">45212</a>: AbstractReplicatedMap.entrySet() now returns entries

4588

rather than vaules. (markt)

4589

</td></tr>

4590

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=45279">45279</a>: Properly close multicast socket.</td></tr>

4591

4592

Fix session replication dead lock during non sticky load balancing.

(fhanik)

</td></tr>

</table>

</blockquote></td></tr></table>

4597

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.17 (remm)/Other"></a><a name="Tomcat_6.0.17_(remm)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4598

4599

4600

Improve the Tests for unit tests for the cookie issues. (jfclere)

4601

</td></tr>

4602

4603

Fix build for JavaDoc. Patch provided by Stephen Bannasch. (markt)

4604

</td></tr>

4605

4606

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44955">44955</a>: Use correct location for endorsed directory in Windows

installer. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4611

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)"></a><a name="Tomcat_6.0.16_(remm)"><strong>Tomcat 6.0.16 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2008-02-08</strong></font></td></tr><tr><td colspan="2"><blockquote>

4612

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/General"></a><a name="Tomcat_6.0.16_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

4613

4614

4615

Update commons-logging to version 1.1.1 and the NSIS installer to 2.34.

(markt)

</td></tr>

Update to commons-pool version 1.4, native version 1.1.12 and update

4620

the download location for the commons libraries. (markt)

4621

</td></tr>

4622

4623

Change chunked input parsing, always parse CRLF directly after a chunk has been

4624

received, except if data is not available. If data is not available for CRLF

4625

parsing, we run into BZ 11117, and must defer the parsing of CRLF to the next read event.

4626

This fixes the incorrect blocking when using CometProcessor and the draining data during the READ event

4627

where it before would block incorrectly waiting for the next chunk (fhanik)

4628

</td></tr>

4629

4630

The CometProcessor interface now extends the javax.servlet.Servlet interface(fhanik)

4631

</td></tr>

4632

4633

Fix CVE-2007-5342 by limiting permissions granted to JULI. (markt)

4634

</td></tr>

4635

4636

Fix handling of CometEvent.close when called during BEGIN event (fhanik)

4637

</td></tr>

4638

4639

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43594">43594</a>: Use setenv from CATALINA_BASE (if set) in preference

4640

to the one in CATALINA_HOME. Patch provided by Shaddy Baddah.

(markt/jim)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43692">43692</a>: Clean up unused entries from build scripts. Patch

4645

provided by Paul Shemansky. (markt)

4646

</td></tr>

4647

4648

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43775">43775</a>: Don't try to change line endings of binary files in

4649

the source distribution. (markt)

4650

</td></tr>

4651

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43846">43846</a>:

4652

Fix block simulated read and writes causing timeouts.

4653

Add non blocking parsing of HTTP request headers.

4654

Perf improvements(fhanik)

4655

</td></tr>

4656

4657

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43957">43957</a>: Service.bat doesn't configure logging correctly. Patch

4658

provided by Richard Fearn. (markt/jim)

4659

</td></tr>

4660

4661

Cookie handling/parsing changes!

4662

The following behavior has been changed with regards to Tomcat's cookie handling

4663

a) Cookies containing control characters, except 0x09(HT), are rejected using an InvalidArgumentException <br>

4664

b) If cookies are not quoted, they will be quoted if they contain tspecials(ver0), tspecials2(ver1) characters<br>

4665

c) Escape character '\\' is allowed and respected as a escape character, will be unescaped during parsing

4666

</td></tr>

4667

4668

Cookie parsing of $Version regression from 6.0.15 has been fixed

4669

</td></tr>

4670

4671

The script that builds the windows installer was including additional

4672

files due to the way it processes recurrsive file selectors. The

4673

selectors have been modified to only include the intended files. (markt)

4674

</td></tr>

4675

</table>

4676

</blockquote></td></tr></table>

4677

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/Catalina"></a><a name="Tomcat_6.0.16_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4678

4679

4680

Fix ManagerServlet.expireSessions throws Exceptions as iterate longer

4681

session lists at production servers. (pero)

4682

</td></tr>

4683

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38131">38131</a>: WatchedResource doesn't work if app is outside host appbase webapps.

4684

Patch provided by Peter Lynch (pero)

4685

</td></tr>

4686

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Add -Dorg.apache.catalina.tribes.dns_lookups=false as default. The ability to turn off reverse DNS lookups for membership.(fhanik)</td></tr>

4687

4688

Set correct StandardManager.sessionCounter after reload/restart. (pero)

4689

</td></tr>

4690

4691

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42503">42503</a>: ServletContext.getResourceAsStream() could return

4692

stale data. Patch provided by Arvind Srinivasan. (funkman/jim)

4693

</td></tr>

4694

4695

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43236">43236</a>: When resetting the response, also reset the flags

4696

associated with using a writer or an output stream to allow the user to

4697

change character set after the reset. (markt)

4698

</td></tr>

4699

4700

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43241">43241</a>: Make ServletContext.getResourceAsStream() conform to

4701

the specification. Patch provided by John Kew. (markt)

4702

</td></tr>

4703

4704

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43530">43530</a>: doc link fixes provided by Paul Shemansky (funkman)

4705

</td></tr>

4706

4707

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43675">43675</a>: Fix a possible logging related classloader leak.

4708

(markt)

4709

</td></tr>

4710

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43687">43687</a>: Remove conditional headers on Form Auth replay,

4711

since the UA (esp. FireFox) isn't expecting it.

4712

</td></tr>

4713

4714

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43706">43706</a>: WebDAV copy/move now returns 201 on success. Based on

4715

a patch by Panagiotis Astithas. (markt)

4716

</td></tr>

4717

4718

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43840">43840</a>: Include user principal if possible when serializing /

4719

de-serializing sessions. (markt)

4720

</td></tr>

4721

4722

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43868">43868</a>: MBean methods getInvoke and getSetter were broken.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43887">43887</a>: Make error messages much more helpful when illegal

4727

Servlet names are used. Based on a patch provided by Mike Baranczak.

(markt)

</td></tr>

Fix a bug that causes CGI Servlet to fail when it is included. (markt)

4732

</td></tr>

4733

4734

Improve the webDAV Servlet Javadocs to make clear that the WebDAV

4735

Servlet can not be used as the default servlet. (markt)

4736

</td></tr>

4737

4738

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43993">43993</a>: mime mapping for WS-Policy. Patch by Fabian Ritzmann (funkman)

4739

</td></tr>

4740

4741

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44041">44041</a>: Fix duplicate class definition under load. (markt)

4742

</td></tr>

4743

4744

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44084">44084</a>: JASSRealm was broken for application provided

4745

Principals. Patch provided by Noah Levitt. (markt)

4746

</td></tr>

4747

4748

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44223">44223</a>: Use the javax.net.ssl.trustStoreType setting if no

4749

explicit connector configuration is provided and the property is set.

(markt/jim)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44268">44268</a>: Log a warning if a duplicate listener configuration is

ignored. (markt/jim)

</td></tr>

</table>

</blockquote></td></tr></table>

4758

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/Coyote"></a><a name="Tomcat_6.0.16_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4759

4760

4761

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43622">43622</a>: Don't overwrite the min compression size set by the

4762

compression attribute with the default. (markt/jim)

4763

</td></tr>

4764

4765

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43839">43839</a>: URL based session tracking failed when a session

4766

cookie from a parent context was present. Based on a patch by Yuan

Qingyun. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43914">43914</a>: URLs in location headers should be encoded. Patch

4771

provided by Ivan Todoroski. (markt)

4772

</td></tr>

4773

</table>

4774

</blockquote></td></tr></table>

4775

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/Jasper"></a><a name="Tomcat_6.0.16_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4776

4777

4778

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43285">43285</a>: Missing EL Coercion causes argument type mismatch.

4779

Patch provided by Bernhard Huemer. (funkman/jim)

4780

</td></tr>

4781

4782

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43675">43675</a>: Fix a possible logging related classloader leak.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43702">43702</a>: Inner class files have unnecessarily long names.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43743">43743</a>: Fix NPE when compiling nest tag files packaged in a

JAR. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43757">43757</a>: Rather than use string matching to work out the line

4795

in the JSP with the error, use the SMAP info and the knowledge that for

4796

a scriptlet there is a one to one line mapping. (markt/jim)

4797

</td></tr>

4798

4799

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43758">43758</a>: Fix NPE when scripting elements are empty. (markt)

4800

</td></tr>

4801

4802

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43909">43909</a>: Make sure locale maps to wrapped ELContext. Patch

4803

provided by Tuomas Kiviaho. (markt)

4804

</td></tr>

4805

4806

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43944">43944</a>: Fix a missing resource exception. (markt)

4807

</td></tr>

4808

4809

Improve docs for Jasper configuration. Put options in alphabetcial

4810

order, add some missing options, deprecate an unused one and address

4811

feedback about the page provided on the users list.

4812

</td></tr>

4813

</table>

4814

</blockquote></td></tr></table>

4815

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/Web applications"></a><a name="Tomcat_6.0.16_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4816

4817

4818

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43173">43173</a>: Fix typo in logging documentation regarding location

4819

of logging.properties. (markt)

4820

</td></tr>

4821

4822

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43344">43344</a>: Fix typo in if.jsp example. Patch provided by Tim

Nowaczyk. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43468">43468</a>: Fix possible NPE when listing contexts in the Manager

application. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43515">43515</a>: Fix bug in Manager application that may have caused

4831

problems when listing contexts. Patch provided by Lucas Galfaso. (markt)

4832

</td></tr>

4833

4834

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43611">43611</a>: Provide an error message if user tries to upload a war

4835

for a context defined in server.xml rather than failing silently.

(markt/jim)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43800">43800</a>: Make relationship between APR and the native connector

clearer. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44088">44088</a>: Fix expire session button in manager. (markt)

4844

</td></tr>

4845

4846

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=44094">44094</a>: Add a note about the side effects of configuring a

4847

context as privileged. (markt)

4848

</td></tr>

4849

4850

Update JNDI documentation to refer to configuring contexts via

4851

context.xml rather than server.xml. (markt/jim)

4852

</td></tr>

4853

</table>

4854

</blockquote></td></tr></table>

4855

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.16 (remm)/Cluster"></a><a name="Tomcat_6.0.16_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4856

4857

4858

Fix FarmWarDeployer can be only configured as host subelement (pero)

4859

</td></tr>

4860

4861

Fix wrong && at ReplicationValve (pero)

4862

</td></tr>

4863

4864

Add get/set methods for properties in the Tcp Failure detector.

(fhanik/jim)

</td></tr>

</table>

</blockquote></td></tr></table>

4869

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)"></a><a name="Tomcat_6.0.15_(remm)"><strong>Tomcat 6.0.15 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

4870

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/General"></a><a name="Tomcat_6.0.15_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

4871

4872

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Fix the MD5 file contents in distribution</td></tr>

4873

4874

Add ANT script to be able to publish signed Tomcat JAR's to ASF Maven repo (fhanik)

4875

</td></tr>

4876

4877

Use Eclipse JDT 3.3.1. (pero)

4878

</td></tr>

4879

</table>

4880

</blockquote></td></tr></table>

4881

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Catalina"></a><a name="Tomcat_6.0.15_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4882

4883

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Guess java location from the PATH environment and improve fix for 37284</td></tr>

4884

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Add NIO connector to server.xml parsing warning, remove Connector as exception case</td></tr>

4885

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43653">43653</a>: Fix SSL buffer mixup when response is unable to write more than socket buffer can handle</td></tr>

4886

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43643">43643</a>: If connector doesn't support external executor, display warning</td></tr>

4887

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43641">43641</a>: Property bind multicast address for cluster membership</td></tr>

4888

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42693">42693</a>: Fix JSP compiler bug</td></tr>

4889

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td>Add mbean descriptor for virtual webapp loader</td></tr>

4890

<tr><td><img alt="fix" class="icon" src="./images/fix.gif"></td><td><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43487">43487</a>:

4891

Fix request processing stats

4892

</td></tr>

4893

4894

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43435">43435</a>: Don't iterate and relocate sessions if they are not part of the map.

4895

</td></tr>

4896

4897

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43356">43356</a>: Keystore parameter is relative to CATALINA_BASE,

4898

Truststore is either defined as parameter, javax.net.ssl.trustStore or if empty

4899

defaults to the keystore.

4900

SSL Client cert authentication changed from boolean to "true|false|want" (fhanik)

4901

</td></tr>

4902

4903

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=30949">30949</a>: Improve previous fix. Ensure requests are re-cycled

4904

on cross-context includes and forwards when an exception occurs in the

target page. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42944">42944</a>: Correctly handle servlet mappings that use a '+'

4909

character as part of the url pattern. (markt)

4910

</td></tr>

4911

4912

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42951">42951</a>: Don't use CATALINA_OPTS when stopping Tomcat. This

4913

allows options for starting and stopping to be set on JAVA_OPTS and

4914

options for starting only to be set on CATALINA_OPTS. Without this

4915

fix, some startup options (eg the port for remote JMX) would cause

4916

stop to fail. Based on a fix suggested by Michael Vorburger.

4917

Port of r454193 (<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=36976">36976</a>) from Tomcat 5.5.x. (markt,rjung)

4918

</td></tr>

4919

4920

Validation of attributes and elements used in server.xml. (remm)

4921

</td></tr>

4922

4923

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43175">43175</a>: Fix typos in servlet XSD files. Patch provided by

4924

Takayuki Kaneko. (markt)

4925

</td></tr>

4926

4927

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43216">43216</a>: Set correct StandardSession#accessCount as StandardSession.ACTIVITY_CHECK is true.

4928

Patch provided by Takayuki Kaneko (pero)

4929

</td></tr>

4930

4931

Made session createTime accessible for all SessionManager via JMX (pero)

4932

</td></tr>

4933

4934

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43129">43129</a>: Support logging of all response header values at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero)

4935

</td></tr>

4936

4937

Support logging of all response header values at ExtendedAccessLogValve (ex. add x-O(Set-Cookie) to your pattern). (pero)

4938

</td></tr>

4939

4940

Support logging of current thread name at AccessLogValve (ex. add %I to your pattern).

4941

Usefull to compare access logging entry later with a stacktraces. (pero)

4942

</td></tr>

4943

4944

Improve large-file support (more then 4 Gb) at all AccessLogValves, backport from 5.5.25. (pero)

4945

</td></tr>

4946

4947

Optimized JDBCAccessLogValve combined pattern request attribute access. (pero)

4948

</td></tr>

4949

4950

o.a.juli.ClassLoaderLogManager handle more then one system property replacement at file logging.properties. (pero)

4951

</td></tr>

4952

4953

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43338">43338</a>: Support '*' servlet-name mapping at filter-mapping.

4954

Patch provided by Keiichi Fujino. (pero)

4955

</td></tr>

4956

4957

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41797">41797</a>: CNFE/NPE thrown from function mapper when externalizing

4958

Patch by Tuomas Kiviaho- tuomas.kiviahos at ikis fi (funkman)

4959

</td></tr>

4960

4961

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43453">43453</a>: ClassCastException at

4962

org.apache.catalina.core.StandardContext.findStatusPage(int)

(funkman)

</td></tr>

Fix important vulnerability when webdav is enabled for write. (markt)

4967

</td></tr>

4968

4969

Call stopAwait in StandardServer.stop if port == -1. (pero)

4970

</td></tr>

4971

4972

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43668">43668</a>: Fix NPE when the outer most wrapper is a ServletRequest/ResponseWrapper, but not a HttpServletRequest/ResponseWrapper on a Forward. (billbarker)

4973

</td></tr>

4974

</table>

4975

</blockquote></td></tr></table>

4976

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Coyote"></a><a name="Tomcat_6.0.15_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4977

4978

4979

Harmonize with HTTP java.io code. Otherwise the socket is not closed.

4980

</td></tr>

4981

4982

In the APR connector, start accepting connections after fully starting

4983

the connector, to prevent possible exceptions due to non initialized fields. (remm)

4984

</td></tr>

4985

4986

Cookie parser refactoring, submitted by John Kew. (remm)

4987

</td></tr>

4988

4989

Make cookie escaping / unescaping consistent. (markt)

4990

</td></tr>

4991

4992

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43479">43479</a>: Memory leak cleaning up sendfile connections, submitted by Chris Elving. (remm)

4993

</td></tr>

4994

4995

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42925">42925</a>: Add maintain for sendfile. (remm)

4996

</td></tr>

4997

4998

Fix explicit flush before response commit in the org.apache.jk AJP connector. (pero)

4999

</td></tr>

5000

5001

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43621">43621</a>: Fix possible Dos condition when using the experimental NIO/AJP Connector (billbarker)

5002

</td></tr>

5003

</table>

5004

</blockquote></td></tr></table>

5005

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Jasper"></a><a name="Tomcat_6.0.15_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5006

5007

5008

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37326">37326</a>: No error reported when an included page does not

exist. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5013

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Web applications"></a><a name="Tomcat_6.0.15_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5014

5015

5016

Fix WebDAV Servlet so it works correctly with MS clients. (markt)

5017

</td></tr>

5018

5019

Fix CVE-2007-5461, an important information disclosure vulnerability in

5020

the WebDAV Servlet. Based on a patch by Marc Schoenefeld. (markt)

5021

</td></tr>

5022

5023

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42979">42979</a>: Update sample.war to include recent security fixes

5024

in the source code. (markt)

5025

</td></tr>

5026

5027

Minor connector doc fix. (jfclere)

5028

</td></tr>

5029

</table>

5030

</blockquote></td></tr></table>

5031

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Cluster"></a><a name="Tomcat_6.0.15_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5032

5033

5034

Set correct BioReceiver transfer buffer size. (pero)

5035

</td></tr>

5036

</table>

5037

</blockquote></td></tr></table>

5038

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.15 (remm)/Other"></a><a name="Tomcat_6.0.15_(remm)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

5039

5040

5041

Tests for unit tests for the cookie issues. (jfclere)

5042

</td></tr>

5043

</table>

5044

</blockquote></td></tr></table>

5045

5046

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)"></a><a name="Tomcat_6.0.14_(remm)"><strong>Tomcat 6.0.14 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2007-08-13</strong></font></td></tr><tr><td colspan="2"><blockquote>

5047

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)/General"></a><a name="Tomcat_6.0.14_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5048

5049

5050

Correct j.u.l log levels in JULI docs. (rjung)

5051

</td></tr>

5052

</table>

5053

</blockquote></td></tr></table>

5054

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)/Catalina"></a><a name="Tomcat_6.0.14_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5055

5056

5057

Handle special case of ROOT when re-loading webapp after ROOT.xml has

5058

been modified. In some circumstances the reloaded ROOT webapp had no

5059

associated resources. (markt)

5060

</td></tr>

5061

5062

Remove invalid attribute "encoding" of MBean MemoryUserDatabase,

5063

which lead to errors in the manager webapp JMXProxy output. (rjung)

5064

</td></tr>

5065

5066

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=33774">33774</a>: Retry JNDI authentiction on ServiceUnavailableException

5067

as at least one provider throws this after an idle connection has been

closed. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39875">39875</a>: Fix BPE in RealmBase.init(). Port of yoavs's fix from

Tomcat 5. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41722">41722</a>: Make the role-link element optional (as required by

5076

the spec) when using a security-role-ref element. (markt)

5077

</td></tr>

5078

5079

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42361">42361</a>: Handle multi-part forms when saving requests during

5080

FORM authentication process. Patch provided by Peter Runge. (markt)

5081

</td></tr>

5082

5083

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42401">42401</a>: Update RUNNING.txt with better JRE/JDK information.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42444">42444</a>: prevent NPE for AccessLogValve

5088

Patch provided by Nils Hammar (funkman)

5089

</td></tr>

5090

5091

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42449">42449</a>:

5092

JNDIRealm does not catch NullPointerException for Sun's

5093

LDAP provider (See bug for details) (funkman)

5094

</td></tr>

5095

5096

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42497">42497</a>: Ensure ETag header is present in a 304 response.

5097

Patch provided by Len Popp. (markt)

5098

</td></tr>

5099

5100

Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host

5101

Manager. Reported by Daiki Fukumori. (markt)

5102

</td></tr>

5103

5104

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42547">42547</a>: Fix NPE when a ResourceLink in context.xml tries to

5105

override an env-entry in web.xml. (markt)

5106

</td></tr>

5107

5108

Avoid some casting in ErrorReportValve (remm)

5109

</td></tr>

5110

5111

Fix persistence API annotation, submitted by Bill Burke (remm)

5112

</td></tr>

5113

5114

In Comet mode, if bytes are not read, send an error event (otherwise,

5115

fields referring to the connection could remain) (remm)

5116

</td></tr>

5117

5118

Fix Comet when running Tomcat with the security manager (remm)

5119

</td></tr>

5120

</table>

5121

</blockquote></td></tr></table>

5122

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)/Jasper"></a><a name="Tomcat_6.0.14_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5123

5124

5125

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39425">39425</a>: Add additional system property permission to

5126

catalina.policy for pre-compiled JSPs. (markt)

5127

</td></tr>

5128

5129

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42438">42438</a>: Duplicate temporary variables were created when

5130

jsp:attribute was used in conjunction with custom tags. Patch provided

5131

by Brian Lenz. (markt)

5132

</td></tr>

5133

5134

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42643">42643</a>: Prevent creation of duplicate JSP function mapper

variables. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5139

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)/Coyote"></a><a name="Tomcat_6.0.14_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5140

5141

5142

Separate sequence increment from getter in ThreadPool to avoid

5143

misleading increments during monitoring via JMX. (rjung)

5144

</td></tr>

5145

5146

Add back missing socketBuffer attribute in the java.io HTTP connector (remm)

5147

</td></tr>

5148

</table>

5149

</blockquote></td></tr></table>

5150

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.14 (remm)/Web applications"></a><a name="Tomcat_6.0.14_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5151

5152

5153

Don't write error on System.out, use log() instead. (rjung)

5154

</td></tr>

5155

5156

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39813">39813</a>: Correct handling of new line characters in JMX

5157

attributes. Patch provided by R Bramley. Ported from tc5.5.x r415029. (markt,rjung)

5158

</td></tr>

5159

5160

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42459">42459</a>: Fix Tomcat Web Application Manager table error. (rjung)

5161

</td></tr>

5162

5163

Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.

5164

Reported by Toshiharu Sugiyama. (markt)

5165

</td></tr>

5166

</table>

5167

</blockquote></td></tr></table>

5168

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.13 (remm)"></a><a name="Tomcat_6.0.13_(remm)"><strong>Tomcat 6.0.13 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2007-05-15</strong></font></td></tr><tr><td colspan="2"><blockquote>

5169

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.13 (remm)/Catalina"></a><a name="Tomcat_6.0.13_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5170

5171

5172

More accurate available() method. (remm)

5173

</td></tr>

5174

5175

Add recycle check in the event object, since it is a facade like the others. (remm)

5176

</td></tr>

5177

5178

When processing a read event, enforce that the servlet consumes all available bytes. (remm)

5179

</td></tr>

5180

5181

Add a flag in ContainerBase which could be used in embedded scenarios to avoid a double start

5182

of contexts (this problem generally occurs when adding contexts to a started host). (remm)

5183

</td></tr>

5184

5185

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42309">42309</a>: Ability to create a connector using a custom protocol specification for embedded.

(fhanik)

</td></tr>

Add SSL engine flag to AprLifecycleListener. (fhanik)

5190

</td></tr>

5191

5192

Improve event processing, so that an END event is generated when encountering EOF, and an

5193

ERROR is always generated on client disconnects. (remm)

5194

</td></tr>

5195

5196

Add declarations for the new XSD files. (remm)

5197

</td></tr>

5198

</table>

5199

</blockquote></td></tr></table>

5200

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.13 (remm)/Coyote"></a><a name="Tomcat_6.0.13_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5201

5202

5203

Add heartbeatBackgroundEnabled flag to SimpleTcpCluster.

5204

Enable this flag don't forget to disable the channel heartbeat thread (pero)

5205

</td></tr>

5206

5207

Possible memory leak when using comet, caused by adding the socket to the poller before

5208

cleaning up the connection tracking structure. (remm)

5209

</td></tr>

5210

5211

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42308">42308</a>: nextRequest recycles the request, which caused issues with statistics. (remm)

5212

</td></tr>

5213

5214

Fix non recycled comet flag in the APR connector. (remm)

5215

</td></tr>

5216

</table>

5217

</blockquote></td></tr></table>

5218

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.13 (remm)/Cluster"></a><a name="Tomcat_6.0.13_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5219

5220

5221

Add heartbeatBackgroundEnabled flag to SimpleTcpCluster.

5222

Enable this flag don't forget to disable the channel heartbeat thread (pero)

5223

</td></tr>

5224

5225

Method name cleanup. (fhanik)

5226

</td></tr>

5227

</table>

5228

</blockquote></td></tr></table>

5229

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.13 (remm)/Web applications"></a><a name="Tomcat_6.0.13_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5230

5231

5232

Some examples webapp fixes. Submitted by Frank McCown. (remm)

5233

</td></tr>

5234

</table>

5235

</blockquote></td></tr></table>

5236

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)"></a><a name="Tomcat_6.0.12_(remm)"><strong>Tomcat 6.0.12 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

5237

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/General"></a><a name="Tomcat_6.0.12_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5238

5239

5240

License source headers. Submitted by Niall Pemberton. (remm)

5241

</td></tr>

5242

</table>

5243

</blockquote></td></tr></table>

5244

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/Catalina"></a><a name="Tomcat_6.0.12_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5245

5246

5247

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42039">42039</a>: Log a stack trace if a servlet throws an

5248

UnavailableException. Patch provided by Kawasima Kazuh. (markt)

5249

</td></tr>

5250

5251

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41990">41990</a>: Add some additional mime-type mappings. (markt)

5252

</td></tr>

5253

5254

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41655">41655</a>: Fix message translations. Japanese translations

5255

provided by Suzuki Yuichiro. (markt)

5256

</td></tr>

5257

5258

Add enabled attribute to AccessLogValve (pero)

5259

</td></tr>

5260

5261

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42085">42085</a>: Avoid adding handlers for the root logger twice when they are explicitly

specified. (remm)

</td></tr>

Reduce thread local manipulation in the request dispatcher. Submitted by

5266

Arvind Srinivasan. (remm)

5267

</td></tr>

5268

5269

Avoid keeping references to loggers tied to the webapp classloaders after a reload in

5270

a couple more places. (remm)

5271

</td></tr>

5272

5273

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42202">42202</a>: Fix container parsing of TLDs in webapps when Tomcat is installed in

5274

a URL encodable path. (remm)

5275

</td></tr>

5276

</table>

5277

</blockquote></td></tr></table>

5278

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/Coyote"></a><a name="Tomcat_6.0.12_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5279

5280

5281

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42119">42119</a>: Fix return value for request.getCharacterEncoding() when

5282

Content-Type headers contain parameters other than charset. Patch by

5283

Leigh L Klotz Jr. (markt)

5284

</td></tr>

5285

5286

Move away from using a thread local processor for the APR and java.io

5287

connectors, as this does not work well when using an executor. (remm)

5288

</td></tr>

5289

5290

Remove Comet timeout hack in the APR connector. Comet connections will now

5291

use the regular timeout or the keepalive timeout if specified. (remm)

5292

</td></tr>

5293

</table>

5294

</blockquote></td></tr></table>

5295

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/Web applications"></a><a name="Tomcat_6.0.12_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5296

5297

5298

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42025">42025</a>: Update valve documentation to refer to correct regular

5299

expression implementation. (markt)

5300

</td></tr>

5301

5302

Fix various paths in the manager webapps (remm)

5303

</td></tr>

5304

5305

Session viewer and editor for the HTML manager. Submitted by Cédrik Lime. (remm)

5306

</td></tr>

5307

5308

Session handling tools for the manager. Submitted by Rainer Jung. (remm)

5309

</td></tr>

5310

</table>

5311

</blockquote></td></tr></table>

5312

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/Jasper"></a><a name="Tomcat_6.0.12_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5313

5314

5315

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41869">41869</a>: TagData.getAttribute() should return

5316

TagData.REQUEST_TIME_VALUE when the attribute value is an EL expression.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42071">42071</a>: Fix IllegalStateException on multiple requests to

5321

an unavailable JSP. Patch provided by Kawasima Kazuh. (markt)

5322

</td></tr>

5323

5324

After a JSP throws an UnavailableException allow it to be accessed once

5325

the unavailable period has expired. (markt)

5326

</td></tr>

5327

</table>

5328

</blockquote></td></tr></table>

5329

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.12 (remm)/Cluster"></a><a name="Tomcat_6.0.12_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5330

5331

5332

Add toString method to better logging session replication message at tribes MESSAGES (pero)

5333

</td></tr>

5334

</table>

5335

</blockquote></td></tr></table>

5336

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)"></a><a name="Tomcat_6.0.11_(remm)"><strong>Tomcat 6.0.11 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

5337

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)/General"></a><a name="Tomcat_6.0.11_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5338

5339

5340

Update DBCP to 1.2.2, pool to 1.3, JDT to 3.2.2 and remove collections

5341

build dependency (pero, remm)

5342

</td></tr>

5343

</table>

5344

</blockquote></td></tr></table>

5345

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)/Catalina"></a><a name="Tomcat_6.0.11_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5346

5347

5348

Don't log pattern subtoken at ExtendedAccesLogValve (pero)

5349

</td></tr>

5350

5351

Add some missing JMX attributes for new AccessLogValve (pero)

5352

</td></tr>

5353

5354

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41786">41786</a>: Incorrect reference to catalina_home in catalina.sh/bat Patch provided by Mike Hanafey (fhanik)

5355

</td></tr>

5356

5357

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41703">41703</a>: SingleSignOnMessage invalid setter, patch provided by Nils Hammar (fhanik)

5358

</td></tr>

5359

5360

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41682">41682</a>: ClassCastException when logging is turned on (fhanik)

5361

</td></tr>

5362

5363

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41530">41530</a>: Don't log error messages when connector is stopped (fhanik)

5364

</td></tr>

5365

5366

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41166">41166</a>: Invalid handling when using replicated context (fhanik)

5367

</td></tr>

5368

5369

Added SENDFILE support for the NIO connector. (fhanik) <br>

5370

</td></tr>

5371

5372

Added support for shared thread pools by adding in the <Executor>

5373

element as a nested element to the <Service> element. (fhanik)

5374

</td></tr>

5375

5376

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41666">41666</a>: Correct handling of boundary conditions for

5377

If-Unmodified-Since and If-Modified-Since headers. Patch provided by

5378

Suzuki Yuichiro. (markt)

5379

</td></tr>

5380

5381

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41739">41739</a>: Correct handling of servlets with a load-on-startup

5382

value of zero. These are now the first servlets to be started. (markt)

5383

</td></tr>

5384

5385

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41747">41747</a>: Correct example ant script for deploy task. (markt)

5386

</td></tr>

5387

5388

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41752">41752</a>: Correct error message on exception in MemoryRealm.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39883">39883</a>: Add documentation warning about using antiResourceLocking

5393

on a webapp outside the Host's appBase. (yoavs)

5394

</td></tr>

5395

5396

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40150">40150</a>: Ensure user and roll classnames are validated on startup. Patch by

Tom. (yoavs)

</td></tr>

Refactor extend access log valve using the optimized access log valve. Submitted by

5401

Takayuki Kaneko. (remm)

5402

</td></tr>

5403

5404

Possible deadlock in classloading when defining packages. (remm)

5405

</td></tr>

5406

5407

Remove excessive syncing from listener support. (remm)

5408

</td></tr>

5409

5410

Web services support. The actual factory implementations are implemented in the

5411

extras. Submitted by Fabien Carrion. (remm)

5412

</td></tr>

5413

5414

Add logging to display APR capabilities on the platform. (remm)

5415

</td></tr>

5416

5417

Expose executors in JMX. (remm)

5418

</td></tr>

5419

5420

CRLF inside a URL pattern is always invalid. (remm)

5421

</td></tr>

5422

5423

Tweak startup time display. (remm)

5424

</td></tr>

5425

5426

Adjustments to handling exceptions with Comet. (remm)

5427

</td></tr>

5428

5429

If the event is closed asynchronously, generate an end event for cleanup on the

next event. (remm)

</td></tr>

Cleanup hello webapp from the docs and fix a XSS issue in the JSP. (remm)

5434

</td></tr>

5435

5436

Examples webapp cleanup. Submitted by Takayuki Kaneko and Markus Schönhaber. (remm)

5437

</td></tr>

5438

5439

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41289">41289</a>: Create configBase, since it is no longer created elsewhere.

5440

Submitted by Shiva Kumar H R. (remm)

5441

</td></tr>

5442

</table>

5443

</blockquote></td></tr></table>

5444

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)/Coyote"></a><a name="Tomcat_6.0.11_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5445

5446

5447

Fixed NIO memory leak caused by the NioChannel cache not working properly.

5448

</td></tr>

5449

5450

Added flag to enable/disable the usage of the pollers selector instead of a Selector pool

5451

when the serviet is reading/writing from the input/output streams

5452

The flag is <code>-Dorg.apache.tomcat.util.net.NioSelectorShared=true</code>

5453

</td></tr>

5454

5455

Requests with multiple content-length headers are now rejected. (markt)

5456

</td></tr>

5457

5458

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41675">41675</a>: Add a couple of DEBUG-level logging statements to Http11Processors

5459

when sending error responses. Patch by Ralf Hauser. (yoavs)

5460

</td></tr>

5461

5462

Reuse digester used by the modeler. (remm)

5463

</td></tr>

5464

5465

When the platform does not support deferred accept, put accepted sockets in the

poller. (remm)

</td></tr>

Fix problem with blocking reads for keepalive when using an executor (the number

5470

of busy threads is always 0). (remm)

5471

</td></tr>

5472

5473

The poller now has good performance, so remove firstReadTimeout. (remm)

5474

</td></tr>

5475

5476

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42119">42119</a>: Fix return value for request.getCharacterEncoding() when

5477

Content-Type headers contain parameters other than charset. Patch by

5478

Leigh L Klotz Jr. (markt)

5479

</td></tr>

5480

</table>

5481

</blockquote></td></tr></table>

5482

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)/Web applications"></a><a name="Tomcat_6.0.11_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5483

5484

5485

Fix previous update to servlet 2.5 xsd to use correct declaration.

(markt)

</td></tr>

Update host configuration document for new behaviour for directories

in appBase. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39540">39540</a>: Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)

5494

</td></tr>

5495

</table>

5496

</blockquote></td></tr></table>

5497

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.11 (remm)/Jasper"></a><a name="Tomcat_6.0.11_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5498

5499

5500

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41227">41227</a>: Add a bit of DEBUG-level logging to JspC so users know

5501

which file is being compiled. (yoavs)

5502

</td></tr>

5503

5504

Remove some dead utility code, and refactor stream capture as part of the Ant compiler. (remm)

5505

</td></tr>

5506

5507

Support the trim directive of JSP 2.1 as an equivalent of Jasper's own parameter. (remm)

5508

</td></tr>

5509

5510

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41790">41790</a>: Close file stream used to read the Java source. (remm)

5511

</td></tr>

5512

5513

Fix reporting of errors which do not correspond to a portion of the JSP source. (remm)

5514

</td></tr>

5515

5516

Remove try/catch usage for annotation processing in classic tags. The usage

5517

of the log method might have been questionable as well. (remm)

5518

</td></tr>

5519

5520

Cleanup of the message that is displayed for compilation errors. (remm)

5521

</td></tr>

5522

5523

Skip BOM when reading a JSP file. (remm)

5524

</td></tr>

5525

</table>

5526

</blockquote></td></tr></table>

5527

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.10 (remm)"></a><a name="Tomcat_6.0.10_(remm)"><strong>Tomcat 6.0.10 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2007-02-28</strong></font></td></tr><tr><td colspan="2"><blockquote>

5528

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.10 (remm)/Catalina"></a><a name="Tomcat_6.0.10_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5529

5530

5531

Unify usage of security manager flag, submitted by Arvind Srinivasan. (remm)

5532

</td></tr>

5533

5534

Fix formatting of CGI variable SCRIPT_NAME. (markt)

5535

</td></tr>

5536

5537

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41521">41521</a>: Support * for servlet-name, submitted by Paul McMahan. (remm)

5538

</td></tr>

5539

5540

Cache getServletContext value, submitted by Arvind Srinivasan. (remm)

5541

</td></tr>

5542

5543

Add options for handling special URL characters in paths, and disallow '\' and encoded '/'

5544

due to possible differences in behavior between Tomcat and a front end webserver. (remm)

5545

</td></tr>

5546

5547

Fix bad comparison for FORM processing, submitted by Anil Saldhana. (remm)

5548

</td></tr>

5549

5550

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41608">41608</a>: Make log levels consistent when Servlet.service()

5551

throws an exception. (markt)

5552

</td></tr>

5553

</table>

5554

</blockquote></td></tr></table>

5555

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.10 (remm)/Coyote"></a><a name="Tomcat_6.0.10_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5556

5557

5558

Reduce usage of MessageBytes.getLength(), submitted by Arvind Srinivasan. (remm)

5559

</td></tr>

5560

</table>

5561

</blockquote></td></tr></table>

5562

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.10 (remm)/Jasper"></a><a name="Tomcat_6.0.10_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5563

5564

5565

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41558">41558</a>: Don't call synced method on every request, submitted by Arvind Srinivasan. (remm)

5566

</td></tr>

5567

5568

Switch to a thread local page context pool. (remm)

5569

</td></tr>

5570

</table>

5571

</blockquote></td></tr></table>

5572

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)"></a><a name="Tomcat_6.0.9_(remm)"><strong>Tomcat 6.0.9 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>beta, 2007-02-08</strong></font></td></tr><tr><td colspan="2"><blockquote>

5573

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)/General"></a><a name="Tomcat_6.0.9_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5574

5575

5576

Use 2.5 xsd in Tomcat webapps. (markt)

5577

</td></tr>

5578

5579

Compression filter improvements, submitted by Eric Hedström. (markt)

5580

</td></tr>

5581

</table>

5582

</blockquote></td></tr></table>

5583

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)/Catalina"></a><a name="Tomcat_6.0.9_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5584

5585

5586

Properly return connector names. (remm)

5587

</td></tr>

5588

5589

Remove logging of the XML validation flag. (remm)

5590

</td></tr>

5591

5592

Correct error messages for context.xml. (markt)

5593

</td></tr>

5594

5595

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41217">41217</a>: Set secure flag correctly on SSO cookie, submitted by

5596

Chris Halstead. (markt)

5597

</td></tr>

5598

5599

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40524">40524</a>: request.getAuthType() now returns CLIENT_CERT rather

5600

than CLIENT-CERT. (markt)

5601

</td></tr>

5602

5603

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40526">40526</a>: Return support for JPDA_OPTS to catalina.bat and add

5604

a new option JPDA_SUSPEND, submitted by by Kurt Roy. (markt)

5605

</td></tr>

5606

5607

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41265">41265</a>: In embedded, remove the code that resets checkInterval

5608

values of zero to 300. (markt)

5609

</td></tr>

5610

</table>

5611

</blockquote></td></tr></table>

5612

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)/Coyote"></a><a name="Tomcat_6.0.9_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5613

5614

5615

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37869">37869</a>: Fix getting client certificate, submitted by Christophe Pierret. (remm)

5616

</td></tr>

5617

5618

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40960">40960</a>: Throw a timeout exception when getting a timeout rather than a

5619

generic IOE, submitted by Christophe Pierret. (remm)

5620

</td></tr>

5621

</table>

5622

</blockquote></td></tr></table>

5623

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)/Jasper"></a><a name="Tomcat_6.0.9_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5624

5625

5626

EL validation fixes for attributes. (remm)

5627

</td></tr>

5628

5629

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41327">41327</a>: Show full URI for a 404. (markt)

5630

</td></tr>

5631

5632

JspException now uses getCause() as the result for getRootCause(). (markt)

5633

</td></tr>

5634

</table>

5635

</blockquote></td></tr></table>

5636

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.9 (remm)/Cluster"></a><a name="Tomcat_6.0.9_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5637

5638

5639

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41466">41466</a>: When using the NioChannel and SecureNioChannel its

5640

important to use the channels buffers. (fhanik)

5641

</td></tr>

5642

</table>

5643

</blockquote></td></tr></table>

5644

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.8 (remm)"></a><a name="Tomcat_6.0.8_(remm)"><strong>Tomcat 6.0.8 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>alpha</strong></font></td></tr><tr><td colspan="2"><blockquote>

5645

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.8 (remm)/Catalina"></a><a name="Tomcat_6.0.8_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5646

5647

5648

Make provided instances of RequestDispatcher thread safe. (markt)

5649

</td></tr>

5650

5651

Optional development oriented loader implementation. (funkman)

5652

</td></tr>

5653

5654

Optimized access log valve, submitted by Takayuki Kaneko. (remm)

5655

</td></tr>

5656

5657

Fix error messages when parsing context.xml that incorrectly referred to

web.xml. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41217">41217</a>: Set secure attribute on SSO cookie when cookie is

5662

created during a secure request. Patch provided by Chris Halstead.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40524">40524</a>: HttpServletRequest.getAuthType() now returns

5667

CLIENT_CERT rather than CLIENT-CERT for certificate authentication

5668

as per the spec. Note that web.xml continues to use CLIENT-CERT to

5669

specify the certificate authentication should be used. (markt)

5670

</td></tr>

5671

5672

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41401">41401</a>: Add support for JPDA_OPTS to catalina.bat and add a

5673

JPDA_SUSPEND environment variable to both startup scripts. Patch

5674

provided by Kurt Roy. (markt)

5675

</td></tr>

5676

</table>

5677

</blockquote></td></tr></table>

5678

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.8 (remm)/Coyote"></a><a name="Tomcat_6.0.8_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5679

5680

5681

Use the tomcat-native-1.1.10 as recommended version.

5682

OpenSSL detection on some platforms was broken 1.1.8 will continue to work,

5683

although on some platforms there can be JVM crash if IPV6 is enabled and

5684

platform doesn't support IPV4 mapped addresses on IPV6 sockets.

5685

</td></tr>

5686

</table>

5687

</blockquote></td></tr></table>

5688

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.8 (remm)/Jasper"></a><a name="Tomcat_6.0.8_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5689

5690

5691

When displaying JSP source after an exception, handle included files.

(markt)

</td></tr>

Display the JSP source when a compilation error occurs and display

5696

the correct line number rather than start of a scriptlet block. (markt)

5697

</td></tr>

5698

5699

Fix NPE when processing dynamic attributes. (remm)

5700

</td></tr>

5701

5702

More accurate EL usage validation. (remm)

5703

</td></tr>

5704

5705

Fix regression for implicit taglib and page data version numbers. (remm)

5706

</td></tr>

5707

5708

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41265">41265</a>: Allow JspServlet checkInterval init parameter to be

5709

explicitly set to the stated default value of zero by removing the

5710

code that resets it to 300 if explicitly specified as zero. (markt)

5711

</td></tr>

5712

5713

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41327">41327</a>: Show full URI for a 404. Patch provided by Vijay.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5718

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.8 (remm)/Web applications"></a><a name="Tomcat_6.0.8_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5719

5720

5721

Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)

5722

</td></tr>

5723

5724

Update all webapps to use the servlet 2.5 xsd. (markt)

5725

</td></tr>

5726

5727

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=39572">39572</a>: Improvements to CompressionFilter example provided by

5728

Eric Hedström. (markt)

5729

</td></tr>

5730

</table>

5731

</blockquote></td></tr></table>

5732

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.7 (remm)"></a><a name="Tomcat_6.0.7_(remm)"><strong>Tomcat 6.0.7 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>beta, 2007-01-10</strong></font></td></tr><tr><td colspan="2"><blockquote>

5733

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.7 (remm)/General"></a><a name="Tomcat_6.0.7_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5734

5735

5736

Fix installer's bitmap (mturk)

5737

</td></tr>

5738

</table>

5739

</blockquote></td></tr></table>

5740

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.7 (remm)/Catalina"></a><a name="Tomcat_6.0.7_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5741

5742

5743

Refactor logging of errors which may occur when reading a post body (remm)

5744

</td></tr>

5745

</table>

5746

</blockquote></td></tr></table>

5747

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.7 (remm)/Coyote"></a><a name="Tomcat_6.0.7_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5748

5749

5750

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37869">37869</a>: Also use the SSL_INFO_CLIENT_CERT field if the chain is empty,

5751

submitted by Grzegorz Grzybek (remm)

5752

</td></tr>

5753

</table>

5754

</blockquote></td></tr></table>

5755

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.6 (remm)"></a><a name="Tomcat_6.0.6_(remm)"><strong>Tomcat 6.0.6 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>alpha</strong></font></td></tr><tr><td colspan="2"><blockquote>

5756

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.6 (remm)/General"></a><a name="Tomcat_6.0.6_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5757

5758

5759

Fix tagging which did not include 6.0.5's changelog (remm)

5760

</td></tr>

5761

</table>

5762

</blockquote></td></tr></table>

5763

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.5 (remm)"></a><a name="Tomcat_6.0.5_(remm)"><strong>Tomcat 6.0.5 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

5764

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.5 (remm)/Catalina"></a><a name="Tomcat_6.0.5_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5765

5766

5767

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40585">40585</a>: Fix parameterised constructor for o.a.juli.FileHandler

5768

so parameters have an effect. (markt)

5769

</td></tr>

5770

5771

Escape invalid characters from request.getLocale. (markt, remm)

5772

</td></tr>

5773

5774

Update required version for native to 1.1.8. (remm)

5775

</td></tr>

5776

5777

Do not log broken pipe errors which can occur when flushing the content of an error page. (remm)

5778

</td></tr>

5779

</table>

5780

</blockquote></td></tr></table>

5781

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.5 (remm)/Coyote"></a><a name="Tomcat_6.0.5_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5782

5783

5784

Fix firstReadTimeout behavior for the AJP connector. (remm)

5785

</td></tr>

5786

</table>

5787

</blockquote></td></tr></table>

5788

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.5 (remm)/Jasper"></a><a name="Tomcat_6.0.5_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5789

5790

5791

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41057">41057</a>: Make jsp:plugin output XHTML compliant. (markt)

5792

</td></tr>

5793

</table>

5794

</blockquote></td></tr></table>

5795

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.5 (remm)/Cluster"></a><a name="Tomcat_6.0.5_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5796

5797

5798

Cluster interface cleanup. (fhanik)

5799

</td></tr>

5800

5801

Refactoring to allow usage of executors. (fhanik)

5802

</td></tr>

5803

</table>

5804

</blockquote></td></tr></table>

5805

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.4 (remm)"></a><a name="Tomcat_6.0.4_(remm)"><strong>Tomcat 6.0.4 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>alpha</strong></font></td></tr><tr><td colspan="2"><blockquote>

5806

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.4 (remm)/General"></a><a name="Tomcat_6.0.4_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5807

5808

5809

Update to NSIS 2.22 (remm)

5810

</td></tr>

5811

5812

Fix regression in 6.0.3 with Windows wrapper (mturk)

5813

</td></tr>

5814

</table>

5815

</blockquote></td></tr></table>

5816

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)"></a><a name="Tomcat_6.0.3_(remm)"><strong>Tomcat 6.0.3 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

5817

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)/General"></a><a name="Tomcat_6.0.3_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5818

5819

</table>

5820

</blockquote></td></tr></table>

5821

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)/Catalina"></a><a name="Tomcat_6.0.3_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5822

5823

5824

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37509">37509</a>: Do not remove whitespace from the end of values

5825

defined in logging.properties files. (markt)

5826

</td></tr>

5827

5828

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38198">38198</a>: Add reference to Context documentation from Host

5829

documentation that explains how Context name is obtained from the

5830

Context filename. (markt)

5831

</td></tr>

5832

5833

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40844">40844</a>: Missing syncs in JDBCRealm. (markt)

5834

</td></tr>

5835

5836

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40901">40901</a>: Encode directory listing output. Based on a patch

5837

provided by Chris Halstead. (markt)

5838

</td></tr>

5839

5840

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40929">40929</a>: Correct JavaDoc for StandardClassLoader. (markt)

5841

</td></tr>

5842

5843

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41008">41008</a>: Allow POST to be used for indexed queries with CGI

5844

Servlet. Patch provided by Chris Halstead. (markt)

5845

</td></tr>

5846

5847

Fix usage of print on the servlet output stream if the processor never used

a writer (fhanik)

</td></tr>

Fix logic of sameSameObjects used to determine correct wrapping of request and

5852

response objects (fhanik)

5853

</td></tr>

5854

5855

Update TLD scan lists, and disable caching for now (remm)

5856

</td></tr>

5857

5858

Add system property to WebappClassLoader to allow disabling setting references

5859

to null when stopping it (remm)

5860

</td></tr>

5861

5862

Add clustered SSO code, submitted by Fabien Carrion (remm)

5863

</td></tr>

5864

</table>

5865

</blockquote></td></tr></table>

5866

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)/Coyote"></a><a name="Tomcat_6.0.3_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5867

5868

5869

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40860">40860</a>: Log exceptions and other problems during parameter

processing. (markt)

</td></tr>

Enable JMX for trust store attributes for SSL connector. (markt)

5874

</td></tr>

5875

5876

Port memory usage reduction changes to the java.io HTTP connector. (remm)

5877

</td></tr>

5878

5879

MessageBytes.setString(null) will remove the String value. (remm)

5880

</td></tr>

5881

5882

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41057">41057</a>: Caching large strings is not useful and takes too much

5883

memory, so don't cache these (remm)

5884

</td></tr>

5885

5886

Add keepAliveTimeout attribute to most connectors (mturk, remm)

5887

</td></tr>

5888

</table>

5889

</blockquote></td></tr></table>

5890

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)/Jasper"></a><a name="Tomcat_6.0.3_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5891

5892

5893

Relax EL type validation for litterals. (remm)

5894

</td></tr>

5895

5896

Update some version numbers to 2.1. (funkman, remm)

5897

</td></tr>

5898

5899

Add xsds for JSP 2.1 (remm)

5900

</td></tr>

5901

5902

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41106">41106</a>: Update validation checks for EL to also include

5903

legacy 1.2 tags (remm)

5904

</td></tr>

5905

</table>

5906

</blockquote></td></tr></table>

5907

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.3 (remm)/Web applications"></a><a name="Tomcat_6.0.3_(remm)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5908

5909

5910

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40677">40677</a>: Update SSL documentation to indicate that PKCS11

5911

keystores may be used. (markt)

5912

</td></tr>

5913

</table>

5914

</blockquote></td></tr></table>

5915

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.2 (remm)"></a><a name="Tomcat_6.0.2_(remm)"><strong>Tomcat 6.0.2 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>beta, 2006-11-23</strong></font></td></tr><tr><td colspan="2"><blockquote>

5916

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.2 (remm)/General"></a><a name="Tomcat_6.0.2_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5917

5918

5919

Various tweaks to distribution (remm, funkman)

5920

</td></tr>

5921

5922

Update Tomcat native to 1.1.7 (mturk)

5923

</td></tr>

5924

5925

Update to JDT 3.2.1 (remm)

5926

</td></tr>

5927

</table>

5928

</blockquote></td></tr></table>

5929

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.2 (remm)/Catalina"></a><a name="Tomcat_6.0.2_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5930

5931

5932

Fix EJB annotation interface (remm)

5933

</td></tr>

5934

</table>

5935

</blockquote></td></tr></table>

5936

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.2 (remm)/Coyote"></a><a name="Tomcat_6.0.2_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5937

5938

5939

Fix passing of the keystore password for the NIO connector (fhanik)

5940

</td></tr>

5941

</table>

5942

</blockquote></td></tr></table>

5943

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.1 (remm)"></a><a name="Tomcat_6.0.1_(remm)"><strong>Tomcat 6.0.1 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>alpha</strong></font></td></tr><tr><td colspan="2"><blockquote>

5944

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.1 (remm)/General"></a><a name="Tomcat_6.0.1_(remm)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5945

5946

5947

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37439">37439</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40823">40823</a>: Documentation cleanup (markt)

5948

</td></tr>

5949

</table>

5950

</blockquote></td></tr></table>

5951

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.1 (remm)/Catalina"></a><a name="Tomcat_6.0.1_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5952

5953

5954

Refactor exception processing using Throwable.getCause to improve exception chaining (remm)

5955

</td></tr>

5956

5957

Remove dead code involving the Logger (funkman)

5958

</td></tr>

5959

5960

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37458">37458</a>: Fix some exceptions which could happen during classloading (markt)

5961

</td></tr>

5962

5963

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40817">40817</a>: Fix CGI path (markt)

5964

</td></tr>

5965

5966

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34956">34956</a>: Add the possibility to enforce usage of request and response

5967

wrapper objects (markt)

5968

</td></tr>

5969

</table>

5970

</blockquote></td></tr></table>

5971

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.1 (remm)/Jasper"></a><a name="Tomcat_6.0.1_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5972

5973

5974

Many fixes for JSP 2.1 compliance, invloving tag files handling, deferred expressions

5975

validation, bom encoding support (remm)

5976

</td></tr>

5977

</table>

5978

</blockquote></td></tr></table>

5979

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.1 (remm)/Coyote"></a><a name="Tomcat_6.0.1_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5980

5981

5982

Many HTTP NIO connector fixes and refactorings (fhanik)

5983

</td></tr>

5984

5985

HTTP NIO connector performance improvements (fhanik)

5986

</td></tr>

5987

5988

Add packetSize option for the classic AJP connector (jfclere)

5989

</td></tr>

5990

5991

Implement explicit flushing in AJP (mturk)

5992

</td></tr>

5993

</table>

5994

</blockquote></td></tr></table>

5995

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.0 (remm)"></a><a name="Tomcat_6.0.0_(remm)"><strong>Tomcat 6.0.0 (remm)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>alpha</strong></font></td></tr><tr><td colspan="2"><blockquote>

5996

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.0 (remm)/Catalina"></a><a name="Tomcat_6.0.0_(remm)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5997

5998

5999

SSLEngine attribute added to the AprLifecycleListener(fhanik)

6000

</td></tr>

6001

6002

Add API for Comet IO handling (remm, fhanik)

6003

</td></tr>

6004

6005

Servlet 2.5 support (remm)

6006

</td></tr>

6007

</table>

6008

</blockquote></td></tr></table>

6009

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.0 (remm)/Jasper"></a><a name="Tomcat_6.0.0_(remm)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

6010

6011

6012

JSP 2.1 support (jhook, remm)

6013

</td></tr>

6014

6015

Unifed EL 2.1 support (jhook)

6016

</td></tr>

6017

</table>

6018

</blockquote></td></tr></table>

6019

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.0 (remm)/Coyote"></a><a name="Tomcat_6.0.0_(remm)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

6020

6021

6022

SSLEnabled attribute required for SSL to be turned on, on all HTTP connectors (fhanik)

6023

</td></tr>

6024

6025

Memory usage reduction for the HTTP connectors, except java.io (remm)

6026

</td></tr>

6027

6028

Modeler update to use dynamic mbeans rather than model mbeans, which consume more

resources (costin)

</td></tr>

</table>

</blockquote></td></tr></table>

6033

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 6.0.0 (remm)/Cluster"></a><a name="Tomcat_6.0.0_(remm)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

6034

6035

6036

New cluster configuration and new documentation (fhanik)

6037

</td></tr>

6038

</table>

6039

</blockquote></td></tr></table>

6040

</blockquote></td></tr></table></td></tr><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>

6041

6042

</em></font></div></td></tr></table></body></html>