Blame - webapps/docs/changelog.html - portal_platform/tomcat-cms

Cheng Tang

2014-04-27 16:37:18 +0800

<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 7 (7.0.42) - Changelog</title><meta name="author" content="Remy Maucherat"><meta name="author" content="Filip Hanik"><meta name="author" content="Rainer Jung"><meta name="author" content="Konstantin Kolinko"><meta name="author" content="Peter Rossbach"><meta name="author" content="Keiichi Fujino"><meta name="author" content="Tim Whittington"><meta name="author" content="Mladen Turk"><meta name="author" content="Christopher Schultz"><meta name="author" content="Sylvain Laurent"><meta name="author" content="Violeta Georgieva"><style type="text/css" media="print">

2

.noPrint {display: none;}

3

td#mainBody {width: 100%;}

4

</style><style type="text/css">

5

code {background-color:rgb(224,255,255);padding:0 0.1em;}

6

code.attributeName, code.propertyName {background-color:transparent;}

7

</style><style type="text/css">

8

.wrapped-source code { display: block; background-color: transparent; }

9

.wrapped-source div { margin: 0 0 0 1.25em; }

10

.wrapped-source p { margin: 0 0 0 1.25em; text-indent: -1.25em; }

11

</style><style type="text/css">

12

p.notice {

13

border: 1px solid rgb(255, 0, 0);

14

background-color: rgb(238, 238, 238);

15

color: rgb(0, 51, 102);

16

padding: 0.5em;

17

margin: 1em 2em 1em 1em;

18

}

19

</style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><tr><td><a href="http://tomcat.apache.org/"><img src="./images/tomcat.gif" align="right" alt="

20

The Apache Tomcat Servlet/JSP Container

21

" border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 7</font></h1><font face="arial,helvetica,sanserif">Version 7.0.42, Jul 2 2013</font></td><td><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><tr><td colspan="2"><hr noshade size="1"></td></tr><tr><td width="20%" valign="top" nowrap class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li><li><a href="#comments_section">User Comments</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li><a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li><li><a href="security-howto.html">28) Security Considerations</a></li><li><a href="windows-service-howto.html">29) Windows Service</a></li><li><a href="windows-auth-howto.html">30) Windows Authentication</a></li><li><a href="jdbc-pool.html">31) Tomcat's JDBC Pool</a></li><li><a href="web-socket-howto.html">32) WebSocket</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Tomcat Javadocs</a></li><li><a href="servletapi/index.html">Servlet Javadocs</a></li><li><a href="jspapi/index.html">JSP 2.2 Javadocs</a></li><li><a href="elapi/index.html">EL 2.2 Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li><li><a href="tribes/introduction.html">Tribes</a></li></ul></td><td width="80%" valign="top" align="left" id="mainBody"><h1>Changelog</h1><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.42 (markt)"></a><a name="Tomcat_7.0.42_(markt)"><strong>Tomcat 7.0.42 (markt)</strong></a></font></td></tr><tr><td><blockquote>

22

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.42 (markt)/Catalina"></a><a name="Tomcat_7.0.42_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

23

24

25

Enforce the restriction described in section 4.4 of the Servlet 3.0

26

specification that requires the new pluggability methods only to be

27

available to <code>ServletContextListener</code>s defined in one of the

28

specified ways. (markt)

29

</td></tr>

30

31

Better handle FORM authentication when requesting a resource as an

32

unauthenticated user that is only protected for a sub-set of HTTP

33

methods that does not include GET. (markt)

34

</td></tr>

35

36

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53777">53777</a>: Add support for a JAAS Realm instance to use a

37

dedicated configuration rather than the JVM global JAAS configuration.

38

This is most likely to be useful for per web application JAAS Realms.

39

Based on a patch by eolivelli. (markt)

40

</td></tr>

41

42

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54745">54745</a>: Fix JAR file scanning when Tomcat is deployed via Java

43

Web Start. Patch provided by Nick Williams. (markt)

44

</td></tr>

45

46

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55017">55017</a>: Add the ability to configure the RMI bind address when

47

using the JMX remote lifecycle listener. Patch provided by Alexey

Noskov. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55071">55071</a>: Ensure original exception is reported if JDBC Realm

52

fails to read a user's credentials. (markt)

53

</td></tr>

54

55

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55073">55073</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55108">55108</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55109">55109</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55110">55110</a>,

56

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55158">55158</a> & <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55159">55159</a>: Small performance improvements.

57

Patches provided by Adrian Nistor. (markt/violetagg)

58

</td></tr>

59

60

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55102">55102</a>: Add support for time to first byte in the

61

AccessLogValve. Patch provided by Jeremy Boynes. (markt)

62

</td></tr>

63

64

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55125">55125</a>: If the Server container fails to start, don't allow

65

the Catalina wrapper to start (used when running from the command line

66

and when running as a service) since Tomcat will not be able to do any

useful work. (markt)

</td></tr>

Update the <code>JreMemoryLeakPreventionListener</code> to take account

71

of changes in the behaviour of

72

<code>java.beans.Introspector.flushCaches()</code> and

73

<code>sun.awt.AppContext.getAppContext()</code> in Java 7. (markt)

74

</td></tr>

75

76

Avoid WARNING log message of

77

<code>Users:type=UserDatabase,database=UserDatabase</code> at Tomcat

shutdown. (pero)

</td></tr>

Avoid <code>ClassCastException</code> when an asynchronous dispatch is

82

invoked in an asynchronous cycle which is started by a call to

83

<code>ServletRequest.startAsync(ServletRequest,ServletResponse)</code>

84

where ServletRequest/ServletResponse are custom implementations.

(violetagg)

</td></tr>

Correct a regression introduced in 7.0.39 (refactoring of base 64

89

encoding and decoding) that broke the JNDI Realm when

90

<code>userPassword</code> was set and passwords were hashed with MD5 or

91

SHA1. (markt/kkolinko)

92

</td></tr>

93

94

Correct the mechanism for the path calculation in

95

<code>AsyncContext.dispatch()</code>. (violetagg)

96

</td></tr>

97

98

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55155">55155</a>: Avoid constant focus grabbing when running the Tomcat

99

unit tests under Java 6 on OSX. Patch provided by Casey Lucas. (markt)

100

</td></tr>

101

102

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55160">55160</a>: Don't ignore connectionUploadTimeout setting when

103

using HTTP NIO connector. (markt)

104

</td></tr>

105

106

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55176">55176</a>: Correctly handle regular expressions within SSI

107

expressions that contain an equals character. (markt)

108

</td></tr>

109

</table>

110

</blockquote></td></tr></table>

111

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.42 (markt)/Coyote"></a><a name="Tomcat_7.0.42_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

112

113

114

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55177">55177</a>: Correctly handle infinite soTimeout for BIO HTTP

115

connector. Based on a patch by Nick Bunn. (markt)

116

</td></tr>

117

118

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55180">55180</a>: Correctly handle infinite soTimeout when

119

<code>disableUploadTimeout</code> is set to false. Patch provided by

120

Nick Bunn. (violetagg)

121

</td></tr>

122

</table>

123

</blockquote></td></tr></table>

124

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.42 (markt)/Cluster"></a><a name="Tomcat_7.0.42_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

125

126

127

Delete leftover of war file from tempDir when removing invalid

128

<code>FileMessageFactory</code>. (kfujino)

129

</td></tr>

130

131

Ensure that the keepAlive of NioSender works correctly when

132

<code>keepAliveCount</code>/<code>keepAliveTime</code> is set to a value

133

greater than 0. (kfujino)

134

</td></tr>

135

136

Add logging of when a member is unable to join the cluster. (kfujino)

137

</td></tr>

138

139

Replace Tribes's <code>TaskQueue</code> as executor's

140

workQueue in order to ensure that executor's <code>maxThread</code>

141

works correctly. (kfujino)

142

</td></tr>

143

144

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54086">54086</a>: Fix an additional code path that could lead to

145

multiple threads attempting to modify the same selector key set. (markt)

146

</td></tr>

147

</table>

148

</blockquote></td></tr></table>

149

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.42 (markt)/Web applications"></a><a name="Tomcat_7.0.42_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

150

151

152

Complete the document for <code>MessageDispatch15Interceptor</code>.

(kfujino)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53655">53655</a>: Document the circumstances under which Tomcat will add

157

a <code>javax.mail.Authenticator</code> to mail sessions created via a

158

JNDI resource. (markt)

159

</td></tr>

160

161

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55179">55179</a>: Correct the Javadoc for the remote IP valve so the

162

correct name is used to refer to the <code>proxiesHeader</code>

property. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55031">55031</a>: Fixed <code>Export-Package</code> header and

171

<code>uses</code> directives in MANIFEST.MF. Change the version for

172

package <code>org.apache.juli.logging</code> to "0" in

173

<code>Import-Package</code> header. Thus any version of that package

174

can be used. Patch provided by Martin Lichtin. (violetagg)

175

</td></tr>

176

</table>

177

</blockquote></td></tr></table>

178

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.42 (markt)/Other"></a><a name="Tomcat_7.0.42_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

179

180

181

Update Maven Cental location used to download dependencies at build time

182

to be <code>repo.maven.apache.org</code>. (kkolinko)

183

</td></tr>

184

185

Update JUnit to version 4.11. Configure separate download for Hamcrest

186

1.3 core library as its classes are no longer included in junit.jar.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54013">54013</a>: When using a forced stop, allow a short period of time

191

(5s) for the process to die before returning. Patch provided by

192

mukarram.baig. (markt)

193

</td></tr>

194

195

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55119">55119</a>: Ensure that the build process produces Javadoc that is

196

not vulnerable to CVE-2013-1571. Based on a patch by Uwe Schindler.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

201

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.41 (markt)"></a><a name="Tomcat_7.0.41_(markt)"><strong>Tomcat 7.0.41 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>2013-06-10</strong></font></td></tr><tr><td colspan="2"><blockquote>

202

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.41 (markt)/Catalina"></a><a name="Tomcat_7.0.41_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

203

204

205

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54703">54703</a>: Make parsing of HTTP Content-Type headers tolerant of

206

any CR or LF characters that appear in the value passed by the

207

application. Also fix some whitespace parsing issues identified by the

208

additional test cases. (markt)

209

</td></tr>

210

211

Prevent possible WAR file locking when reading a context.xml file from

212

an unexpanded WAR file. Note that in normal usage, the

213

<code>JreMemoryLeakPreventionListener</code> would protect against this.

(markt)

</td></tr>

Ensure that when auto deployment runs for a Host, it uses the latest

218

values for copyXML, deployXML and unpackWARs. (markt)

219

</td></tr>

220

221

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54939">54939</a>: Provide logging (using a UserDataHelper) when HTTP

222

header parsing fails (e.g. when maxHeaderCount is exceeded). (markt)

223

</td></tr>

224

225

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54944">54944</a>: Enhancements to the unit tests for FORM

226

authentication. Patch provided by Brian Burch. (markt)

227

</td></tr>

228

229

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54955">54955</a>: When a reload of the application is performed ensure

230

that a subsequent request to the context root does not result in a 404

231

response. (violetagg)

232

</td></tr>

233

234

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54971">54971</a>: Ensure that the correct location is used when writing

235

files via <code>javax.servlet.http.Part.write(String)</code>. (markt)

236

</td></tr>

237

238

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54974">54974</a>: Ensure that

239

<code>SessionCookieConfig#set<methods></code>

240

will throw <code>IllegalStateException</code> if the

241

<code>ServletContext</code> from which this

242

<code>SessionCookieConfig</code> was acquired has already been

243

initialized. (violetagg)

244

</td></tr>

245

246

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54981">54981</a>: Ensure that

247

<code>ServletContext#getJspConfigDescriptor()</code> will return

248

<code>null</code> when there is no jsp configuration provided by

249

web.xml/web-fragment.xml. (violetagg)

250

</td></tr>

251

252

Ensure that when Tomcat's anti-resource locking features are used

253

that the temporary copy of the web application and not the original is

254

removed when the web application stops. (markt)

255

</td></tr>

256

257

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54984">54984</a>: Use the correct encoding when processing a form data

258

posted as multipart/form-data even when the request parameters are not

parsed. (violetagg)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54999">54999</a>: The old JSESSIONIDSSO needs to be removed when SSO is

263

being used and logout() and login() occur within a single request. Patch

264

provided by Keith Mashinter. (markt)

265

</td></tr>

266

267

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55035">55035</a>: Add support for the version attribute to the deploy

268

command of the Ant tasks for interfacing with the text based Manager

269

application. Patch provided by Sergey Tcherednichenko. (markt)

270

</td></tr>

271

272

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55046">55046</a>: Add a Servlet Filter that implements

273

<a href="http://www.w3.org/TR/cors/">CORS</a>. Patch

274

provided by Mohit Soni. (markt)

275

</td></tr>

276

277

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=55052">55052</a>: JULI's LogManager now additionally looks for

278

logging properties without prefixes if the property cannot be found with

a prefix. (markt)

</td></tr>

Ensure that only the first asynchronous dispatch operation for a given

283

asynchronous cycle will be performed. Any subsequent asynchronous

284

dispatch operation for the same asynchronous cycle will be ignored and

285

<code>IllegalStateException</code> will be thrown. (violetagg)

286

</td></tr>

287

</table>

288

</blockquote></td></tr></table>

289

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.41 (markt)/Coyote"></a><a name="Tomcat_7.0.41_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

290

291

292

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54947">54947</a>: Fix the HTTP NIO connector that incorrectly rejected a

293

request if the CRLF terminating the request line was split across

294

multiple packets. Patch by Konstantin Preißer. (markt)

295

</td></tr>

296

</table>

297

</blockquote></td></tr></table>

298

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.41 (markt)/Jasper"></a><a name="Tomcat_7.0.41_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

299

300

301

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54964">54964</a>: Allow tag plug-ins to be packaged with a web

302

application. Patch provided by Sheldon Shao. (markt)

303

</td></tr>

304

305

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54968">54968</a>: Return the correct version number (2.2) of the JSP

306

specification that is supported by the JSP engine when

307

<code>javax.servlet.jsp.JspEngineInfo#getSpecificationVersion()</code>

308

is invoked. (violetagg)

309

</td></tr>

310

</table>

311

</blockquote></td></tr></table>

312

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.41 (markt)/Cluster"></a><a name="Tomcat_7.0.41_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

313

314

315

Add <code>maxValidTime</code> attribute to prevent the leak of

316

<code>FileMessageFactory</code> in <code>FarmWarDeployer</code>.

(kfujino)

</td></tr>

Simplify the code of <code>ReplicationValve</code>: Rather than get

321

cluster instance from container on every request, use instance variable.

(kfujino)

</td></tr>

Add <code>maxWait</code> attribute that the senderPool will wait when

326

there are no available senders. (kfujino)

327

</td></tr>

328

329

Improve error message by including specified timeout if failed to

330

retrieve a data sender. (kfujino)

331

</td></tr>

332

333

Add <code>removeSuspectsTimeout</code> attribute in order to remove a

334

suspect node in TcpFailureDetector. (kfujino)

335

</td></tr>

336

</table>

337

</blockquote></td></tr></table>

338

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.41 (markt)/Web applications"></a><a name="Tomcat_7.0.41_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

339

340

341

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54931">54931</a>: Add information to the Window Service how-to about

342

installing and running multiple instances. Based on a patch by Chris

Derham. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54932">54932</a>: Correct the link to Tribes documentation. (violetagg)

</td></tr>

Add document for

<code>o.a.c.tribes.group.interceptors.TcpFailureDetector</code>.

(kfujino)

</td></tr>

</table>

</blockquote></td></tr></table>

355

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.40 (markt)"></a><a name="Tomcat_7.0.40_(markt)"><strong>Tomcat 7.0.40 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>2013-05-09</strong></font></td></tr><tr><td colspan="2"><blockquote>

356

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.40 (markt)/Catalina"></a><a name="Tomcat_7.0.40_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

357

358

359

Update Tomcat's internal copy of Commons FileUpload to FileUpload 1.3.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54178">54178</a>: Protect against <code>AsyncListener</code>

364

implementations that throw <code>RuntimeException</code>s in response to

an event. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54791">54791</a>: Restore <code>tools.jar</code> entry in

369

<code>jarsToSkip</code> property to prevent warnings when running Tomcat

370

from Eclipse. (markt)

371

</td></tr>

372

373

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54851">54851</a>: When scanning for web fragments, directories without

374

any web-fragment.xml should not impact the status of distributable

375

element. Patch provided by Trask Stalnaker. (violetagg)

376

</td></tr>

377

378

When an error occurs during the sending of a WebSocket message, notify

379

the Inbound side (where all the events occur that the application reacts

380

to) that an error has occurred and that the connection is being closed.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54906">54906</a>: Better error message if a

385

<code>ConcurrentModificationException</code> occurs while checking for

386

memory leaks when a web application stops. Also ensure that the

387

exception does not cause remaining checks to be skipped. Based on a

patch by NateC.

</td></tr>

Allow 204 responses (no content) to include entity headers as required

by RFC2616. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

396

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.40 (markt)/Coyote"></a><a name="Tomcat_7.0.40_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

397

398

399

Ensure write errors when using HTTP Upgrade with the APR/native

400

connector result in <code>IOException</code>s rather than errors being

401

silently swallowed. (markt)

402

</td></tr>

403

</table>

404

</blockquote></td></tr></table>

405

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.40 (markt)/Jasper"></a><a name="Tomcat_7.0.40_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

406

407

408

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54802">54802</a>: Provide location information for exceptions thrown

409

by JspDocumentParser. (kkolinko)

410

</td></tr>

411

412

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54801">54801</a>: Do not attempt to parse text that looks like an EL

413

expressions inside a scriptlet in a JSP document because EL expressions

414

are not permitted in scriptlets. (kkolinko/markt)

415

</td></tr>

416

417

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54821">54821</a>: Do not attept to parse text that looks like an EL

418

expressions in a JSP document if EL expressions have been disabled.

(kkolinko/markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54888">54888</a>: Add support for CSV lists with the ForEach tag plugin.

423

Patch provided by Sheldon Shao. (markt)

424

</td></tr>

425

</table>

426

</blockquote></td></tr></table>

427

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.40 (markt)/Cluster"></a><a name="Tomcat_7.0.40_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

428

429

430

Add several improvements for FarmWarDeployer. (kfujino)

431

</td></tr>

432

</table>

433

</blockquote></td></tr></table>

434

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.40 (markt)/Web applications"></a><a name="Tomcat_7.0.40_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

435

436

437

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54872">54872</a>: Correct Cluster Receiver page of Tomcat

438

documentation. (violetagg)

439

</td></tr>

440

</table>

441

</blockquote></td></tr></table>

Document <code>StatementCache</code> interceptor. (kkolinko)

446

</td></tr>

447

448

Fix minor threading issue in <code>ConnectionPool</code>.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54732">54732</a>: Fix leak of statements in <code>StatementCache</code>

453

interceptor. (kkolinko)

454

</td></tr>

455

456

Fix NPE in <code>SlowQueryReportJmx</code> when running

457

<code>TestSlowQueryReport</code> test. (kkolinko)

458

</td></tr>

459

</table>

460

</blockquote></td></tr></table>

461

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.40 (markt)/Other"></a><a name="Tomcat_7.0.40_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

462

463

464

Update to Eclipse JDT Compiler 4.2.2. (kkolinko)

465

</td></tr>

466

467

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54890">54890</a>: Update to Apache Commons Daemon 1.0.15. (mturk)

468

</td></tr>

469

470

Convert remaining unit tests to JUnit 4 and enable Checkstyle rule

471

that forbids use of methods from JUnit 3. (markt/kkolinko)

472

</td></tr>

473

474

Remove unneeded permissions for reading UserDataHelper properties

475

from <code>catalina.policy</code> file. The class that needed those

476

was moved in 7.0.26. (kkolinko)

477

</td></tr>

478

</table>

479

</blockquote></td></tr></table>

480

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.39 (markt)"></a><a name="Tomcat_7.0.39_(markt)"><strong>Tomcat 7.0.39 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>2013-03-26</strong></font></td></tr><tr><td colspan="2"><blockquote>

481

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.39 (markt)/Catalina"></a><a name="Tomcat_7.0.39_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

482

483

484

Ensure a log message is generated when a web application fails to start

485

due to an error processing a ServletContainerInitializer. (markt)

486

</td></tr>

487

488

Prevent NPE in JAR scanning when running in an environment where the

489

bootstrap class loader is not an ancestor of the web application class

490

loader such as OSGi environments. (violetagg)

491

</td></tr>

492

493

Ensure that, if a call to UEncoder#encodeURL is made, all internal

494

structures are properly cleaned. (violetagg)

495

</td></tr>

496

497

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54660">54660</a>: Enable the modification of an access log's

498

<code>fileDateFormat</code> attribute while the access log is in use.

499

The change will take effect when the next entry is made to the access

log. (markt)

</td></tr>

Update Tomcat's internal copy of Commons FileUpload to FileUpload trunk,

504

revision 1458500 and the associated extract from Commons IO to 2.4.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54702">54702</a>: Prevent file descriptors leak and ensure that files

509

are closed when parsing web application deployment descriptors.

(violetagg)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54707">54707</a>: Further relax the parsing of DIGEST authentication

514

headers to allow for buggy clients that quote values that RFC2617 states

515

should not be quoted. (markt/kkolinko)

516

</td></tr>

517

518

Enable support for MBeans with multiple operations with the same name

519

but different signatures. (markt)

520

</td></tr>

521

522

Deprecate Tomcat's internal Base 64 encoder/decoder and switch to

523

using a package renamed copy of the Commons Codec implementation.

(markt)

</td></tr>

Ensure that StandardJarScanner#scan will use the provided class loader

528

when scanning the class loader hierarchy. (violetagg)

529

</td></tr>

530

</table>

531

</blockquote></td></tr></table>

532

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.39 (markt)/Coyote"></a><a name="Tomcat_7.0.39_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

533

534

535

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54690">54690</a>: Fix a regression caused by the previous fix for

536

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54406">54406</a>. If no values are specified for sslEnabledProtocols or

537

ciphers use the default values for server sockets rather than the

538

default values for client sockets. (markt)

539

</td></tr>

540

</table>

541

</blockquote></td></tr></table>

542

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.39 (markt)/Web applications"></a><a name="Tomcat_7.0.39_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

543

544

545

Correct Deployer, Manager and Context pages of Tomcat documentation.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52318">52318</a>: Version for imported package

554

<code>org.apache.juli.logging</code> is extended to include also 7.0.x

555

versions. The fix is applicable only when running in OSGi environment.

556

Patch provided by Martin Lichtin. (violetagg)

557

</td></tr>

558

559

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54599">54599</a>: Do not print connection password in

560

<code>PoolProperties.toString()</code>. Based on a patch by

561

Daniel Mikusa. (kkolinko)

562

</td></tr>

563

564

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54684">54684</a>: Add <code>javax.naming.spi</code> to

565

<code>Import-Package</code> header in MANIFEST.MF in order to resolve

566

<code>ClassNotFoundException</code> when running in OSGi environment.

(violetagg)

</td></tr>

</table>

</blockquote></td></tr></table>

571

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.39 (markt)/Other"></a><a name="Tomcat_7.0.39_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

572

573

574

Update to Apache Commons Daemon 1.0.14 to resolve <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54609">54609</a>

575

which meant that installation of Windows service could fail

576

producing incorrect service launch command. (mturk)

577

</td></tr>

578

579

Ensure HEAD requests return the correct content length when the

580

requested resource uses a Writer. Patch by Nick Williams. (markt)

581

</td></tr>

582

</table>

583

</blockquote></td></tr></table>

584

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.38 (markt)"></a><a name="Tomcat_7.0.38_(markt)"><strong>Tomcat 7.0.38 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

585

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.38 (markt)/Catalina"></a><a name="Tomcat_7.0.38_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

586

587

588

Ensure that the request start time (used by the access log valve to

589

calculate request processing time) is correctly recorded for the HTTP

590

NIO connector. In some cases the request processing time may have been

591

longer than that recorded. (markt)

592

</td></tr>

593

594

Add one more library from JDK 7 to the value of <code>jarsToSkip</code>

595

property in the <code>catalina.properties</code> file. (kkolinko)

596

</td></tr>

597

598

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53871">53871</a>: If annotation scanning results in a

599

<code>StackOverflowError</code> due to broken class dependencies, add

600

the class hierarchy that triggered the exception to the error message.

(markt)

</td></tr>

Add a new option to the standard JarScanner implementation

605

(<code>scanBootstrapClassPath</code>) to control if the bootstrap

606

classpath is scanned or not. By default, it will not be scanned. (markt)

607

</td></tr>

608

609

Provide more consolidated servlet MBean data in the webapp MBean.

(rjung)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54584">54584</a>: Take account of the delegate attribute when building

614

the web application class path to pass to the JSP compiler. (markt)

615

</td></tr>

616

617

Copy the updated and re-packaged UTF-8 decoder from Tomcat 8.0.x and use

618

this improved decoder for WebSocket connections. Remove the WebSocket

619

specific UTF-8 decoder. (markt)

620

</td></tr>

621

622

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54602">54602</a>: Recycle the byte to character converter used for URIs

623

between requests to ensure an error in one request does not trigger a

624

failure in the next request. (markt)

625

</td></tr>

626

627

Use the newly added improved UTF-8 decoder for decoding UTF-8 encoded

628

URIs and UTF-8 encoded request bodies. Invalid UTF-8 URIs will not

629

cause an error but will make use of the replacement character when an

630

error is detected. This will allow web applications to handle the URI

631

which will most likely result in a 404 response. The fall-back to

632

decoding with ISO-8859-1 if UTF-8 decoding fails has been removed.

633

Invalid UTF-8 sequences in a request body will trigger an IOException.

634

The way the decoder is used has also been improved. The notable change

635

is that invalid sequences at the end of the input now trigger an error

636

rather than being silently swallowed. (markt)

637

</td></tr>

638

639

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54624">54624</a>: Ensure that the correct request body length is used

640

when swallowing a request body after FORM authentication prior to

641

restoring the original request preventing possible hanging when

642

restoring POST requests submitted over AJP. (markt)

643

</td></tr>

644

645

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54628">54628</a>: When writing binary WebSocket messages write from

646

start position in array rather than the start of the array. Patch

647

provided by blee. (markt)

648

</td></tr>

649

</table>

650

</blockquote></td></tr></table>

651

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.38 (markt)/Coyote"></a><a name="Tomcat_7.0.38_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

652

653

654

Refactor char encoding/decoding using NIO APIs. (remm)

655

</td></tr>

656

</table>

657

</blockquote></td></tr></table>

658

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.38 (markt)/Web applications"></a><a name="Tomcat_7.0.38_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

659

660

661

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54203">54203</a>: Complete the Javadoc for

662

<code>javax.servlet.http.Part</code>. (markt)

663

</td></tr>

664

665

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54638">54638</a>: Fix display of "Used" memory value for memory pools

666

on the status page in Manager web application when the page is rendered

as XML. (kkolinko)

</td></tr>

Correct typos in configuration samples on SSL Configuration page

671

of Tomcat documentation. (kkolinko)

672

</td></tr>

673

674

Disable support for comments on Changelog page of Tomcat

675

documentation. (kkolinko)

676

</td></tr>

677

678

Fix several issues with <code>status.xsd</code> schema in Manager web

679

application, testing it against actual output of StatusTransformer

class. (kkolinko)

</td></tr>

Clarify the documentation on how context paths may be configured for web

684

applications. (markt)

685

</td></tr>

686

</table>

687

</blockquote></td></tr></table>

688

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.38 (markt)/Other"></a><a name="Tomcat_7.0.38_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

689

690

691

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54601">54601</a>: Change <code>catalina.sh</code> to consistently use

692

<code>LOGGING_MANAGER</code> variable to configure logging,

693

instead of modifying <code>JAVA_OPTS</code> one. (kkolinko)

694

</td></tr>

695

</table>

696

</blockquote></td></tr></table>

697

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.37 (markt)"></a><a name="Tomcat_7.0.37_(markt)"><strong>Tomcat 7.0.37 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>2013-02-18</strong></font></td></tr><tr><td colspan="2"><blockquote>

698

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.37 (markt)/Catalina"></a><a name="Tomcat_7.0.37_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

699

700

701

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54521">54521</a>: Ensure that concurrent requests that require a DIGEST

702

authentication challenge receive different nonce values. (markt)

703

</td></tr>

704

705

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54534">54534</a>: Ensure that, if a call to

706

<code>StandardWrapper#isSingleThreadModel()</code> triggers the loading

707

of a Servlet, the correct class loader is used. (markt)

708

</td></tr>

709

710

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54536">54536</a>: Ensure the default error page is displayed if a custom

711

HTTP status code is used when calling

712

<code>HttpServletResponse#sendError(int, String)</code>. (markt)

713

</td></tr>

714

</table>

715

</blockquote></td></tr></table>

716

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.37 (markt)/Coyote"></a><a name="Tomcat_7.0.37_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

717

718

719

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54456">54456</a>: Ensure that if a client aborts a request when sending

720

a chunked request body that this is communicated correctly to the client

721

reading the request body. (markt)

722

</td></tr>

723

724

Update the native component of the APR/native connector to 1.1.27 and

725

make that version the recommended minimum version. (markt)

726

</td></tr>

727

</table>

728

</blockquote></td></tr></table>

729

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.37 (markt)/Jasper"></a><a name="Tomcat_7.0.37_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

730

731

732

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54239">54239</a>: Enable web applications to provide their own

733

Expression Language interpreter to enable them to optimise processing of

734

expressions. Based on a patch by Sheldon Shao. (markt)

735

</td></tr>

736

</table>

737

</blockquote></td></tr></table>

738

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.37 (markt)/Web applications"></a><a name="Tomcat_7.0.37_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

739

740

741

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54505">54505</a>: Create clearer links from the JNDI How-To to the

742

Tomcat specific options for configuring JNDI resources. (markt)

743

</td></tr>

744

</table>

745

</blockquote></td></tr></table>

746

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.37 (markt)/Other"></a><a name="Tomcat_7.0.37_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

747

748

749

Update to Apache Commons Daemon 1.0.13. (markt)

750

</td></tr>

751

</table>

752

</blockquote></td></tr></table>

753

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.36 (markt)"></a><a name="Tomcat_7.0.36_(markt)"><strong>Tomcat 7.0.36 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

754

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.36 (markt)/Catalina"></a><a name="Tomcat_7.0.36_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

755

756

757

Make additional allowances for buggy client implementations of HTTP

758

DIGEST authentication. This is a follow-on to <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54060">54060</a>. (markt)

759

</td></tr>

760

761

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54438">54438</a>: Fix a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52953">52953</a> that

762

triggered a NPE when digested passwords were used and an authentication

763

attempt was made for a user that did not exist in the realm. (markt)

764

</td></tr>

765

766

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54448">54448</a>: Correctly handle <code>@Resource</code> annotations on

767

primitives. Patch provided by Violeta Georgieva. (markt)

768

</td></tr>

769

770

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54450">54450</a>: Correctly handle resource injection when part of the

771

servlet properties uses <code>@Resource</code> and the other uses

772

<code>injection-target</code>. Patch provided by Violeta Georgieva.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54458">54458</a>: Include exception when logging errors in the

777

DataSourceRealm. Patch provided by Violeta Georgieva. (markt)

778

</td></tr>

779

780

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54483">54483</a>: Correct one of the Spanish translations. Based on a

781

suggestion from adinamita. (markt)

782

</td></tr>

783

784

Prevent the SSO deregister when web application is stopped or reloaded.

785

When StandardManager(pathname="") or DeltaManager stops normally, all

786

sessions in the context are expired.

787

In this case, because most sessions is not time-out, SSO deregister was

triggered. (kfujino)

</td></tr>

Include the exception in the log message if the parsing of the

792

context.xml file fails. (markt/kkolinko)

793

</td></tr>

794

795

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54497">54497</a>: Make memory leak detection code more robust so a

796

failure in the leak detection code does not prevent the Context from

797

stopping unless the error is fatal to the JVM. (markt)

798

</td></tr>

799

800

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54507">54507</a>: Do not start the background thread that is used for

801

expiring sessions (amongst other things) until the web application is

802

fully started. Stop the background thread as soon as the web application

is stopped. (markt)

</td></tr>

Allow WebSocket Ping/Pong messages to be sent between fragments of a

807

fragmented message. (markt)

808

</td></tr>

809

810

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54612">54612</a>: Check if the socket is closed before trying to write a

811

WebSocket message to it. Also, flush any partial buffered data before

812

closing the socket. (markt)

813

</td></tr>

814

</table>

815

</blockquote></td></tr></table>

816

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.36 (markt)/Coyote"></a><a name="Tomcat_7.0.36_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

817

818

819

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54324">54324</a>: Allow APR connector to disable TLS compression

820

if OpenSSL supports it. (schultz)

821

</td></tr>

822

823

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54406">54406</a>: Fix NIO HTTPS connector to prune specified <code>

824

ciphers</code> and <code>sslEnableProtocols</code> options to those

825

supported by the SSL implementation, sharing logic with the BIO

826

connector. Modified ciphers and sslEnabledProtocols option pruning to

827

not silently revert to JVM defaults when none of the options specified

828

are supported - new behaviour is to warn and explicitly enable no

options. (timw)

</td></tr>

Align NIO HTTP connector with other HTTP connectors and include leading

833

blank lines when determining the size of the HTTP headers. (markt)

834

</td></tr>

835

</table>

836

</blockquote></td></tr></table>

837

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.36 (markt)/Jasper"></a><a name="Tomcat_7.0.36_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

838

839

840

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53869">53869</a>: Performance improvement for pages with lots of heavily

841

nested tags. Retain a reference to the root JSP context rather than

842

traversing the hierarchy on every call. Based on a patch suggested by

843

Sheldon Shao. (markt)

844

</td></tr>

845

846

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54440">54440</a>: Correct a regression caused by the changes for

847

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54240">54240</a> that broke compilation of JSPs with JspC. Patch

848

provided by Sheldon Shao. (markt)

849

</td></tr>

850

851

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54466">54466</a>: Improve error message by including the name of the

852

file when the java file generated from a tag file cannot be compiled.

853

Based on a patch by Sheldon Shao. (markt)

854

</td></tr>

855

</table>

856

</blockquote></td></tr></table>

857

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.36 (markt)/Cluster"></a><a name="Tomcat_7.0.36_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

858

859

860

Fix incorrect increment of <code>counterSend_EVT_SESSION_EXPIRED</code>

861

and <code>counterSend_EVT_CHANGE_SESSION_ID</code>. These values are not

862

incremented if no members active in cluster group. (kfujino)

863

</td></tr>

864

865

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54476">54476</a>: Correct error in Javadoc of GroupChannel send methods

866

to maker clear that the minimum length of the destination member array

867

is one, not two. (markt)

868

</td></tr>

869

870

Prevent SSO deregister when node shutdown normally in cluster

871

environment. (kfujino)

872

</td></tr>

873

874

Check cluster member before sending replicate message in

875

ClusterSingleSignOn. (kfujino)

876

</td></tr>

877

</table>

878

</blockquote></td></tr></table>

879

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.36 (markt)/Web applications"></a><a name="Tomcat_7.0.36_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

880

881

882

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54461">54461</a>: Improve the documentation for the compiler attribute

883

in the Jasper how-to. (markt)

884

</td></tr>

885

886

Add Jespa to the list of third-party Windows authentication providers

887

and make external links in the documentation for those providers

888

<code>no-follow</code>. (markt)

889

</td></tr>

890

</table>

891

</blockquote></td></tr></table>

892

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.36 (markt)/Tribes"></a><a name="Tomcat_7.0.36_(markt)/Tribes"><strong>Tribes</strong></a></font></td></tr><tr><td><blockquote>

893

894

895

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54496">54496</a>: Don't use a hard-coded class name in

896

<code>MemberImpl.toString()</code>. (markt)

897

</td></tr>

898

</table>

899

</blockquote></td></tr></table>

900

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.36 (markt)/Other"></a><a name="Tomcat_7.0.36_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

901

902

903

Update to Apache Commons Daemon 1.0.12. (markt)

904

</td></tr>

905

</table>

906

</blockquote></td></tr></table>

907

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.35 (markt)"></a><a name="Tomcat_7.0.35_(markt)"><strong>Tomcat 7.0.35 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>2013-01-16</strong></font></td></tr><tr><td colspan="2"><blockquote>

908

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.35 (markt)/Catalina"></a><a name="Tomcat_7.0.35_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

909

910

911

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54247">54247</a>: Prevent <code>ClassNotFoundException</code>s on stop

912

when running as a service. (markt)

913

</td></tr>

914

915

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54249">54249</a>: Ensure resource properties are available when the

916

context path contains encoded characters such as a space. This triggered

917

compilation issues in Jasper. Patch provided by Polina Genova. (markt)

918

</td></tr>

919

920

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54256">54256</a>: Improve error reporting when a JAR file fails

921

extension validation by including the name of the JAR file in the

exception. (markt)

</td></tr>

Allow web applications to be stopped cleanly even if filters throw

926

exceptions when their destroy() method is called. (markt/kkolinko)

927

</td></tr>

928

929

Fix memory leak of servlet instances when running with a

930

SecurityManager and either init() or destroy() methods fail

931

or the servlet is a SingleThreadModel one. (kkolinko)

932

</td></tr>

933

934

Cleanup method cache lookup code in <code>SecurityUtil</code> class.

(kkolinko)

</td></tr>

Make the Tomcat 7 non-JSR356 WebSocket implementation non-blocking

939

(where supported by the connector) between the HTTP upgrade and the

940

first WebSocket message from the client to the server. (markt)

941

</td></tr>

942

943

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54262">54262</a>: Ensure that an empty

944

<code><absolute-ordering /></code> element in the main web.xml

945

file disables scanning for web fragments. Based on a patch by Violeta

Georgieva. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54284">54284</a>: As per clarification from the Servlet EG, anonymous

950

Filters and Servlets are not permitted. Patch by Violeta Georgieva.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54371">54371</a>: Prevent exceptions when processing web fragments for

955

unexpanded WAR files when the context path contains characters that

956

need to be encoded in URLs such as spaces. Based on a patch by Polina

Genova. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54372">54372</a>: Make HTTP Digest authentication header parsing

961

tolerant of invalid headers sent by known buggy clients. (markt)

962

</td></tr>

963

964

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54377">54377</a>: Correctly set request attributes for AccessLog in

965

RemoteIpFilter. Patch by Violeta Georgieva. (markt)

966

</td></tr>

967

968

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54379">54379</a>: Implement support for post-construct and pre-destroy

969

elements in web.xml. Patch by Violeta Georgieva. (markt)

970

</td></tr>

971

972

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54380">54380</a>: Do not try to register servlets or contexts into the

973

mapper too early (which just caused a warning to be logged). (kkolinko)

974

</td></tr>

975

976

Fix NPE in <code>WebappLoader.stopInternal</code> when stop is called

977

after a failed start. (kkolinko)

978

</td></tr>

979

980

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54381">54381</a>: Add support for receiving WebSocket pong messages.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54382">54382</a>: Fix NPE when SSI processing is enabled and an empty

985

SSI directive is present. (markt)

986

</td></tr>

987

988

Fix <code>ArrayIndexOutOfBoundsException</code> in

989

<code>HttpParser</code> when parsing incorrect HTTP headers. (kkolinko)

990

</td></tr>

991

992

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54387">54387</a>: Deployment must fail when multiple servlets are mapped

993

to the same url-pattern. (markt)

994

</td></tr>

995

996

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54391">54391</a>: Provide a value for the

997

<code>javax.servlet.context.orderedLibs</code> attribute. (markt)

998

</td></tr>

999

</table>

1000

</blockquote></td></tr></table>

1001

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.35 (markt)/Coyote"></a><a name="Tomcat_7.0.35_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1002

1003

1004

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54248">54248</a>: Ensure that byte order marks are swallowed when using

1005

a Reader to read a request body with a BOM for those encodings that

1006

require byte order marks. (markt)

1007

</td></tr>

1008

1009

Fix release of processors in <code>AjpNioProtocol</code>. Wrong object

1010

was used as a key in the connections map. (kkolinko)

1011

</td></tr>

1012

</table>

1013

</blockquote></td></tr></table>

1014

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.35 (markt)/Jasper"></a><a name="Tomcat_7.0.35_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

1015

1016

1017

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54240">54240</a>: Add support for auto-detection and configuration of

1018

JARs on the classpath that provide tag plug-in implementations. Based on

1019

a patch by Sheldon Shao. (markt)

1020

</td></tr>

1021

1022

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54241">54241</a>: Revert the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35410">35410</a> as it was not

1023

compliant with the JSP specification, specifically that

1024

<code><%= obj %></code> must be translated to

1025

<code>out.print(obj)</code> which in turn becomes

1026

<code>out.write(String.valueOf(obj))</code>. This will trigger a

1027

<code>NullPointerException</code> if <code>obj.toString()</code> returns

1028

<code>null</code>. The fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35410">35410</a> incorrectly suppressed

1029

the <code>NullPointerException</code> in this case. (markt)

1030

</td></tr>

1031

1032

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54242">54242</a>: Correct handle null iterations with in the JSTL

1033

ForEach tag plug-in implementation. Patch provided by Sheldon Shao.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54260">54260</a>: Avoid <code>NullPointerException</code> when using

1038

JSP unloading and tag files. (markt)

1039

</td></tr>

1040

1041

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54370">54370</a>: Improve handling of nulls when trying to match sets of

1042

parameters to a method in EL. (markt)

1043

</td></tr>

1044

1045

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54338">54338</a>: Correctly coerce the value to the expected type when

1046

using the tag plug-in for the JSTL set tag. Patch provided by Sheldon

Shao. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

1051

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.35 (markt)/Web applications"></a><a name="Tomcat_7.0.35_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1052

1053

1054

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54244">54244</a>: Clarify the documentation for the BIO and NIO SSL

1055

configuration attributes <code>sslEnabledProtocols</code> and

1056

<code>sslProtocol</code> within the documentation web application.

(markt)

</td></tr>

Integrate documentation of Tomcat 7 with Apache Comments System.

1061

People can leave their comments when reading documentation online

1062

at the <a href="http://tomcat.apache.org/">tomcat.apache.org</a>

site. (rjung)

</td></tr>

</table>

</blockquote></td></tr></table>

1067

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.35 (markt)/Other"></a><a name="Tomcat_7.0.35_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

1068

1069

1070

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54390">54390</a>: Use 'java_home' on Mac OS X to auto-detect JAVA_HOME.

(schultz)

</td></tr>

</table>

</blockquote></td></tr></table>

1075

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.34 (markt)"></a><a name="Tomcat_7.0.34_(markt)"><strong>Tomcat 7.0.34 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>2012-12-12</strong></font></td></tr><tr><td colspan="2"><blockquote>

1076

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.34 (markt)/Catalina"></a><a name="Tomcat_7.0.34_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1077

1078

1079

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53871">53871</a>: Improve error message if annotation scanning fails

1080

during web application start due to poor configuration or illegal

1081

cyclic inheritance with the application's classes. (markt)

1082

</td></tr>

1083

1084

Fix unit test for AccessLogValve when using non-GMT time zone. (rjung)

1085

</td></tr>

1086

1087

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54170">54170</a>: Ensure correct registration of Filters and Servlets in

1088

the JMX registry if the Filter or Servlet name includes a character that

1089

must be quoted if used in an ObjectName value. (markt)

1090

</td></tr>

1091

1092

Add new attribute <code>renameOnRotate</code> to the AccessLogValve.

(rjung)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54190">54190</a>: Correct unit tests for BASIC authentication so that

1097

session timeout is correctly tested. Also refactor unit test to make it

1098

easier to add additional tests. Patch by Brian Burch. (markt)

1099

</td></tr>

1100

1101

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54220">54220</a>: Ensure the ErrorReportValve only generates an error

1102

report if the error flag on the response has been set. (markt)

1103

</td></tr>

1104

1105

Simplify time zone handling in the access log valve and correctly handle

1106

various edge cases for non-standard DST changes. (markt)

1107

</td></tr>

1108

</table>

1109

</blockquote></td></tr></table>

1110

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.34 (markt)/Web applications"></a><a name="Tomcat_7.0.34_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1111

1112

1113

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54198">54198</a>: Clarify that

1114

<code>HttpServletResponse.sendError(int)</code> results in an HTML

1115

response by default. (markt)

1116

</td></tr>

1117

1118

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54207">54207</a>: Correct JNDI factory package name in Javadoc for

1119

<code>org.apache.naming.java.javaURLContextFactory</code>. (markt)

1120

</td></tr>

1121

</table>

1122

</blockquote></td></tr></table>

Fix a handful of Eclipse warnings in the JDBC pool source code including

1127

the warnings reported in <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53565">53565</a>. (markt)

1128

</td></tr>

1129

1130

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54150">54150</a>: Make sure that SlowQueryReportJmx mbean deregistered

1131

during webapp shutdown. Reported by Alex Franken. (kfujino)

1132

</td></tr>

1133

1134

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54194">54194</a>: Make sure that connection pool mbean is not registered

1135

when jmxEnabled is false. Patch provided by tobias.gierke. (kfujino)

1136

</td></tr>

1137

</table>

1138

</blockquote></td></tr></table>

1139

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.34 (markt)/Other"></a><a name="Tomcat_7.0.34_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

1140

1141

1142

Update to Eclipse JDT Compiler 4.2.1. (markt)

1143

</td></tr>

1144

</table>

1145

</blockquote></td></tr></table>

1146

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.33 (markt)"></a><a name="Tomcat_7.0.33_(markt)"><strong>Tomcat 7.0.33 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>2012-11-21</strong></font></td></tr><tr><td colspan="2"><blockquote>

1147

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.33 (markt)/Catalina"></a><a name="Tomcat_7.0.33_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1148

1149

1150

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53960">53960</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54115">54115</a>: Extensions to HttpClient test

1151

helper class. Patches by Brian Burch. (markt/kkolinko)

1152

</td></tr>

1153

1154

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53993">53993</a>: Avoid a possible NPE in the AccessLogValve when the

1155

session ID is logged and a session is invalidated. (markt)

1156

</td></tr>

1157

1158

Add support for LAST_ACCESS_AT_START system property to

1159

PersistentManager. (kfujino)

1160

</td></tr>

1161

1162

Update MIME type mapping with additional / updated mime.types from the

1163

Apache web server. (markt)

1164

</td></tr>

1165

1166

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54007">54007</a>: Fix a memory leak that prevented deletion of a

1167

context.xml file associated with a Context that had failed to deploy.

1168

Also fix the problems uncovered with undeploying such a Context once the

1169

leak had been fixed and the file could be deleted. (markt)

1170

</td></tr>

1171

1172

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54044">54044</a>: Correct bug in timestamp cache used by logging

1173

(including the access log valve) that meant entries could be made with

1174

an earlier timestamp than the true timestamp. (markt)

1175

</td></tr>

1176

1177

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54054">54054</a>: Do not share shell environment variables between

1178

multiple instances of the CGI servlet. (markt)

1179

</td></tr>

1180

1181

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54060">54060</a>: Use a simple parser rather than a regular expression

1182

to parse HTTP Digest authentication headers so the header is correctly

1183

parsed. The new approach is also faster and generates less garbage.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54068">54068</a>: Rewrite the web fragment ordering algorithm to resolve

1188

multiple issues that resulted in incorrect ordering or failure to find

1189

a correct, valid order. (markt)

1190

</td></tr>

1191

1192

The HTTP header parser added to address <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52811">52811</a> has been

1193

removed and replaced with the light-weight HTTP header parser created to

1194

address <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54060">54060</a>. The new parser includes a work-around for a

1195

bug in the Adobe Acrobat Reader 9.x plug-in for Microsoft Internet

1196

Explorer that was identified when the old parser was introduced

1197

(<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53814">53814</a>).

1198

</td></tr>

1199

1200

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54076">54076</a>: Add an alternative work-around for clients that use

1201

SPNEGO authentication and expect the authenticated user to be cached

1202

per connection (Tomcat only does this if an HTTP session is available).

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54087">54087</a>: Correctly handle (ignore) invalid If-Modified-Since

1207

header rather than throwing an exception. (markt)

1208

</td></tr>

1209

1210

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54096">54096</a>: In web.xml, <env-entry> should accept any type

1211

that has a constructor that takes a single String or char. (markt)

1212

</td></tr>

1213

1214

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54127">54127</a>: Add support for sending a WebSocket Ping. Patch

1215

provided by Sean Winterberger. (markt)

1216

</td></tr>

1217

1218

In FormAuthenticator: If it is configured to change Session IDs,

1219

do the change before displaying the login form. (kkolinko)

1220

</td></tr>

1221

1222

Ensure <code>AsyncListener.timeout()</code> and

1223

<code>AsyncListener.complete()</code> are called with the correct

1224

thread context class loader. (fhanik)

1225

</td></tr>

1226

1227

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54123">54123</a>: If an asynchronous request times out without any

1228

<code>AsyncListener</code>s defined, a 500 error will be triggered.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54124">54124</a>: Correct provided value of request attribute

1233

<code>javax.servlet.async.request_uri</code> and add missing request

1234

attribute <code>javax.servlet.async.path_info</code>. (markt)

1235

</td></tr>

1236

1237

Add <code>denyStatus</code> initialization parameter to

1238

<code>CsrfPreventionFilter</code>, allowing to customize the HTTP

1239

status code used for denied requests. (kkolinko)

1240

</td></tr>

1241

1242

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54141">54141</a>: Increase the permitted number of nested Realm levels

1243

from 2 to 3 by default and make the limit configurable via a system

property. (markt)

</td></tr>

Revert occasional API change in <code>BaseDirContext</code> class that

1248

was done in 7.0.32. Methods should not be <code>final</code>. (kkolinko)

1249

</td></tr>

1250

1251

Prevent failures in the AccessLogValve when running under a

1252

SecurityManager and the first request received is an asynchronous one.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

1257

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.33 (markt)/Coyote"></a><a name="Tomcat_7.0.33_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1258

1259

1260

Correct an issue that prevented WebSockets from being used over SSL when

1261

using the HTTP NIO connector. (markt)

1262

</td></tr>

1263

1264

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54022">54022</a>: Ensure the Comet END event is triggered on client

1265

disconnect with APR/native on Windows Vista/2k8 or later. Patch provided

1266

by Douglas Beachy. (markt)

1267

</td></tr>

1268

1269

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54067">54067</a>: Ensure responses with 1xx response codes are correctly

1270

marked as not containing an entity body. This caused an issue for some

1271

WebSocket clients when an Transfer-Encoding header was sent with the

1272

101 (HTTP upgrade) response. (markt)

1273

</td></tr>

1274

</table>

1275

</blockquote></td></tr></table>

1276

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.33 (markt)/Jasper"></a><a name="Tomcat_7.0.33_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

1277

1278

1279

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53867">53867</a>: Optimise the XML escaping provided by the PageContext

1280

implementation. Based on a patch by Sheldon Shao. (markt)

1281

</td></tr>

1282

1283

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53896">53896</a>: Use an optimised CompositeELResolver for Jasper that

1284

skips resolvers that are known to be unable to resolve the value. Patch

1285

by Jarek Gawor. (markt)

1286

</td></tr>

1287

1288

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53986">53986</a>: Correct a regression introduced by the fix for

1289

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53713">53713</a>. JSP comments that ended with the sequence ---%> (or

1290

any similar sequence with a odd number of - characters) was not

1291

correctly parsed. (markt)

1292

</td></tr>

1293

1294

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54011">54011</a>: Fix a bug in the tag plug-in for

1295

<code><c:out></code> that triggered a JSP compilation error if the

1296

<code>escapeXml</code> attribute was used. Patch provided by Sheldon

Shao. (markt)

</td></tr>

Follow up to <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54011">54011</a>. Simplify generated code for

1301

<code><c:out></code>. Based on a patch by Sheldon Shao. (markt)

1302

</td></tr>

1303

1304

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54012">54012</a>: Fix a bug in the tag plug-in infrastructure that meant

1305

the <code><c:set></code> triggered a JSP compilation error when

1306

used in a tag file. Based on a patch provided by Sheldon Shao. (markt)

1307

</td></tr>

1308

1309

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54017">54017</a>: Simplify coercion of <code>String</code> instances to

1310

<code>Object</code>. (markt)

1311

</td></tr>

1312

1313

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54144">54144</a>: Fix a bug in the tag plug-in for

1314

<code><c:out></code> that meant that if the value of the tag

1315

evaluated to a <code>java.io.Reader</code> object then it was not

1316

correctly handled. (markt)

1317

</td></tr>

1318

</table>

1319

</blockquote></td></tr></table>

1320

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.33 (markt)/Cluster"></a><a name="Tomcat_7.0.33_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1321

1322

1323

Add getSessionIdsFull operation to mbeans-descriptor. listSessionIdsFull

1324

no longer exist. (kfujino)

1325

</td></tr>

1326

1327

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54086">54086</a>: Fix threading issue when stopping an

1328

<code>NioReceiver</code>. (markt)

1329

</td></tr>

1330

</table>

1331

</blockquote></td></tr></table>

1332

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.33 (markt)/Web applications"></a><a name="Tomcat_7.0.33_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1333

1334

1335

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54143">54143</a>: Add display of the memory pools usage (including

1336

PermGen) to the Status page of the Manager web application. (kkolinko)

1337

</td></tr>

1338

</table>

1339

</blockquote></td></tr></table>

1340

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.33 (markt)/Tribes"></a><a name="Tomcat_7.0.33_(markt)/Tribes"><strong>Tribes</strong></a></font></td></tr><tr><td><blockquote>

1341

1342

1343

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=54045">54045</a>: Make sure getMembers() returns available member when

1344

TcpFailureDetector works in static cluster. (kfujino)

1345

</td></tr>

1346

</table>

1347

</blockquote></td></tr></table>

1348

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.32 (markt)"></a><a name="Tomcat_7.0.32_(markt)"><strong>Tomcat 7.0.32 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>2012-10-09</strong></font></td></tr><tr><td colspan="2"><blockquote>

1349

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.32 (markt)/Catalina"></a><a name="Tomcat_7.0.32_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1350

1351

1352

Revert multiple operation support for the <code>JMXProxyServlet</code>

1353

pending further discussion. (schultz)

1354

</td></tr>

1355

1356

CVE-2012-4431: Fix bypass of <code>CsrfPreventionFilter</code> when

1357

there is no session. Improve session management in the filter.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

1362

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.32 (markt)/Web applications"></a><a name="Tomcat_7.0.32_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1363

1364

1365

Correct the couple of broken links in the Tomcat Javadoc. (markt)

1366

</td></tr>

1367

</table>

1368

</blockquote></td></tr></table>

1369

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.32 (markt)/Other"></a><a name="Tomcat_7.0.32_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

1370

1371

1372

Update optional Checkstyle library to 5.6. (kkolinko)

1373

</td></tr>

1374

</table>

1375

</blockquote></td></tr></table>

1376

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.31 (markt)"></a><a name="Tomcat_7.0.31_(markt)"><strong>Tomcat 7.0.31 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

1377

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.31 (markt)/Catalina"></a><a name="Tomcat_7.0.31_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1378

1379

1380

Add one library from JDK 7 to the value of <code>jarsToSkip</code>

1381

property in the <code>catalina.properties</code> file. (kkolinko)

1382

</td></tr>

1383

1384

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52777">52777</a>: Add an option to automatically remove old, unused

1385

versions (ones where there are no longer any active sessions) of

1386

applications deployed using parallel deployment. (markt)

1387

</td></tr>

1388

1389

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53828">53828</a>: Use correct status code when closing a WebSocket

1390

connection normally in response to a close frame from a client. (markt)

1391

</td></tr>

1392

1393

<code>JMXProxyServlet</code> now allows multiple operation commands like

1394

<code>invokeAndSet</code>, <code>invokeAndGet</code>,

1395

etc. (schultz) <em>Note</em>: reverted in 7.0.32.

1396

</td></tr>

1397

1398

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53843">53843</a>: <code>request.isAsyncStarted()</code> must continue to

1399

return true until the dispatch actually happens (which at the earliest

1400

isn't until the thread where <code>startAsync()</code> was called

1401

returns to the container). (markt)

1402

</td></tr>

1403

1404

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53863">53863</a>: Ensure the the implicit servlets (JSP and default) are

1405

marked as override-able when using embedded mode. (markt)

1406

</td></tr>

1407

1408

When the <code>DefaultServlet</code> is under heavy load, the HTTP

1409

header parser added to address <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52811">52811</a> generates large amounts

1410

of garbage and uses significant CPU time. A cache has been added that

1411

significantly reduces the overhead of this parser. (markt)

1412

</td></tr>

1413

1414

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53854">53854</a>: Make directory listings work correctly when aliases

are used. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

1419

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.31 (markt)/Jasper"></a><a name="Tomcat_7.0.31_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

1420

1421

1422

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53713">53713</a>: Performance improvement of up to four times faster

1423

parsing of JSP pages. Patch provided by Sheldon Shao. (markt)

1424

</td></tr>

1425

</table>

1426

</blockquote></td></tr></table>

1427

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.31 (markt)/Cluster"></a><a name="Tomcat_7.0.31_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1428

1429

1430

Make the cluster members and the cluster deployer associated with the

1431

cluster accessible via JMX. (markt)

1432

</td></tr>

1433

1434

Fix a behavior of TcpPingInterceptor#useThread. If set to false, ping

1435

thread is never started. (kfujino)

1436

</td></tr>

1437

</table>

1438

</blockquote></td></tr></table>

1439

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.31 (markt)/Web applications"></a><a name="Tomcat_7.0.31_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1440

1441

1442

Improve the documentation web application to clarify the difference

1443

between the tag and version parameters when using text interface of the

1444

Manager web application. (markt)

1445

</td></tr>

1446

1447

Make sessions saved in the <code>Store</code> associated with a

1448

<code>Manager</code> that extends <code>PersistentManager</code>

1449

optionally visible (via the showProxySessions Servlet initialisation

1450

parameter in web.xml) to the Manager web application. (markt)

1451

</td></tr>

1452

</table>

1453

</blockquote></td></tr></table>

1454

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.30 (markt)"></a><a name="Tomcat_7.0.30_(markt)"><strong>Tomcat 7.0.30 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2012-09-06</strong></font></td></tr><tr><td colspan="2"><blockquote>

1455

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.30 (markt)/Catalina"></a><a name="Tomcat_7.0.30_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1456

1457

1458

Automatically delete temporary files used by Servlet 3.0 file

1459

upload (for parts which size is greater than

1460

<code>file-size-threshold</code> option in web.xml)

1461

when request processing completes. (kkolinko)

1462

</td></tr>

1463

1464

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53071">53071</a>: This additional fix for this issue improves the

1465

formatting of Jasper errors (or any exceptions that use a multi-line

1466

message) with the <code>ErrorReportValve</code>. (markt)

1467

</td></tr>

1468

1469

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53469">53469</a>: If a URL passed to

1470

<code>javax.servlet.http.HttpServletResponse.encodeURL()</code> cannot

1471

be made absolute, never encode it and return it unchanged. Previously,

1472

the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53062">53062</a> meant than an

1473

<code>IllegalArgumentException</code> was thrown. (markt)

1474

</td></tr>

1475

1476

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53481">53481</a>: Added support for SSLHonorCipherOrder to allow

1477

the server to impose its cipher order on the client. Based on a patch

1478

provided by Marcel Šebek. This feature requires

1479

Tomcat Native 1.1.25 or later. (schultz)

1480

</td></tr>

1481

1482

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53498">53498</a>: Fix atomicity bugs in use of concurrent collections.

1483

Based on a patch by Yu Lin. (markt)

1484

</td></tr>

1485

1486

Correct a regression in the previous fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53062">53062</a> that did

1487

not always correctly normalize redirect URLs when the redirect URL

1488

included a query string or fragment component. (markt)

1489

</td></tr>

1490

1491

Add missing getter and setter for <code>roleSearchAsUser</code> option

1492

on JNDI Realm. (markt)

1493

</td></tr>

1494

1495

Add some HTTP status codes registered at IANA. (rjung)

1496

</td></tr>

1497

1498

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53531">53531</a>: Fix ExpandWar.expand to check the return value of

1499

File.mkdir and File.mkdirs. (schultz)

1500

</td></tr>

1501

1502

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53535">53535</a>: Reduce memory footprint when performing class scanning

1503

on Context start. Patch provided by Cedomir Igaly. (markt)

1504

</td></tr>

1505

1506

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53541">53541</a>: Fix JAR scanning when WEB-INF/lib is provided via

1507

VirtualDirContext. Patch provided by Philip Zuev. (markt)

1508

</td></tr>

1509

1510

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53574">53574</a>: Ensure Servlets defined using jsp-file are available

1511

when metadata-complete is true. (markt)

1512

</td></tr>

1513

1514

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53584">53584</a>: Ignore path parameters when comparing URIs for FORM

1515

authentication. This prevents users being prompted twice for passwords

1516

when logging in when session IDs are being encoded as path parameters.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53623">53623</a>: When performing a asynchronous dispatch after series

1521

of forwards, ensure that the request properties are correct for the

1522

request at each stage. (markt)

1523

</td></tr>

1524

1525

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53624">53624</a>: Ensure that

1526

<code>HttpServletResponse.sendRedirect()</code> works when called after

1527

a dispatch from an <code>AsyncContext</code>. (markt)

1528

</td></tr>

1529

1530

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53641">53641</a>: Correct name of HTTP header used in WebSocket

1531

handshake for listing the preferred protocols. (markt)

1532

</td></tr>

1533

1534

Document the constants that were added to the

1535

<code>RequestDispatcher</code> interface in Servlet 3.0. (kkolinko)

1536

</td></tr>

1537

1538

Ensure custom error pages are not truncated if the page that triggered

1539

the error set a content length header. (markt)

1540

</td></tr>

1541

1542

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53677">53677</a>: Ensure that a 500 response rather than no response is

1543

returned if the HTTP headers exceed the size limit. (markt)

1544

</td></tr>

1545

1546

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53702">53702</a>: When merging web.xml fragments, allow for

1547

<code><jsp-property-group></code> elements having multiple

1548

<code><url-pattern></code> elements. (markt)

1549

</td></tr>

1550

1551

Always make the resulting web.xml available even if metadata-complete is

true. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53714">53714</a>: Provide separate system properties to control which

1556

JARs are excluded from which scans when using the JarScanner. This

1557

allows JARs to be excluded from all scans or only from TLD scanning

1558

and/or Servlet 3.0 pluggability scanning. (markt)

1559

</td></tr>

1560

1561

Add several JDK libraries to the value of <code>jarsToSkip</code>

1562

property in the <code>catalina.properties</code> file. (markt, kkolinko)

1563

</td></tr>

1564

1565

Fix typos etc. in the code that logs merged web.xml (as enabled by

1566

<code>logEffectiveWebXml</code> option on Context). (kkolinko)

1567

</td></tr>

1568

1569

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53758">53758</a>: When adding filters via

1570

<code>FilterRegistration.Dynamic</code> the filters were added at the

1571

wrong point because the <code>isMatchAfter </code> logic was inverted.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53783">53783</a>: Correctly handle JARs generated by tools that do not

1576

create specific entries for directories. Patch provided by Violeta

Georgieva. (markt)

</td></tr>

Improvements to DIGEST authenticator including the disabling caching of

1581

authenticated user in session by default, tracking server rather than

1582

client nonces and better handling of stale nonce values. (markt)

1583

</td></tr>

1584

1585

Improve performance of DIGEST authenticator for concurrent requests.

(markt)

</td></tr>

CVE-2012-3546: Fix bypass of security constraint checks with FORM

1590

authentication. Remove unneeded processing in <code>RealmBase</code>.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53800">53800</a>: <code>FileDirContext.list()</code> did not provide

1595

correct paths for subdirectories. Patch provided by Kevin Wooten.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53801">53801</a>: Overlapping URL patterns were sometimes merged

1600

incorrectly in security constraints leading to incorrect 401 responses.

1601

Note: it was possible for access to be denied when it should have been

1602

granted but it was not possible for access to be granted when it should

1603

have been denied. (markt)

1604

</td></tr>

1605

</table>

1606

</blockquote></td></tr></table>

1607

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.30 (markt)/Coyote"></a><a name="Tomcat_7.0.30_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1608

1609

1610

Remove the <code>socket.soTrafficClass</code> from the BIO and NIO

1611

HTTP and AJP connectors because any use of the option is either ignored

1612

or in some cases (Java 7 with NIO) throws an Exception. (mark)

1613

</td></tr>

1614

1615

Prevent possible NPE when processing Comet requests during Connector

shutdown. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=42181">42181</a>: Better handling of edge conditions in chunk header

1620

processing. (kkolinko)

1621

</td></tr>

1622

1623

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53697">53697</a>: Correct a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51881">51881</a>

1624

that mean that in some circumstances the <code>comet</code> flag was not

1625

reset on <code>HttpAprProcessor</code> instances. This caused problems

1626

when the Processor was re-used for a new connection that would trigger a

1627

<code>NullPointerException</code> and could result in a JVM crash.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53725">53725</a>: Fix possible corruption of GZIP'd output.

(markt/kkolinko)

</td></tr>

Better parsing of line-terminators for requests using chunked encoding.

(markt)

</td></tr>

Further improvements to handling of Comet END events when the connector

is stopped. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

1644

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.30 (markt)/Jasper"></a><a name="Tomcat_7.0.30_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

1645

1646

1647

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53545">53545</a>: Ensure buffered data is cleared when using a

1648

jsp:forward action inside a classic custom tag. (markt)

1649

</td></tr>

1650

1651

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53654">53654</a>: Support <code>file://</code> URLs for JSP

1652

dependencies. Patch provided by Viola Lu. (markt)

1653

</td></tr>

1654

1655

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53792">53792</a>: Support <code>MethodExpression</code>s that include a

1656

method invocation that is not at the end of the expression. (markt)

1657

</td></tr>

1658

</table>

1659

</blockquote></td></tr></table>

1660

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.30 (markt)/Cluster"></a><a name="Tomcat_7.0.30_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

1661

1662

1663

Fix an issue when running under Java 7 which throws exceptions when

1664

trying to set an invalid option whereas Java 6 silently swallowed them.

1665

The option using the problem was <code>soTrafficClass</code>.

1666

Investigations showed that this option had no effect for Cluster Channel

1667

Receivers so it was removed. (markt)

1668

</td></tr>

1669

1670

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53513">53513</a>: Fix race condition between the processing of session

1671

sync message and transfer complete message. (kfujino)

1672

</td></tr>

1673

</table>

1674

</blockquote></td></tr></table>

1675

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.30 (markt)/Web applications"></a><a name="Tomcat_7.0.30_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1676

1677

1678

Update JSTL version information in the JNDI section of the documentation

1679

web application. (markt)

1680

</td></tr>

1681

1682

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53524">53524</a>: Correct a typo in the cluster how-to section of the

1683

documentation web application. Also fix a handful of spelling errors.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53601">53601</a>: Clarify in documentation that building Apache Tomcat 7

1688

from sources requires a Java 6 JDK. (kkolinko)

1689

</td></tr>

1690

1691

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53653">53653</a>: Allow for wrapped source code example in

1692

config/context.html. Patch provided by Terence Bandoian. (schultz)

1693

</td></tr>

1694

1695

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53793">53793</a>: Change links on the list of applications in the

1696

Manager to point to '/appname/' instead of '/appname'. (kkolinko)

1697

</td></tr>

1698

</table>

1699

</blockquote></td></tr></table>

1700

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.30 (markt)/Tribes"></a><a name="Tomcat_7.0.30_(markt)/Tribes"><strong>Tribes</strong></a></font></td></tr><tr><td><blockquote>

1701

1702

1703

Avoid potential NPE identified by Find Bugs in

1704

<code>org.apache.catalina.tribes.io.ReplicationStream</code>. (markt)

1705

</td></tr>

1706

1707

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53606">53606</a>: Fix potential NPE in <code>TcpPingInterceptor</code>.

1708

Based on a patch by F. Arnoud. (markt)

1709

</td></tr>

1710

1711

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53607">53607</a>: To avoid NPE, set TCP PING data to ChannelMessage.

1712

Patch provided by F.Arnoud (kfujino)

1713

</td></tr>

1714

</table>

1715

</blockquote></td></tr></table>

1716

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.30 (markt)/Other"></a><a name="Tomcat_7.0.30_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

1717

1718

1719

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53701">53701</a>: Javadoc fixes. Patch provided by sebb. (markt)

1720

</td></tr>

1721

1722

Remove some unused code from Tomcat's package renamed, cut-down

1723

copy of Commons BCEL used for annotation scanning. (markt)

1724

</td></tr>

1725

1726

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53735">53735</a>: Add support for Java 7 byte code to Tomcat's

1727

package renamed, cut-down copy of Commons BCEL used for annotation

scanning. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

1732

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.29 (markt)"></a><a name="Tomcat_7.0.29_(markt)"><strong>Tomcat 7.0.29 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2012-07-08</strong></font></td></tr><tr><td colspan="2"><blockquote>

1733

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.29 (markt)/Catalina"></a><a name="Tomcat_7.0.29_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1734

1735

1736

Add support for searching for roles in JNDI/LDAP

1737

using another value than the actual DN or username specified.

1738

Rather it will use a value from the users directory entry.

1739

The new attribute introduced to the JNDIRealm is userRoleAttribute

(fhanik)

</td></tr>

Fix checking of recommended tcnative library version when using the APR

connector. (rjung)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50306">50306</a>: Improve StuckThreadDetectionValve: add

1748

stuckThreadNames property as a pair for the stuckThreadIds one,

1749

add thread ids to the log messages. (kkolinko)

1750

</td></tr>

1751

1752

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52135">52135</a>: Add support for a default error page to be defined in

1753

web.xml by defining an error page with just a nested location element.

1754

It appears this feature was intended to be included in the Servlet 3.0

1755

specification but was accidently left out. (markt)

1756

</td></tr>

1757

1758

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53450">53450</a>: Correct regression in fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52999">52999</a> that

1759

could easily trigger a deadlock when deploying a ROOT web application.

(markt)

</td></tr>

As per section 1.6.2 of the Servlet 3.0 specification and clarification

1764

from the Servlet Expert Group, the servlet specification version

1765

declared in web.xml no longer controls if Tomcat scans for annotations.

1766

Annotation scanning is now always performed - regardless of the version

1767

declared in web.xml - unless metadata complete is set to true. (markt)

1768

</td></tr>

1769

1770

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53619">53619</a>: As per clarification from the Servlet Expert Group,

1771

JARs will always be scanned for ServletContainerInitializers regardless

1772

of the setting of metadata complete. However, if an absolute ordering is

1773

specified and a JAR is excluded from that ordering it will not be

1774

scanned for ServletContainerInitializers nor will it be scanned for

1775

matches to any HandleTypes annotations. (markt)

1776

</td></tr>

1777

1778

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53465">53465</a>: Populate mapped-name property for resources defined in

1779

web.xml. Based on a patch by Violeta Georgieva. (markt)

1780

</td></tr>

1781

1782

Make the request available when establishing a WebSocket connection.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53467">53467</a>: Correct a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53257">53257</a>

1787

that introduced problems for JSPs that used characters that must be

1788

encoded if used in a URI. (markt)

1789

</td></tr>

1790

</table>

1791

</blockquote></td></tr></table>

1792

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.29 (markt)/Coyote"></a><a name="Tomcat_7.0.29_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

1793

1794

1795

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53430">53430</a>: Avoid a JVM crash when a connector that requires the

1796

APR/native library is explicitly specified and the library, or a recent

1797

enough version of it, is not available. (markt)

1798

</td></tr>

1799

</table>

1800

</blockquote></td></tr></table>

1801

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.29 (markt)/Jasper"></a><a name="Tomcat_7.0.29_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

1802

1803

1804

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53421">53421</a>: Provide a more helpful error message if a getter or

1805

setter cannot be found for a bean property when using expression

language. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53460">53460</a>: Allow container to handle errors if the creation of the

1810

PageContext fails rather than swallowing the error. (markt)

1811

</td></tr>

1812

</table>

1813

</blockquote></td></tr></table>

1814

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.29 (markt)/Web applications"></a><a name="Tomcat_7.0.29_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

1815

1816

1817

Update the WebSocket examples in the examples web application so that

1818

they work with secure connections (wss) as well as non-secure (ws)

connections. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53456">53456</a>: Minor corrections and improvements to the HTTP

1823

connector configuration reference. Patch provided by sebb. (markt)

1824

</td></tr>

1825

1826

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53459">53459</a>: Correction and clarifications to the SSL Connector

1827

configuration examples in the SSL how-to. (markt)

1828

</td></tr>

1829

1830

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53464">53464</a>: Correct reference to sample init.d script for use with

1831

jsvc in the documentation web application. (markt)

1832

</td></tr>

1833

1834

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53473">53473</a>: Correct the allowed values for the SSI option

1835

<code>isVirtualWebappRelative</code> which are <code>true</code> or

1836

<code>false</code>. (markt)

1837

</td></tr>

1838

1839

Document <code>roleNested</code> property of <code>JNDIRealm</code>

1840

in Configuration Reference. (kkolinko)

1841

</td></tr>

1842

</table>

1843

</blockquote></td></tr></table>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53445">53445</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1354173">r1354173</a>):

1848

Allow configurable name for SlowQueryReportJmx (fhanik)

1849

</td></tr>

1850

1851

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53416">53416</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1354641">r1354641</a>):

1852

Multiple pools with the same name should register under JMX (fhanik)

1853

</td></tr>

1854

</table>

1855

</blockquote></td></tr></table>

1856

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.29 (markt)/Other"></a><a name="Tomcat_7.0.29_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

1857

1858

1859

Fix cleanup of temporary files in <code>TestNamingContext</code> test.

(kkolinko)

</td></tr>

Remove a few files from the source distribution that are not required

1864

since they are copied / generated during the build. (markt)

1865

</td></tr>

1866

1867

Add manifest files to the set of files for which the line-ending is

1868

changed to match the OS defaults in the source distributions. (markt)

1869

</td></tr>

1870

1871

Align Jk Ant tasks definitions between antlib.xml and catalina.tasks

1872

files, introducing <code>jkupdate</code> as synonym for

1873

<code>jkstatus</code>. The latter one is deprecated.

1874

Simplify <code>bin/catalina-tasks.xml</code>, replacing

1875

<code>taskdef</code> with <code>typedef</code> and adding Ant condition

1876

implementations used with JMX to <code>jmxaccessor.tasks</code> file.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53454">53454</a>: Return correct content-length header for HEAD requests

1881

when content length is greater than 2GB. (markt)

1882

</td></tr>

1883

</table>

1884

</blockquote></td></tr></table>

1885

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.28 (markt)"></a><a name="Tomcat_7.0.28_(markt)"><strong>Tomcat 7.0.28 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2012-06-19</strong></font></td></tr><tr><td colspan="2"><blockquote>

1886

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.28 (markt)/Catalina"></a><a name="Tomcat_7.0.28_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

1887

1888

1889

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a>: An additional fix to ensure that the

1890

ChunkedInputFilter is correctly recycled. (markt)

1891

</td></tr>

1892

1893

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52954">52954</a>: Make DIGEST authentication tolerant of clients (mainly

1894

older Android implementations) that do not follow RFC 2617 exactly.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52955">52955</a>: Implement custom thread factory for container

1899

start-stop thread pool. It allows to use daemon threads and give

1900

them more distinct names. (kfujino)

1901

</td></tr>

1902

1903

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52999">52999</a>: Remove synchronization bottleneck from the firing of

1904

<code>Container</code> events. (markt)

1905

</td></tr>

1906

1907

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53008">53008</a>: Additional test cases for BASIC authentication and

1908

RFC2617 compliance. Patch provided by Brian Burch. (markt)

1909

</td></tr>

1910

1911

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53021">53021</a>: Correct WebSocket protocol version detection. (pero)

1912

</td></tr>

1913

1914

Add new attributes of <code>allow</code> and <code>deny</code> to

1915

UserConfig. (kfujino)

1916

</td></tr>

1917

1918

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53024">53024</a>: Fix context reloading so requests received during the

1919

reload are paused and processed when reloading completes rather than

1920

receiving 404 responses. (markt)

1921

</td></tr>

1922

1923

Improve the handling of watched resources so that changes trigger a

1924

reload rather than a stop followed by a start which allows requests

1925

received to be paused and processed when reloading completes rather than

1926

receiving 404 responses. (markt)

1927

</td></tr>

1928

1929

Remove potential bottleneck on creation of new WebSocket connections.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53047">53047</a>: If a JDBC Realm or DataSource Realm is configured for

1934

an all roles mode that only requires authorization (and no roles) and no

1935

role table or column is defined, don't populate the Principal's roles.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53056">53056</a>: Add APR version number to tcnative version INFO log

message. (schultz)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53057">53057</a>: Add OpenSSL version number INFO log message when

1944

initializing. (schultz)

1945

</td></tr>

1946

1947

Save a bit of memory in annotations cache in

1948

<code>DefaultInstanceManager</code> by trimming annotation lists

1949

to their size. (kkolinko)

1950

</td></tr>

1951

1952

Correctly configure the parser used to process server.xml so that

1953

external entities may be used to include the content of external files

1954

into server.xml. (markt)

1955

</td></tr>

1956

1957

Make sure ContextMBean#findFilterDefs returns correct filter

1958

definitions. (kfujino)

1959

</td></tr>

1960

1961

Ensure that <code>maxParameterCount</code> applies to multi-part

1962

requests handled via the Servlet 3 file upload API. (markt)

1963

</td></tr>

1964

1965

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53062">53062</a>: When constructing absolute URLs for redirects from

1966

relative URLs ensure that the resulting URLs are normalized. (markt)

1967

</td></tr>

1968

1969

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53067">53067</a>: Ensure the WebSocket Servlet continues to work when

1970

requests are wrapped. (markt)

1971

</td></tr>

1972

1973

Enable host's xmlBase attribute in ContextConfig. (kfujino)

1974

</td></tr>

1975

1976

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53071">53071</a>: Use the message from the throwable (if there is one)

1977

when generating the report in the <code>ErrorReportValve</code> and no

1978

message has been specified via <code>sendError()</code>. (markt)

1979

</td></tr>

1980

1981

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53074">53074</a>: Switch to an infinite socket timeout by default for

1982

WebSocket connections. (markt)

1983

</td></tr>

1984

1985

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53081">53081</a>: Do not always cache resources loaded by the web

1986

application class loader since they may be very large which in turn

1987

could trigger a memory leak. Calls to the web application class

1988

loader's <code>getResourceAsStream()</code> method will now access

1989

the resource directly rather than via the cache in most cases. (markt)

1990

</td></tr>

1991

1992

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53090">53090</a>: Include superclasses when considering injection

1993

targets. Patch provided by Borislav Kapukaranov. (markt)

1994

</td></tr>

1995

1996

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53161">53161</a>: Provide a better error message if a

1997

<code>ClassFormatException</code> occurs during annotation scanning and

1998

do not prevent the web application from starting in this case. (markt)

1999

</td></tr>

2000

2001

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53180">53180</a>: Improve check for setter method when processing

2002

annotations. Patch provided by Violeta Georgieva. (markt)

2003

</td></tr>

2004

2005

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53225">53225</a>: Fix an IllegalStateException due to the JAR file being

2006

closed when accessing static resources in a JAR file when

2007

<code>urlCacheProtection="false"</code> in the

2008

<code>JreMemoryLeakPreventionListener</code>. (markt)

2009

</td></tr>

2010

2011

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53230">53230</a>: Changed ManagerBase to throw

2012

TooManyActiveSessionsException instead of IllegalStateException

2013

when the maximum number of sessions has been exceeded and a new

2014

session will not be created. (schultz)

2015

</td></tr>

2016

2017

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53257">53257</a>: Ensure that resources, including JSP files, that have

2018

names that include characters with special meanings in URLs (such as

2019

ampersand, semicolon, plus, hash and percent) are correctly handled.

2020

This bug is partially a regression caused by the original fix for

2021

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51584">51584</a> and partially an existing issue that had not previously

2022

been identified. This fix reverts the original fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51584">51584</a>,

2023

correctly fixes that issue and fixes the additional issues identified by

2024

the test cases that were also added as part of this fix.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53266">53266</a>: If a class specified in a <code>@HandlesTypes</code>

2029

annotation on a <code>ServletContainerInitializer</code> is missing

2030

log a more helpful message and do not prevent the web application from

starting. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53267">53267</a>: Ensure that using the GC Daemon Protection feature of

2035

the <code>JreMemoryLeakPreventionListener</code> does not trigger a

2036

full GC every hour. (markt)

2037

</td></tr>

2038

2039

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53285">53285</a>: Do not require <code>security-role-ref</code> elements

2040

to contain a <code>role-link</code> element. (markt)

2041

</td></tr>

2042

2043

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53301">53301</a>: Prevent double initialization of pre-created Servlet

2044

instances when used in embedded mode. (markt)

2045

</td></tr>

2046

2047

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53322">53322</a>: When processing resource injection, correctly infer

2048

property name from its setter method if the name starts with several

2049

uppercase characters. (kkolinko)

2050

</td></tr>

2051

2052

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53333">53333</a>: When processing JNDI resources, take account of the

2053

types of any specified injection targets to ensure that the resource

2054

definition and the injection target types are consistent. Based on a

2055

patch provided by Violeta Georgieva. (markt)

2056

</td></tr>

2057

2058

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53337">53337</a>: Forwarding via a <code>RequestDispatcher</code> to an

2059

asynchronous Servlet always failed. Includes a test case based on code

2060

by Rossen Stoyanchev. (markt)

2061

</td></tr>

2062

2063

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53339">53339</a>: Ensure WebSocket call backs (<code>onOpen</code> etc.)

2064

are called using the web application's class loader. (markt)

2065

</td></tr>

2066

2067

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53342">53342</a>: To avoid BindException, make startStopThreads into a

2068

demon thread. (kfujino)

2069

</td></tr>

2070

2071

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53353">53353</a>: Make the internal HTTP header parser more tolerant of

2072

Content-Type values that contain invalid parameters by ignoring the

2073

invalid parameters. It is a followup to bug <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52811">52811</a>. (markt)

2074

</td></tr>

2075

2076

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53354">53354</a>: Correctly handle <code>@WebFilter</code> annotations

2077

that do not include a mapping. (markt)

2078

</td></tr>

2079

2080

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53356">53356</a>: Add support for servlets mapped explicitly to the

2081

context root of a web application. (markt)

2082

</td></tr>

2083

2084

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53366">53366</a>: Ensure new HTTP header parser works correctly when

2085

running Tomcat under a security manager. (markt/kkolinko)

2086

</td></tr>

2087

2088

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53368">53368</a>: Configure the default security policy to allow web

2089

applications to use WebSocket when running under a security manager.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53373">53373</a>: Allow whitespace around delimiters in <Context>

2094

aliases for readability. (schultz)

2095

</td></tr>

2096

</table>

2097

</blockquote></td></tr></table>

2098

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.28 (markt)/Coyote"></a><a name="Tomcat_7.0.28_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2099

2100

2101

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52858">52858</a>, CVE-2012-4534: Correct fix for high CPU load.

(fhanik)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53138">53138</a>: Broken Sendfile on SSL introduced in 7.0.27

(fhanik)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a>: Additional fix required to ensure that

2110

<code>InputFilter</code>s are recycled between requests. (markt)

2111

</td></tr>

2112

2113

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53061">53061</a>: Fix a problem in the NIO connector whereby if the

2114

poller was under low but consistent load (>1 request/per second and

2115

always less than 1 second between requests) timeouts never took place.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53063">53063</a>: When using an Executor with BIO, use the

2120

executor's maxThreads as the default for maxConnections. (markt)

2121

</td></tr>

2122

2123

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53119">53119</a>: Prevent buffer overflow errors being reported when a

2124

client disconnects before the response has been fully written from an

2125

AJP connection using the APR/native connector. (markt)

2126

</td></tr>

2127

2128

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53169">53169</a>: Allow developers to avoid chunked encoding for a

2129

response of unknown length by setting the <code>Connection: close</code>

2130

header. Based on a patch suggested by Philippe Marschall. (markt)

2131

</td></tr>

2132

2133

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53173">53173</a>: Properly count down maxConnections (fhanik)

2134

</td></tr>

2135

2136

Update default value of pollerThreadCount for the NIO connector.

2137

The new default value will never go above 2 regardless of

2138

available processors. (fhanik)

2139

</td></tr>

2140

2141

Allow to retrieve the current <code>connectionCount</code>

2142

via getter from the endpoint and as JMX attribute of the ThreadPool

mbean. (rjung)

</td></tr>

Correct an edge case where Comet END events were not send to connected

2147

clients when the Tomcat connector was stopped. (markt)

2148

</td></tr>

2149

2150

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53406">53406</a>: Fix possible stack overflow on connection close when

2151

using Comet. (fhanik)

2152

</td></tr>

2153

2154

Improve <code>InternalNioInputBuffer.parseHeaders()</code>. (kkolinko)

2155

</td></tr>

2156

2157

Implement <code>maxHeaderCount</code> attribute on Connector.

2158

It is equivalent of LimitRequestFields directive of

2159

<a href="http://httpd.apache.org/">Apache HTTPD</a>.

2160

Default value is 100. (kkolinko)

2161

</td></tr>

2162

</table>

2163

</blockquote></td></tr></table>

2164

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.28 (markt)/Jasper"></a><a name="Tomcat_7.0.28_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2165

2166

2167

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48097#c7">48097#c7</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53366#c1">53366#c1</a>: If JSP page unexpectedly

2168

fails to initialize PageContext instance, write exception to the logs

2169

instead of silent swallowing. (kkolinko)

2170

</td></tr>

2171

2172

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53032">53032</a>: Modify <code>JspC</code> so it extends

2173

<code>org.apache.tools.ant.Task</code> enabling it to work with features

2174

such as namespaces within build.xml files. (markt)

2175

</td></tr>

2176

</table>

2177

</blockquote></td></tr></table>

2178

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.28 (markt)/Cluster"></a><a name="Tomcat_7.0.28_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

2179

2180

2181

Avoid NPE when reload if a state of a BackupManager is FAILED. (kfujino)

2182

</td></tr>

2183

2184

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53087">53087</a>: In order to avoid that a backup node expire a session,

2185

replicate session access time in BackupManager. (kfujino)

2186

</td></tr>

2187

2188

Add support for SecureRandom to cluster manager template. (kfujino)

2189

</td></tr>

2190

</table>

2191

</blockquote></td></tr></table>

2192

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.28 (markt)/Web applications"></a><a name="Tomcat_7.0.28_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2193

2194

2195

Remove obsolete bug warning from Windows service

2196

documentation page. (rjung)

2197

</td></tr>

2198

2199

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50182">50182</a>: Various improvements to the Compression Filter. Patch

2200

provided by David Becker. (markt)

2201

</td></tr>

2202

2203

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52853">52853</a>: Clarify how Jar Scanner handles directories. (markt)

2204

</td></tr>

2205

2206

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53158">53158</a>: Fix documented defaults for DBCP.

2207

Patch provided by ph.dezanneau at gmail.com. (rjung)

2208

</td></tr>

2209

2210

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53203">53203</a>: Correct documentation for the default value

2211

of <code>connectionTimeout</code> attribute for AJP protocol

2212

connectors. (kkolinko)

2213

</td></tr>

2214

2215

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53289">53289</a>: Clarify <code>ResourceLink</code> example that

2216

uses DataSource.getConnection(username, password) method. Not all

2217

data source implementations support it. (kkolinko)

2218

</td></tr>

2219

2220

Fix several HTML markup errors in servlets of examples web application.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53398">53398</a>: Correct spelling of "received" in the

2225

Manager application's XML output. (markt)

2226

</td></tr>

2227

2228

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53403">53403</a>: Update a reference to the Servlet specification in the

2229

first web applciation section of the documentation web application to

2230

include newer versions of the specificarion. (markt)

2231

</td></tr>

2232

</table>

2233

</blockquote></td></tr></table>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50864">50864</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1311844">r1311844</a>):

2238

JMX enable most pool properties (fhanik)

2239

</td></tr>

2240

2241

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53254">53254</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1340160">r1340160</a>):

2242

Add in the ability to purge connections from the pool (fhanik)

2243

</td></tr>

2244

2245

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53367">53367</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1346691">r1346691</a>):

2246

Prevent pool from hanging during database failure (fhanik)

2247

</td></tr>

2248

2249

When a connection is reconnected due to failed validation

2250

make sure the ConnectionState is reset or it will assume

2251

incorrect values (fhanik)

2252

</td></tr>

2253

2254

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53374">53374</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1348056">r1348056</a>):

2255

Add support for the following properties in DataSourceFactory:

2256

<code>commitOnReturn</code>, <code>rollbackOnReturn</code>,

2257

<code>useDisposableConnectionFacade</code>,

2258

<code>logValidationErrors</code> and

2259

<code>propagateInterruptState</code>.

2260

Based on patch proposed by Suresh Avadhanula. (kkolinko)

2261

</td></tr>

2262

</table>

2263

</blockquote></td></tr></table>

2264

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.28 (markt)/Other"></a><a name="Tomcat_7.0.28_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2265

2266

2267

Update to Eclipse JDT Compiler 3.7.2 at maven tomcat-jasper.pom. (pero)

2268

</td></tr>

2269

2270

Update the native component of the Tomcat APR/native connector to

1.1.24. (markt)

</td></tr>

Add missing dependencies in pom files. (markt)

2275

</td></tr>

2276

2277

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53034">53034</a>: Add <code>project.url</code> and

2278

<code>project.licenses</code> sections to the POMs for the Maven

artifacts. (markt)

</td></tr>

Properly mention <code>jsp_2_2.xsd</code> in the main LICENSE and

2283

INSTALLLICENSE files. (kkolinko)

2284

</td></tr>

2285

2286

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53115">53115</a>: Fix using the command "<code>catalina.bat run</code>"

2287

when the value of <code>%TEMP%</code> contains spaces. (kkolinko)

2288

</td></tr>

2289

2290

Add dependencies and description to "validate" target in

2291

<code>build.xml</code>, so that it could be run separately.

2292

Improve <code>BUILDING.txt</code> and <code>RUNNING.txt</code>.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2297

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.27 (markt)"></a><a name="Tomcat_7.0.27_(markt)"><strong>Tomcat 7.0.27 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2012-04-05</strong></font></td></tr><tr><td colspan="2"><blockquote>

2298

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.27 (markt)/Catalina"></a><a name="Tomcat_7.0.27_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2299

2300

2301

Explicitly ignore empty path values in <code>virtualClasspath</code>

2302

attribute of <code>VirtualWebappLoader</code> class. Document that

2303

whitespace around the values is trimmed. Reformat documentation

2304

examples to make them more readable. (kkolinko)

2305

</td></tr>

2306

2307

Further improve fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51197">51197</a> to allow an error reporting

2308

Valve to write a response body if <code>sendError()</code> is called

2309

during an asynchronous request on a container thread. (markt)

2310

</td></tr>

2311

2312

Correct fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51741">51741</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1307600">r1307600</a>):

2313

If <code>VirtualDirContext</code> class is configured with non-empty

2314

value of <code>extraResourcePaths</code> option (a feature added

2315

in 7.0.24), do not implicitly set <code>allowLinking</code> option to

2316

the value of <code>true</code>. If it is really needed, it should be

2317

set explicitly. (kkolinko)

2318

</td></tr>

2319

2320

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52500">52500</a>: Added configurable mechanism to retrieve user names

2321

from X509 client certificates. Based on a patch provided by

2322

Michael Furman. (schultz)

2323

</td></tr>

2324

2325

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52719">52719</a>: Fix a theoretical resource leak in the JAR validation

2326

that checks for non-permitted classes in web application JARs. (markt)

2327

</td></tr>

2328

2329

Code clean-up identified by <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52723">52723</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52724">52724</a>,

2330

2331

and <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52732">52732</a>. (markt)

2332

</td></tr>

2333

2334

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52792">52792</a>: Improve error message when a JNDI resource can not be

found. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52811">52811</a>: Fix parsing of Content-Type header in

2339

<code>HttpServletResponse.setContentType()</code>. Introduces

2340

a new HTTP header parser that follows RFC2616. (markt/kkolinko)

2341

</td></tr>

2342

2343

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52830">52830</a>: Correct JNDI lookups when using

2344

<code>javax.naming.Name</code> to identify the resource rather than a

2345

<code>java.lang.String</code>. (markt)

2346

</td></tr>

2347

2348

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52833">52833</a>: Handle the case where the parent class loader for the

2349

Catalina object does not have the system class loader in its hierarchy.

2350

This may happen when embedding. Patch provided by olamy. (markt)

2351

</td></tr>

2352

2353

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52839">52839</a>: Add a unit test for DigestAuthenticator and

2354

SingleSignOn. Patch provide by Brian Burch. (markt)

2355

</td></tr>

2356

2357

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52846">52846</a>: Make sure NonLoginAuthenticator registers not

2358

MemoryUser but GenericPrincipal into a session when UserDatabaseRealm

is used. (kfujino)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52850">52850</a>: Extend memory leak prevention and detection code to

2363

work with IBM as well as Oracle JVMs. Extend unit tests to check direct

2364

and indirect ThreadLocal memory leak detection. Based on a patch

2365

provided by Rohit Kelapure. (markt)

2366

</td></tr>

2367

2368

Add support for the WebSocket protocol (RFC6455). Both streaming and

2369

message based APIs are provided and the implementation currently fully

2370

passes the Autobahn test suite. Also included are several examples.

2371

A significant contribution to this new functionality was provided by

2372

Johno Crawford — particularly the examples. Contributions were

2373

also provided by Petr Praus, Jonathan Drake & Slávka. (markt)

2374

</td></tr>

2375

2376

When stopping a Context, ensure that any Servlets registered with JMX

2377

are unregistered. (markt)

2378

</td></tr>

2379

2380

Make the implementation of <code>Catalina.getParentClassLoader</code>

2381

consistent with similar methods across the code base and have it return

2382

the system class loader if no parent class loader is set. (markt)

2383

</td></tr>

2384

2385

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52953">52953</a>: Ensure users can authenticate when using DIGEST

2386

authentication with digested passwords if the digested password is

2387

stored using upper case hexadecimal characters since DIGEST

2388

authentication expects digests to use lower case characters. Based on a

2389

patch provided by Neale Rudd. (markt)

2390

</td></tr>

2391

2392

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52957">52957</a>: Ensure that a Valve implements Lifecycle before

2393

calling any Lifecycle methods on that Valve. (markt)

2394

</td></tr>

2395

2396

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52958">52958</a>: Fix MBean descriptors for

2397

<code>org.apache.catalina.realm</code> package. (markt)

2398

</td></tr>

2399

2400

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52974">52974</a>: Fix <code>NameNotFoundException</code> when

2401

field/method is annotated with <code>@Resource</code> annotation. Patch

2402

provided by Violet Agg. (markt)

2403

</td></tr>

2404

2405

Add support for multi-thread deployment in UserConfig. (kfujino)

2406

</td></tr>

2407

</table>

2408

</blockquote></td></tr></table>

2409

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.27 (markt)/Coyote"></a><a name="Tomcat_7.0.27_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2410

2411

2412

Correctly register NIO sockets with poller after processing Comet events

2413

to ensure that no read events are missed. This fixes an intermittent

2414

issue observed in the unit tests. (fhanik/markt)

2415

</td></tr>

2416

2417

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52770">52770</a>: Fix a bug in the highly unlikely circumstance that

2418

an infinite timeout was specified for writing data to a client when

using NIO. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52858">52858</a>: Fix high CPU load with SSL, NIO and sendfile when

2423

client breaks the connection before reading all the requested data.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52926">52926</a>: Avoid NPE when an NIO Comet connection times out on

2428

one thread at the same time as it is closed on another thread. (markt)

2429

</td></tr>

2430

2431

Include port number when known in connector name when logging messages

2432

from connectors that use automatic free port allocation. (markt)

2433

</td></tr>

2434

2435

Don't try an unlock the acceptor thread if it is not locked. This is

2436

unlikely to impact normal usage but it does fix some unit test issues.

(markt)

</td></tr>

When using the APR connector ensure that any connections in a keep-alive

2441

state are closed when the connector is stopped rather than when the

2442

connector is destroyed. This is important when stop() followed by

2443

start() is called on the connector. (markt)

2444

</td></tr>

2445

</table>

2446

</blockquote></td></tr></table>

2447

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.27 (markt)/Jasper"></a><a name="Tomcat_7.0.27_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2448

2449

2450

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52725">52725</a>: Use configurable package name for tags rather than

2451

hard-coded value so configuration actually works. (markt)

2452

</td></tr>

2453

2454

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52758">52758</a>: Implement additional interface methods in Eclipse JDT

2455

integration required for Jasper to correctly with the latest Eclipse

2456

development code. (markt)

2457

</td></tr>

2458

2459

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52772">52772</a>: Ensure uriRoot is fully validated before it is used.

2460

Patch based on a suggestion by Eugene Chung. (markt)

2461

</td></tr>

2462

2463

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52776">52776</a>: Refactor the code so JspFragment.invoke cleans up

2464

after itself. Patch provided by Karl von Randow. (markt)

2465

</td></tr>

2466

2467

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52970">52970</a>: Take account of coercion rules when invoking methods

via EL. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52998">52998</a>: Partial fix. Remove static references to the EL

2472

expression factory and use per web application references instead.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52998">52998</a>: Remainder of fix. Cache the class to use for the EL

2477

expression factory per class loader. (kkolinko)

2478

</td></tr>

2479

2480

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=53001">53001</a>: Revert the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46915">46915</a> since the use case

2481

described in the bug is invalid since it breaks the EL specification.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

2486

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.27 (markt)/Cluster"></a><a name="Tomcat_7.0.27_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

2487

2488

2489

Replicate principal in ClusterSingleSignOn. (kfujino)

2490

</td></tr>

2491

</table>

2492

</blockquote></td></tr></table>

2493

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.27 (markt)/Web applications"></a><a name="Tomcat_7.0.27_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2494

2495

2496

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52760">52760</a>: Fix expires filter mime type in javascript examples.

(rjung)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52842">52842</a>: Exception in MBeanDumper when dumping MBean for

2501

StandardThreadExecutor. (rjung)

2502

</td></tr>

2503

2504

Bring built-in mime types for embedded Tomcat more in line with the

2505

ones defined in the default web.xml configuration file. (rjung)

2506

</td></tr>

2507

2508

Add support to the JMXProxyServlet which is part of the Manager

2509

application for fetching a specific key from a

2510

<code>CompositeData</code> value. Updated documentation, so that

2511

the entire 'get' command for the JMX proxy servlet is documented,

2512

including the new optional 'key' parameter. (schultz/markt)

2513

</td></tr>

2514

</table>

2515

</blockquote></td></tr></table>

Pool cleaner thread should be created using the classloader

2520

that loaded the pool, not the context loader (fhanik)

2521

</td></tr>

2522

2523

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52804">52804</a>: Make pool properties serializable and cloneable.

(fhanik)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51237">51237</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1302902">r1302902</a>):

2528

Slow Query Report should log using WARN level when queries are slow

2529

and within the threshold of caching it. (fhanik)

2530

</td></tr>

2531

2532

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52002">52002</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1302948">r1302948</a>):

2533

Add in configuration option to disallow connection reuse.

2534

(<a href="http://svn.apache.org/viewvc?view=rev&rev=1305862">r1305862</a>):

2535

useDisposableConnectionFacade is by default enabled (fhanik)

2536

</td></tr>

2537

2538

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52493">52493</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1302969">r1302969</a>):

2539

Java 7 DataSource method addition. (fhanik)

2540

</td></tr>

2541

2542

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51893">51893</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1302990">r1302990</a>):

2543

Throw an error and notification when pool is exhausted. (fhanik)

2544

</td></tr>

2545

2546

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50860">50860</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1303031">r1303031</a>):

2547

Add in option to configure logging for validation errors. (fhanik)

2548

</td></tr>

2549

2550

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52066">52066</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1305931">r1305931</a>):

2551

Add in configuration option, progagateInterruptState, to allow threads to

2552

retain the interrupt state. (fhanik)

2553

</td></tr>

2554

</table>

2555

</blockquote></td></tr></table>

2556

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.27 (markt)/Other"></a><a name="Tomcat_7.0.27_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2557

2558

2559

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52750">52750</a>: Fix the way how daemon.sh parses command options so

2560

that more then one can be provided. (mturk)

2561

</td></tr>

2562

2563

Rearrange <code>validate-eoln</code> target in <code>build.xml</code>

2564

so that it could be run ahead of compilation. (kkolinko)

2565

</td></tr>

2566

2567

Update Apache Commons Daemon to 1.0.10. (mturk)

2568

</td></tr>

2569

2570

Update the native component of the Tomcat APR/native connector to

2571

1.1.23 and take advantage of the simplified distribution. (mturk)

2572

</td></tr>

2573

2574

Update to Eclipse JDT Compiler 3.7.2. (markt)

2575

</td></tr>

2576

</table>

2577

</blockquote></td></tr></table>

2578

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.26 (markt)"></a><a name="Tomcat_7.0.26_(markt)"><strong>Tomcat 7.0.26 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2012-02-21</strong></font></td></tr><tr><td colspan="2"><blockquote>

2579

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.26 (markt)/Catalina"></a><a name="Tomcat_7.0.26_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2580

2581

2582

Provide constants for commonly used <code>Charset</code> objects and use

2583

these constants where appropriate. (markt)

2584

</td></tr>

2585

2586

Refactor the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52184">52184</a> to correct two issues (a missing

2587

class and incorrect class/method names) when using the extras logging

packages. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52444">52444</a>: Only load classes during HandlesTypes processing if

2592

the class is a match. Previously, every class in the web application was

2593

loaded regardless of whether it was a match or not. (markt)

2594

</td></tr>

2595

2596

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52488">52488</a>: Correct typo: exipre -> expire. (markt)

2597

</td></tr>

2598

2599

Add a unit test for SSO authentication. Patch provided by Brian Burch.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52511">52511</a>: Correct regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51741">51741</a>

2604

that caused a harmless exception to be logged when scanning for

2605

annotations and <code>WEB-INF/classes</code> did not exist. (markt)

2606

</td></tr>

2607

2608

Refactor to remove a circular dependency between

2609

<code>org.apache.catalina</code> and <code>org.apache.naming</code>.

(markt)

</td></tr>

Remove some initialisation code from the standard start process (i.e.

2614

via the scripts) that was intended for embedding but is not required

2615

when performing a standard start.(markt)

2616

</td></tr>

2617

2618

Add new method to <code>MBeanFactory</code> that allows any Valve to be

2619

created and deprecate the methods to create specific Valves. (markt)

2620

</td></tr>

2621

2622

Partial sync of MIME type mapping with mime.types from the Apache web

server. (rjung)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52577">52577</a>: Fix a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52328">52328</a>.

2627

Prevent output truncation when <code>reset()</code> is called on a

response. (mark)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52586">52586</a>: Remove an old and now unnecessary hack that modified

2632

the path info reported via the

2633

<code>javax.servlet.forward.path_info</code> request attribute when

2634

forwarding to an error page. (markt)

2635

</td></tr>

2636

2637

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52587">52587</a>: Ensure that if it is necessary to fall back to the

2638

default NullRealm, the NullRealm instance is created early enough for it

2639

to be correctly initialised. (markt)

2640

</td></tr>

2641

2642

Fix millisecond output in AccessLogValve when using a

2643

SimpleDateFormat based time pattern. (rjung)

2644

</td></tr>

2645

2646

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52591">52591</a>: When dumping MBean data, skip attributes where getters

2647

throw <code>UnsupportedOperationException</code>. (markt)

2648

</td></tr>

2649

2650

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52607">52607</a>: Ensure that the extension validator checks the JARs in

2651

the shared and common class loaders for extensions. (markt)

2652

</td></tr>

2653

2654

Correct a threading issue in the generation of the list of standard

2655

authenticators during Context initialization that could lead to a web

2656

application failing to start if Contexts were started in parallel.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52669">52669</a>: Correct regression that broke annotation processing in

2661

<code>/WEB-INF/classes</code> for web applications deployed as WARs,

2662

packageless classes and some embedding scenarios. The regression was

2663

introduced by the invalid assumptions made in the fix for

2664

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51741">51741</a>. (markt)

2665

</td></tr>

2666

2667

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52671">52671</a>: When dumping MBean data, skip attributes where getters

2668

throw <code>NullPointerException</code>. (markt)

2669

</td></tr>

2670

</table>

2671

</blockquote></td></tr></table>

2672

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.26 (markt)/Coyote"></a><a name="Tomcat_7.0.26_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2673

2674

2675

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51543">51543</a>: Provide a meaningful error message when writing more

2676

response headers than permitted. (markt)

2677

</td></tr>

2678

2679

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52547">52547</a>: Ensure that bytes written (which is used by the access

2680

log) is correctly reset after an HTTP 1.0 request has been processed.

(markt)

</td></tr>

Minor refactoring to reduce code duplication in the HTTP connectors.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52606">52606</a>: Ensure that POST bodies are available for reply after

2689

FORM authentication when using the AJP connectors. (markt)

2690

</td></tr>

2691

</table>

2692

</blockquote></td></tr></table>

2693

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.26 (markt)/Jasper"></a><a name="Tomcat_7.0.26_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2694

2695

2696

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52474">52474</a>: Ensure that leading and trailing white space is

2697

removed from listener class names when parsing TLD files. (markt)

2698

</td></tr>

2699

2700

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52480">52480</a>: When converting class path entries from URLs to

2701

files/directories, ensure that any URL encoded characters are converted.

2702

Fixes JSP compilation with javac when Tomcat is installed at a path that

2703

includes spaces. (markt)

2704

</td></tr>

2705

2706

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52666">52666</a>: Correct coercion order in EL when processing the

2707

equality and inequality operators. (markt)

2708

</td></tr>

2709

</table>

2710

</blockquote></td></tr></table>

2711

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.26 (markt)/Web applications"></a><a name="Tomcat_7.0.26_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2712

2713

2714

Improve <code>BUILDING.txt</code>. Update instructions for

2715

building. Add instructions for using Checkstyle and running the

tests. (kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38216">38216</a>: Improve handling of <code>null</code> return values in

2720

the JMX proxy servlet which is part of the Manager application.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52515">52515</a>: Make it clear in the Realm how-to in the documentation

2725

web application that digested password storage when using DIGEST

2726

authentication requires that MD5 digests are used. (markt)

2727

</td></tr>

2728

2729

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52634">52634</a>: Fix typos in JSP examples. Patch provided by

2730

Felix Schumacher. (rjung)

2731

</td></tr>

2732

2733

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52641">52641</a>: Remove mentioning of ldap.jar from docs.

2734

Patch provided by Felix Schumacher. (rjung)

2735

</td></tr>

2736

</table>

2737

</blockquote></td></tr></table>

Fix code style issues and enable Checkstyle checks for jdbc-pool when

2742

it is built within Tomcat. (kkolinko)

2743

</td></tr>

2744

2745

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51582">51582</a> Correct set and reset the query cache to avoid NPE (fhanik)

2746

</td></tr>

2747

</table>

2748

</blockquote></td></tr></table>

2749

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.26 (markt)/Other"></a><a name="Tomcat_7.0.26_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2750

2751

2752

Update Commons Daemon to 1.0.9 to resolve <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52548">52548</a> which meant

2753

that services created with service.bat did not set the

2754

<code>catalina.home</code> and <code>catalina.base</code> system

properties. (markt)

</td></tr>

Implement check for correct end-of-line characters in the source

2759

files. It is run as separate target in <code>build.xml</code>.

(kkolinko)

</td></tr>

</table>

</blockquote></td></tr></table>

2764

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.25 (markt)"></a><a name="Tomcat_7.0.25_(markt)"><strong>Tomcat 7.0.25 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2012-01-21</strong></font></td></tr><tr><td colspan="2"><blockquote>

2765

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.25 (markt)/Web applications"></a><a name="Tomcat_7.0.25_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2766

2767

2768

Restore format of the first line of error message for JMX proxy

2769

servlet in case scripts were depending on it. (markt)

2770

</td></tr>

2771

</table>

2772

</blockquote></td></tr></table>

2773

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.25 (markt)/Other"></a><a name="Tomcat_7.0.25_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

2774

2775

2776

When building a Windows installer do not copy whole "res" folder to

2777

output/dist, but only the files that we need. Apply fixcrlf filter

2778

only after the files are copied, so that <code>INSTALLLICENSE</code>

2779

file had correct line ends. (kkolinko)

2780

</td></tr>

2781

2782

Remove <code>res/License.rtf</code>. The file that is actually shown

2783

by the Windows installer is <code>res/INSTALLLICENSE</code>.

(kkolinko)

</td></tr>

Automate the OpenPGP signature generation for the release process.

(markt)

</td></tr>

Don't exclude directories named target from the build process.

(rjung)

</td></tr>

</table>

</blockquote></td></tr></table>

2796

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.24 (markt)"></a><a name="Tomcat_7.0.24_(markt)"><strong>Tomcat 7.0.24 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

2797

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.24 (markt)/Catalina"></a><a name="Tomcat_7.0.24_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

2798

2799

2800

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52184">52184</a>: Provide greater control over the logging of errors

2801

triggered by invalid input data (i.e. data over which Tomcat has no

2802

control). (markt/kkolinko)

2803

</td></tr>

2804

2805

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52225">52225</a>: Fix ClassCastException in an Alias added to

2806

existing host through JMX. (kkolinko)

2807

</td></tr>

2808

2809

Do not throw IllegalArgumentException from parseParameters() call

2810

when chunked POST request is too large, but treat it like an IO error.

2811

The <code>FailedRequestFilter</code> filter can be used to detect this

2812

condition. (kkolinko)

2813

</td></tr>

2814

2815

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52245">52245</a>: Don't allow web applications to package classes from

2816

the <code>javax.el</code> package. Patch provided by pid. (markt)

2817

</td></tr>

2818

2819

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52259">52259</a>: Fix regression caused by the addition of the threaded

2820

component start (<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46264">46264</a>) that triggered a deadlock on startup

2821

if no Realm was configured. (markt)

2822

</td></tr>

2823

2824

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52293">52293</a>: Correctly handle the case when

2825

<code>antiResourceLocking</code> is enabled at the Context level when

2826

<code>unpackWARs</code> is disabled at the Host level. Based on a patch

2827

by Justin Miller. (markt)

2828

</td></tr>

2829

2830

In <code>ExtendedAccessLogValve</code> when printing %-encoded value of

2831

a parameter, use UTF-8 encoding to convert parameter value to bytes

2832

instead of platform default encoding. (markt/kkolinko)

2833

</td></tr>

2834

2835

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52303">52303</a>: Allow web applications that do not have a login

2836

configuration to participate in a SSO session. Patch provided by Brian

Burch. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52316">52316</a>: When using sendfile, use the number of bytes requested

2841

to be written to the response in the access log valve for bytes written

2842

rather than recording a value of zero. (markt)

2843

</td></tr>

2844

2845

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52326">52326</a>: Reduce log level for class loading errors during

2846

<code>@HandlesTypes</code> processing to debug. (markt)

2847

</td></tr>

2848

2849

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52328">52328</a>: Improve performance when large numbers of single

2850

characters and/or small strings are written to the response via a

Writer. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52384">52384</a>: Do not fail with parameter parsing when debug logging

2855

is enabled. (kkolinko)

2856

</td></tr>

2857

2858

Do not flag extra '&' characters in parameters as parse errors.

(kkolinko)

</td></tr>

Reduce log level for the message about hitting

2863

<code>maxParameterCount</code> limit from WARN to INFO. (kkolinko)

2864

</td></tr>

2865

2866

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52387">52387</a>: Ensure that the correct host is used when configuring

2867

logging when Tomcat is embedded. Patch provided by David Calavera.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52405">52405</a>: Align the Servlet 3.0 implementation with the changes

2872

defined in the first maintenance release (also know as Rev. A). See the

2873

<a href="http://jcp.org/aboutJava/communityprocess/maintenance/jsr315/servlet3-mr-reva.html">JCP documentation</a> for a detailed list of changes

(markt)

</td></tr>

Improve JMX names for objects related to Connectors that have the

2878

address attribute set. (markt)

2879

</td></tr>

2880

2881

Remove some stale attributes from MBeans. (rjung)

2882

</td></tr>

2883

2884

Move destruction of <code>ContainerBase</code> objects to

2885

<code>ContainerBase</code> to ensure that they are destroyed. (markt)

2886

</td></tr>

2887

2888

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52443">52443</a>: Change the behaviour of the default Realm in the

2889

embedded use case so it is set once on the Engine rather than on every

2890

Context thereby avoiding the Lifecycle issues with having the same Realm

2891

set on multiple Contexts. (markt)

2892

</td></tr>

2893

2894

Provide a new Realm implementation, the NullRealm, that does not contain

2895

any users and is used as the default Realm implementation (rather than

2896

the JAAS Realm which was used prior to this change) if no Realm is

specified. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52461">52461</a>: Don't assume file based URLs when checking last

2901

modified times for global and host level web.xml files. Patch provided

2902

by violetagg. (markt)

2903

</td></tr>

2904

2905

Add test cases for the BASIC and NonLogin Authenticators when not using

2906

SSO. Patch provided by Brian Burch. (markt)

2907

</td></tr>

2908

</table>

2909

</blockquote></td></tr></table>

2910

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.24 (markt)/Coyote"></a><a name="Tomcat_7.0.24_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

2911

2912

2913

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52028">52028</a>: Add support for automatic binding to a free port by a

2914

connector if the special value of zero is used for the port. This is

2915

mainly useful in embedded and testing scenarios. (markt)

2916

</td></tr>

2917

2918

Remove obsolete <code>emptySessionPath</code> JMX attribute. (rjung)

2919

</td></tr>

2920

2921

Correct error in fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49683">49683</a>. (markt)

2922

</td></tr>

2923

2924

Ensure that the process of unlocking the acceptor thread does not

2925

trigger processing of the connection as if it were a valid request.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

2930

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.24 (markt)/Jasper"></a><a name="Tomcat_7.0.24_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

2931

2932

2933

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52450">52450</a>: Add setter for entityResolver in ParserUtils.

2934

This is mainly useful when jasper and dtds are in different

2935

class loaders. (mturk)

2936

</td></tr>

2937

2938

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52321">52321</a>: Ensure that the order of multiple prelude/coda values

2939

for JSP pages is respected. (markt)

2940

</td></tr>

2941

2942

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52335">52335</a>: Only handle <code><\%</code> and not

2943

<code>\%</code> as escaped in template text. (markt)

2944

</td></tr>

2945

2946

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52440">52440</a>: Ensure that when using

2947

<code>ValueExpression.getValueReference()</code> if the expression is an

2948

EL variable that the value returned is the <code>ValueReference</code>

2949

for the <code>ValueExpression</code> associated with the EL variable.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52445">52445</a>: Don't assume that EL method expressions have

2954

exactly three components (identifier, method name, paramaters). (markt)

2955

</td></tr>

2956

</table>

2957

</blockquote></td></tr></table>

2958

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.24 (markt)/Web applications"></a><a name="Tomcat_7.0.24_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

2959

2960

2961

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38216">38216</a>: Add the ability to invoke MBean operations to the JMX

2962

proxy sevrlet in the Manager application. Based on a patch by

2963

Christopher Hlubek. (markt)

2964

</td></tr>

2965

2966

Further clarify the relation between values used by

2967

<code>RemoteIpValve</code> and <code>RemoteIpFilter</code>

2968

and their use by <code>AccessLogValve</code>. (kkolinko)

2969

</td></tr>

2970

2971

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52243">52243</a>: Improve windows service documentation to clarify how

2972

to include <code>#</code> and/or <code>;</code> in the value of an

2973

environment variable that is passed to the service. (markt)

2974

</td></tr>

2975

2976

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52366">52366</a>: Fix typo in VirtualWebappLoader documentation

2977

(configuration example). (rjung)

2978

</td></tr>

2979

2980

Replace Bugzilla search link on <code>ROOT/index.jsp</code> page with

2981

one pointing to the bug reporting page of Tomcat site. (kkolinko)

2982

</td></tr>

2983

2984

Move MBean dump code from JMXProxyServlet into a utility class. (rjung)

2985

</td></tr>

2986

</table>

2987

</blockquote></td></tr></table>

2988

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.24 (markt)/Tribes"></a><a name="Tomcat_7.0.24_(markt)/Tribes"><strong>Tribes</strong></a></font></td></tr><tr><td><blockquote>

2989

2990

2991

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52208">52208</a>: Fix threading issue that may lead to harmless NPE

2992

during shutdown that has occasionally been observed when running the

unit tests. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52213">52213</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52354">52354</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52355">52355</a> and

2997

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52356">52356</a>: Fix some potential concurrency issues in

2998

<code>FastQueue</code>. (markt)

2999

</td></tr>

3000

</table>

3001

</blockquote></td></tr></table>

<a href="http://svn.apache.org/viewvc?view=rev&rev=1207712">r1207712</a>: Pool cleaner should be a global thread, not spawn

3006

one thread per connection pool. (fhanik)

3007

</td></tr>

3008

</table>

3009

</blockquote></td></tr></table>

3010

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.24 (markt)/Other"></a><a name="Tomcat_7.0.24_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

3011

3012

3013

Update Apache Commons Daemon to 1.0.8. (mturk)

3014

</td></tr>

3015

3016

Update Apache Commons Pool to 1.5.7. (kkolinko)

3017

</td></tr>

3018

3019

Fix line ends in <code>.gitignore</code> files contained in source

3020

distributions. (rjung)

3021

</td></tr>

3022

3023

Run Mapper performance test twice if the first run took too long,

3024

to ignore occasional failures. (kkolinko)

3025

</td></tr>

3026

3027

Align <code>.gitignore</code> and <code>build.xml</code>

3028

exclude patterns with <code>svn:ignore</code>. (kkolinko)

3029

</td></tr>

3030

3031

Configure <code>defaultexcludes</code> for Ant 1.8.1/1.8.2.

3032

The <code>.git</code> and <code>.gitignore</code> patterns are

3033

in since Ant 1.8.2, but we include <code>.gitignore</code> in

3034

src distributions. (kkolinko)

3035

</td></tr>

3036

3037

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52237">52237</a>: Allow JUnit logs to be generated in formats other than

3038

plain text. Patch provided by M Hasko. (markt/kkolinko)

3039

</td></tr>

3040

3041

Fix build condition for tomcat-dbcp to always rebuild whan a new version

3042

of commons-pool or commons-dbcp is downloaded. (kkolinko)

3043

</td></tr>

3044

3045

Add example of configuration for <code>SetCharacterEncodingFilter</code>

3046

to the default <code>web.xml</code> file. (kkolinko)

3047

</td></tr>

3048

3049

Switch unit tests to bind Connectors to localhost rather than all

3050

available IP addresses. (markt)

3051

</td></tr>

3052

3053

Update to Eclipse JDT Compiler 3.7.1. (markt)

3054

</td></tr>

3055

3056

Add Netbeans <code>nbproject</code> folder to <code>svn:ignore</code>

3057

and <code>.gitignore</code>. (rjung)

3058

</td></tr>

3059

3060

Align <code>.gitignore</code> with trunk. (rjung)

3061

</td></tr>

3062

</table>

3063

</blockquote></td></tr></table>

3064

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.23 (markt)"></a><a name="Tomcat_7.0.23_(markt)"><strong>Tomcat 7.0.23 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-11-25</strong></font></td></tr><tr><td colspan="2"><blockquote>

3065

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.23 (markt)/Catalina"></a><a name="Tomcat_7.0.23_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

3066

3067

3068

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46264">46264</a>: Add the ability to start and stop containers

3069

(primarily Contexts) using a thread pool rather than a single thread.

3070

This can significantly improve start and stop time. Based on patches

3071

by Joe Kislo and Felix Schumacher. (markt)

3072

</td></tr>

3073

3074

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50570">50570</a>: Enable FIPS mode to be set in AprLifecycleListener.

3075

Based upon a patch from Chris Beckey. (schultz/kkolinko)

3076

</td></tr>

3077

3078

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51744">51744</a>: Throw the correct exception if an application attempts

3079

to modify the associated JNDI context. (markt)

3080

</td></tr>

3081

3082

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51744">51744</a>: Add an option to the StandardContext that allows

3083

exception throwing when an application attempts to modify the associated

3084

JNDI context to be disabled. (markt)

3085

</td></tr>

3086

3087

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51910">51910</a>: Prevent NPE on connector stop if Comet applications

3088

are being used without the CometConnectionManagerValve. (markt)

3089

</td></tr>

3090

3091

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51940">51940</a>: Do not limit saving of request bodies during FORM

3092

authentication to POST requests since any HTTP method may include a

3093

request body. Based on a patch by Nicholas Sushkin. (markt/kkolinko)

3094

</td></tr>

3095

3096

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51956">51956</a>: RemoteAddrFilter used getRemoteHost instead of

3097

getRemoteAddr when filtering Comet events. (schultz)

3098

</td></tr>

3099

3100

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51952">51952</a>: Make the inclusion of a response body with a redirect

3101

response introduced to address <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41718">41718</a> optional and disabled by

3102

default due to the side-effects of including a body with the response in

this case. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51972">51972</a>: Correctly handle protocol relative URLs when used with

3107

<code>sendRedirect()</code>. (markt)

3108

</td></tr>

3109

3110

Simplify the deployment code and use full paths in log messages to

3111

remove any ambiguity in where a context is being deployed from. (markt)

3112

</td></tr>

3113

3114

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52009">52009</a>: Fix a NPE during access log entry recording when an

3115

error occurred during the processing of a Comet request. (markt)

3116

</td></tr>

3117

3118

In <code>OneLineFormatter</code> log formatter in JULI always use

3119

the US locale to format the date (esp. the month names). (rjung)

3120

</td></tr>

3121

3122

Cache the results of parsing the global and host level web.xml files to

3123

improve web application start time. (markt)

3124

</td></tr>

3125

3126

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52042">52042</a>: Correct threading issue in annotation caching that

3127

could lead to an NPE if multiple threads were processing the same class

3128

hierarchy for annotations. (markt)

3129

</td></tr>

3130

3131

Correct additional threading and premature clearance issues with the

3132

annotation cache. (markt)

3133

</td></tr>

3134

3135

Correct a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49779">49779</a> that

3136

parameters POSTed by an unauthenticated user to a page that required

3137

FORM authentication were lost during the authentication process.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52055">52055</a>: Ensure that the input and output buffers are correctly

3142

reset between keep-alive requests when using Servlet 3.0 asynchronous

3143

request processing. (markt)

3144

</td></tr>

3145

3146

Ensure changes to the configuration of the RemoteHostValve and the

3147

RemoteAddrValve via JMX are thread-safe. (markt)

3148

</td></tr>

3149

3150

Ensure the the memory leak protection for the HttpClient keep-alive

3151

always operates even if the thread has already stopped. (markt)

3152

</td></tr>

3153

3154

Remove the Java 1.2 specific error handling around the adding of the

3155

shutdown hook. (markt)

3156

</td></tr>

3157

3158

Correct errors in i18n resources and resource usage that meant some

3159

messages were either not used or were incorrectly formatted. (markt)

3160

</td></tr>

3161

3162

Replace the use of deprecated auth method names from

3163

<code>authenticator.Constants</code> with the auth method names from

3164

<code>HttpServletRequest</code>. (kkolinko)

3165

</td></tr>

3166

3167

Make configuration issues for security related Valves and Filters result

3168

in the failure of the valve or filter rather than just a warning

message. (markt)

</td></tr>

Improve performance of parameter processing for GET and POST requests.

3173

Also add an option to limit the maximum number of parameters processed

3174

per request. This defaults to 10000. Excessive parameters are ignored.

3175

Note that <code>FailedRequestFilter</code> can be used to reject the

3176

request if some parameters were ignored. (markt/kkolinko)

3177

</td></tr>

3178

3179

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52091">52091</a>: Address performance issues related to lock contention

3180

in StandardWrapper. Patch provided by Taiki Sugawara. (markt)

3181

</td></tr>

3182

3183

Switch to using Collections.enumeration() rather than custom code that

3184

does the same thing. (markt)

3185

</td></tr>

3186

3187

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52113">52113</a>: Don't assume presence of context.xml file with JMX

deployment. (markt)

</td></tr>

In <code>RequestFilterValve</code> (<code>RemoteAddrValve</code>,

3192

<code>RemoteHostValve</code>): refactor value matching logic into

3193

separate method and expose this new method <code>isAllowed</code>

3194

through JMX. (kkolinko)

3195

</td></tr>

3196

3197

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52156">52156</a>: Ensure that

3198

<code>getServletContext().getResource(path)</code> returns the correct

3199

resource when path contains <code>/../</code> sequences or any other

3200

sequences that require normalization. (markt)

3201

</td></tr>

3202

3203

Report existence of HTTP request parameter parsing errors via new

3204

special ServletRequest attribute,

3205

<code>org.apache.catalina.parameter_parse_failed</code>. (kkolinko)

3206

</td></tr>

3207

3208

New filter <code>FailedRequestFilter</code> that will reject a request

3209

if there were errors during HTTP parameter parsing. (kkolinko)

3210

</td></tr>

3211

3212

Improve special attributes handling in Request object by using hash

3213

table lookup instead of series of string comparisons. (kkolinko)

3214

</td></tr>

3215

3216

Deprecate unused methods in <code>IntrospectionUtils</code> class.

(kkolinko)

</td></tr>

Improve processing of errors that are wrapped in

3221

<code>InvocationTargetException</code>. Rethrow fatal errors that must

3222

be rethrown. (kkolinko)

3223

</td></tr>

3224

3225

Improve handling of failed web application deployments during automatic

3226

deployment. Once deployment of a web application fails in one form (e.g.

3227

WAR), no further attempt (e.g. directory) will be made to deploy that

3228

web application. The base Lifecycle implementation has been improved to

3229

allow failed web applications to be started once the configuration

3230

issues have been resolved. Any changes to a context.xml file (global,

3231

per host or web application specific) will now result in a redeploy

3232

of the affected web application(s) that ensures that any changes are

3233

correctly applied rather than a reload which ignores changes in

3234

context.xml files. (markt/kkolinko)

3235

</td></tr>

3236

3237

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52173">52173</a>: Improve Javadoc for <code>delegate</code> attribute

3238

of WebappClassLoader. Based on a patch by bmargulies. (markt)

3239

</td></tr>

3240

3241

Add <code>denyStatus</code> attribute to <code>RequestFilterValve</code>

3242

(<code>RemoteAddrValve</code>, <code>RemoteHostValve</code> valves) and

3243

<code>RequestFilter</code> (<code>RemoteAddrFilter</code>,

3244

<code>RemoteHostFilter</code> filters). It allows to use different

3245

HTTP response code when rejecting denied request. E.g. 404 instead

of 403. (kkolinko)

</td></tr>

Slightly improve performance of UDecoder.convert(). Align

3250

<code>%2f</code> handling between implementations. (kkolinko)

3251

</td></tr>

3252

</table>

3253

</blockquote></td></tr></table>

3254

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.23 (markt)/Coyote"></a><a name="Tomcat_7.0.23_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

3255

3256

3257

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51881">51881</a>: Correctly complete Comet requests when the Comet END

3258

event is triggered asynchronously. (markt)

3259

</td></tr>

3260

3261

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51905">51905</a>: Fix infinite loop in AprEndpoint shutdown if

3262

acceptor unlock fails. Reduce timeout before forcefully closing

3263

the socket from 30s to 10s. (kkolinko)

3264

</td></tr>

3265

3266

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51912">51912</a>: Fix HTTP header processing in NIO HTTP connector.

(kkolinko)

</td></tr>

Improve MimeHeaders.toString(). (kkolinko)

3271

</td></tr>

3272

3273

Fix threading issue in NIO connectors during shutdown that meant Comet

3274

connections were not always shut down cleanly. (markt)

3275

</td></tr>

3276

3277

In HTTP connectors: self-guard against using a non-recycled input

3278

buffer. Requests will be rejected with response status 400. (kkolinko)

3279

</td></tr>

3280

3281

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52121">52121</a>: Fix possible output corruption when compression is

3282

enabled for a connector and the response is flushed. Includes a test

3283

case provided by David Marcks. (kkolinko/markt)

3284

</td></tr>

3285

3286

Improve multi-byte character handling in Coyote output for HTTP

and AJP. (rjung)

</td></tr>

Refactor acceptor unlock code to reduce waiting time during connector

3291

pause and stop. (markt)

3292

</td></tr>

3293

</table>

3294

</blockquote></td></tr></table>

3295

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.23 (markt)/Jasper"></a><a name="Tomcat_7.0.23_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

3296

3297

3298

Correct possible (but very small) memory leak when using maxLoadedJsps

3299

to limit the number of JSPs loaded at any one time. (markt)

3300

</td></tr>

3301

3302

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52051">52051</a>: Better handling of missing resource problems with

3303

non-standard Servlet mappings so that a 404 response is returned to the

3304

client rather than a 500 response. (markt)

3305

</td></tr>

3306

3307

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52091">52091</a>: Address performance issues related to log creation

3308

in TagHandlerPool. Patch provided by Taiki Sugawara. (markt)

3309

</td></tr>

3310

3311

Switch to using Collections.enumeration() rather than custom code that

3312

does the same thing. (markt)

3313

</td></tr>

3314

</table>

3315

</blockquote></td></tr></table>

3316

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.23 (markt)/Cluster"></a><a name="Tomcat_7.0.23_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

3317

3318

3319

Avoid an unnecessary session ID change notice.

3320

Notice of changed session ID by JvmRouteBinderValve is unnecessary to

3321

BackupManager. In BackupManager, change of session ID is replicated by

3322

the call of a setId() method. (kfujino)

3323

</td></tr>

3324

3325

Fix duplicate <code>resetDeltaRequest()</code> call in

3326

<code>DeltaSession.setId(String)</code>. (kkolinko)

3327

</td></tr>

3328

3329

Work around a <a href="http://bugs.sun.com/view_bug.do?bug_id=6427854">known JVM bug</a> that is fixed in 1.7.0_01 but still

3330

present in 1.6.0_29 and was triggering intermittent unit test failure

3331

for <code>org.apache.catalina.tribes.group.

3332

TestGroupChannelMemberArrival.testMemberArrival</code>.

3333

The bug affects any components that use NIO although it was more likely

3334

to be observed in the clustering module than the HTTP or AJP NIO

connector. (markt)

</td></tr>

When Context manager does not exist, no context manager message is

3339

replied in order to avoid timeout (default 60sec) of

3340

GET_ALL_SESSIONS sync phase. (kfujino)

3341

</td></tr>

3342

3343

Fix setting maxInactiveInterval, sessionIdLength and

3344

processExpiresFrequency for cluster managers. Use setter

3345

when setting maxActiveSessions. (rjung)

3346

</td></tr>

3347

</table>

3348

</blockquote></td></tr></table>

3349

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.23 (markt)/Web applications"></a><a name="Tomcat_7.0.23_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

3350

3351

3352

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50923">50923</a>: Use distinct background color for <code>code</code>

3353

tag in Tomcat documentation, for better readability. (kkolinko)

3354

</td></tr>

3355

3356

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51630">51630</a>: Fix bug in async0 example that triggered an

3357

IllegalStateException in the application log. (markt)

3358

</td></tr>

3359

3360

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52025">52025</a>: Add additional information regarding DriverManager,

3361

the service provider mechanism and memory leaks. (markt)

3362

</td></tr>

3363

3364

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52049">52049</a>: Improve setup instructions for running as a Windows

3365

service: remove references to specific Windows operating systems - it

3366

easily becomes dated; correct information on how a JRE is identified and

selected. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52172">52172</a>: Clarify Tomcat build instructions. Patch provided

3371

by bmargulies. (kkolinko)

3372

</td></tr>

3373

</table>

3374

</blockquote></td></tr></table>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52015">52015</a>: In jdbc-pool: JdbcInterceptor passes not 'this' but

3379

'proxy' to <code>getNext().invoke</code>. (kfujino)

3380

</td></tr>

3381

3382

In jdbc-pool: Improve handling of Errors that originate from methods

3383

invoked through reflection. In <code>TrapException</code> interceptor:

3384

rethrow Error as is, without wrapping it in a RuntimeException.

(kkolinko)

</td></tr>

In jdbc-pool: Unwrap InvocationTargetException if it is caught in

3389

<code>ResultSetProxy</code>, like we do it elsewhere. (kkolinko)

3390

</td></tr>

3391

3392

When building jdbc-pool from within Tomcat, use Tomcat's

3393

<code>output</code> directory location. This allows to move all build

3394

output away from the source tree. (kkolinko)

3395

</td></tr>

3396

</table>

3397

</blockquote></td></tr></table>

3398

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.23 (markt)/Other"></a><a name="Tomcat_7.0.23_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

3399

3400

3401

Update the package re-named copy of Commons BCEL (formerly Jakarta BCEL)

3402

to the latest code from Commons BCEL trunk. (markt)

3403

</td></tr>

3404

3405

Remove some unused code from the packaged renamed Commons BCEL. (markt)

3406

</td></tr>

3407

3408

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52059">52059</a>: In Windows uninstaller: Do not forget to remove

3409

Tomcat keys from 32-bit registry on deinstallation. (kkolinko)

3410

</td></tr>

3411

3412

Start the process of deprecating unused and unnecessary code that will

3413

be removed in the next major release (8.0.x). (markt)

3414

</td></tr>

3415

3416

Ignore <code>.git</code> directory when building the source

3417

distributive. (markt)

3418

</td></tr>

3419

3420

Remove trailing whitespace from the default configuration files.

(kkolinko)

</td></tr>

Improve <code>RUNNING.txt</code>. (kkolinko)

3425

</td></tr>

3426

3427

Update optional Checkstyle library to 5.5. (kkolinko)

3428

</td></tr>

3429

3430

In test suite: add <code>LoggingBaseTest</code> class to allow

3431

use of Tomcat logging configuration in tests that do not start Tomcat.

(kkolinko)

</td></tr>

In test suite: speed up <code>TestGroupChannelSenderConnections</code>.

3436

Remove 48 seconds worth of waits. (kkolinko)

3437

</td></tr>

3438

3439

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=52148">52148</a>: Add tomcat-coyote.jar to catalina-tasks.xml as this

3440

JAR is now required by the Ant tasks. Patch provided by Volker Krebs.

(markt)

</td></tr>

Add sample Apache Commons Daemon JSVC wrapper script

3445

<code>bin/daemon.sh</code> that can be used with <code>/etc/init.d</code>.

(mturk)

</td></tr>

</table>

</blockquote></td></tr></table>

3450

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.22 (markt)"></a><a name="Tomcat_7.0.22_(markt)"><strong>Tomcat 7.0.22 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-10-01</strong></font></td></tr><tr><td colspan="2"><blockquote>

3451

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.22 (markt)/Catalina"></a><a name="Tomcat_7.0.22_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

3452

3453

3454

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51550">51550</a>: An additional change that ensures any exceptions

3455

thrown by an Authenticator (or any other Valve configured for the

3456

Context) will be handled by the custom error pages for the Context if an

3457

appropriate error page is configured. (markt)

3458

</td></tr>

3459

3460

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51580">51580</a>: Added a nicer error message when a WAR file contains

3461

filenames not properly encoded in UTF-8. (schultz)

3462

</td></tr>

3463

3464

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51687">51687</a>: Added (optional) protection against

3465

sun.java2d.Disposer thread pinning a WebappClassLoader into memory

3466

in the JreMemoryLeakPreventionListener. (schultz)

3467

</td></tr>

3468

3469

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51741">51741</a>: Fixes a problem with Eclipse WTP "Serve modules

3470

without publishing" feature where applications failed to access

3471

resources when using getResource() on the classloader. (slaurent)

3472

</td></tr>

3473

3474

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51744">51744</a>: Prevent application code from closing the associated

3475

JNDI context while the application is running. (markt)

3476

</td></tr>

3477

3478

Correct a regression with the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51653">51653</a> that broke custom

3479

error pages for 4xx responses from the Authenticators. Error handling

3480

and request listeners are now handled in the StandardHostValve to ensure

3481

they wrap all Context level activity. (markt)

3482

</td></tr>

3483

3484

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51758">51758</a>: The digester (used for processing XML files) used the

3485

logger name <code>org.apache.commons.digester.Digester</code> rather

3486

than the expected <code>org.apache.tomcat.util.digester.Digester</code>.

3487

The digester has been changed to use the expected logger name.

(markt/kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51774">51774</a>: Fix incorrect cached method signature that prevented

3492

session tracking modes from being defined in web.xml when running under

3493

a security manager. (markt)

3494

</td></tr>

3495

3496

Add an annotation cache to the <code>DefaultInstanceManager</code> that

3497

improves performance for applications that make use of a lot of

3498

non-poolable objects (e.g. tag files) that need to be scanned for

3499

annotations when created. (markt)

3500

</td></tr>

3501

3502

Use the specification compliant request attribute of

3503

<code>javax.servlet.request.ssl_session_id</code> to access the SSL

3504

session ID and deprecated the Tomcat specific request attribute. (markt)

3505

</td></tr>

3506

3507

Allow to overwrite the check for distributability

3508

of session attributes by session implementations. (rjung)

3509

</td></tr>

3510

3511

Add Java 7 sunec.jar and zipfs.jar to the list of JARs

3512

to skip when scanning for TLDs and web fragments. (rjung)

3513

</td></tr>

3514

3515

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51862">51862</a>: Added a <code>classesToInitialize</code> attribute to

3516

<code>JreMemoryLeakPreventionListener</code> to allow pre-loading of configurable

3517

classes to avoid some classloader leaks. (slaurent)

3518

</td></tr>

3519

3520

Reduce visibility of static field <code>ManagerBase.name</code> and

3521

make it final. (kkolinko)

3522

</td></tr>

3523

3524

Add thread name to juli OneLineFormatter. (rjung)

3525

</td></tr>

3526

3527

Ensure Servlets that implement ContainerServlet always get treated as

restricted. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51872">51872</a>: Ensure that the access log always uses the correct

3532

value for the remote IP address associated with the request and that

3533

requests with multiple errors do not result in multiple entries in

3534

the access log. (markt)

3535

</td></tr>

3536

</table>

3537

</blockquote></td></tr></table>

3538

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.22 (markt)/Coyote"></a><a name="Tomcat_7.0.22_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

3539

3540

3541

Remove unused and undocumented socketCloseDelay attribute from NIO

connector. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49683">49683</a>: Support separate connection and keep-alive timeouts

3546

for the APR/native connector HTTP and AJP connectors. (markt)

3547

</td></tr>

3548

3549

Further re-factoring of the HTTP connectors to align the BIO, NIO and

3550

APR implementations. (markt)

3551

</td></tr>

3552

3553

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51794">51794</a>: Fix race condition in NioEndpoint. (fhanik)

3554

</td></tr>

3555

3556

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51811">51811</a>: Correct SSL configuration property name from

3557

sslImplemenationName to sslImplementationName. (rjung)

3558

</td></tr>

3559

3560

Fix a timing issue in NIO connector that meant that stopping a connector

3561

did not trigger a Comet END event if the associated processor was

3562

processing a READ event when the connector was stopped. (markt)

3563

</td></tr>

3564

3565

Replace unneeded call that iterated events queue in NioEndpoint.Poller.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51860">51860</a>: Fix issues if using NIO with a custom

3570

SSLImplementation. Based on a suggestion by Roman Tsirulnikov. (markt)

3571

</td></tr>

3572

3573

Allow the BIO HTTP connector to be used with SSL when running under Java

7. (markt)

</td></tr>

Don't send AJP CPONG if endpoint is already paused. (rjung)

3578

</td></tr>

3579

3580

Align APR AJP connector with NIO one. Send 503 if endpoint is paused.

(rjung)

</td></tr>

Accept AJP request even if endpoint is paused, if CPING was successful.

(rjung)

</td></tr>

</table>

</blockquote></td></tr></table>

3589

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.22 (markt)/Jasper"></a><a name="Tomcat_7.0.22_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

3590

3591

3592

When unloading JSPs due to configuration of the

3593

<code>maxLoadedJsps</code> initialisation parameter, the unloading code

3594

was retaining a reference to the to the unloaded JSP preventing the

3595

associated class from being unloaded until the JSP that replaced it was

3596

itself unloaded. (markt)

3597

</td></tr>

3598

3599

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51852">51852</a>: Correct two problems in the handling of varargs

3600

methods with the BeanELResolver. The first meant the wrong method was

3601

sometimes called and the second that an ArrayIndexOutOfBoundsExceptions

3602

could be thrown. Patch (including a test case) provided by Matt Benson.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3607

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.22 (markt)/Cluster"></a><a name="Tomcat_7.0.22_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

3608

3609

3610

Refactor cluster manager configuration: move handling of common

3611

attributes to base class. (kfujino, rjung)

3612

</td></tr>

3613

3614

New cluster manager attribute <code>sessionAttributeFilter</code>

3615

allows to filter which session attributes are replicated using a

3616

regular expression applied to the attribute name. (rjung)

3617

</td></tr>

3618

</table>

3619

</blockquote></td></tr></table>

3620

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.22 (markt)/Web applications"></a><a name="Tomcat_7.0.22_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

3621

3622

3623

Correct the documentation for <code>connectionLinger</code> attribute

3624

for the AJP and HTTP connectors. (markt)

3625

</td></tr>

3626

3627

Document caveat of using <code>RemoteAddrValve</code> with IPv6

3628

addresses. (kkolinko)

3629

</td></tr>

3630

</table>

3631

</blockquote></td></tr></table>

In jdbc-pool: Avoid IllegalArgumentException when setting maxActive

3636

less than or equal to 0.

3637

ArrayBlockingQueue doesn't allow capacity of 0 or less. (kfujino)

3638

</td></tr>

3639

3640

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48392">48392</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1169796">r1169796</a>): Fix typo in

3641

<code>StatementDecoratorInterceptor</code>. (fhanik)

3642

</td></tr>

3643

3644

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51139">51139</a>:

3645

In jdbc-pool: validatorClassName and suspectTimeout are ignored.

3646

In order to support them correctly, validatorClassName and

3647

suspectTimeout are added to a property list. (kfujino)

3648

</td></tr>

3649

3650

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51786">51786</a>:

3651

In jdbc-pool: Discarded connection is not active in a pool any longer.

3652

It removes from the active connection list. (kfujino)

3653

</td></tr>

3654

3655

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51871">51871</a>: Fix dependency in Maven POM file of

3656

tomcat-jbdc. (kkolinko)

3657

</td></tr>

3658

</table>

3659

</blockquote></td></tr></table>

3660

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.22 (markt)/Other"></a><a name="Tomcat_7.0.22_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

3661

3662

3663

Update the "test" target in the default build file to report a test

3664

failure only after all available connector variants (bio, nio, apr)

3665

have been tested. Do not stop after first connector that fails.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51887">51887</a>: When running the unit tests, use a fast but insecure

3670

random number source for session ID generation to reduce the delays

3671

caused by waiting for entropy. (kkolinko/markt)

3672

</td></tr>

3673

3674

Code clean-up to further reduce the number of warnings reported by

3675

Eclipse, FindBugs and CheckStyle. (markt/kkolinko)

3676

</td></tr>

3677

</table>

3678

</blockquote></td></tr></table>

3679

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.21 (markt)"></a><a name="Tomcat_7.0.21_(markt)"><strong>Tomcat 7.0.21 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-09-01</strong></font></td></tr><tr><td colspan="2"><blockquote>

3680

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.21 (markt)/Catalina"></a><a name="Tomcat_7.0.21_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

3681

3682

3683

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41718">41718</a>: Include a response body when sending a redirect.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51640">51640</a>: Improve the memory leak prevention for leaks triggered

3688

by java.sql.DriverManager. (markt)

3689

</td></tr>

3690

3691

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51644">51644</a>: Fix annotation scanning for contexts with a

3692

multi-level context path such as /a/b. (markt)

3693

</td></tr>

3694

3695

Unregisters MBean of DataSource when web application stops. (kfujino)

3696

</td></tr>

3697

3698

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51650">51650</a>: Code clean-up. Patch provided by Felix Schumacher.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51653">51653</a>: Move application level error page handling from the

3703

Host to the Context. This ensures that application error page handling

3704

is completed before the requestDestroyed event of any

3705

ServletRequestListener is fired. (markt)

3706

</td></tr>

3707

3708

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51654">51654</a>: Improve handling of invalid appBase settings for Host

elements. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51658">51658</a>: Fix possible NPE when logging a failed request. Based

3713

on a suggestion by Felix Schumacher. (markt)

3714

</td></tr>

3715

3716

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51688">51688</a>: JreMemoryLeakPreventionListener now protects against

3717

AWT thread creation. (schultz)

3718

</td></tr>

3719

3720

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51712">51712</a>: Ensure cache control headers are sent when appropriate

3721

even if the request is secure. Patch provided by Michael Zampani.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51713">51713</a>: Improve message that is logged if there is an error

3726

in the value of <code>protocol</code> in a <code>Connector</code>.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51739">51739</a>: When using a landing page with FORM authentication

3731

ensure that the request has a valid HTTP method. (markt)

3732

</td></tr>

3733

</table>

3734

</blockquote></td></tr></table>

3735

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.21 (markt)/Coyote"></a><a name="Tomcat_7.0.21_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

3736

3737

3738

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51641">51641</a>: Use correct key when removing processor instances from

3739

the connections map during clean-up. Patch provided by zhh. (mark)

3740

</td></tr>

3741

3742

More changes to align the code between the different HTTP connectors.

(markt)

</td></tr>

Ensure AjpMessage headers are correct for the direction of the message.

(markt)

</td></tr>

Code clean-up and re-factoring to reduce duplicate code in the AJP

3751

processor implementations. (markt)

3752

</td></tr>

3753

3754

Detect incomplete AJP messages and reject the associated request if one

is found. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51698">51698</a>: Fix CVE-2011-3190. Prevent AJP message injection.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3763

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.21 (markt)/Jasper"></a><a name="Tomcat_7.0.21_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

3764

3765

3766

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41673">41673</a>: Use platform line-endings when reporting compilation

errors. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3771

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.21 (markt)/Cluster"></a><a name="Tomcat_7.0.21_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

3772

3773

3774

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51736">51736</a>: Make rpcTimeout configurable in BackupManager.

(kfujino)

</td></tr>

</table>

</blockquote></td></tr></table>

3779

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.21 (markt)/Web applications"></a><a name="Tomcat_7.0.21_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

3780

3781

3782

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51649">51649</a>: Update the documentation web application to include

3783

the ThreadLocal leak prevention listener. (markt)

3784

</td></tr>

3785

</table>

3786

</blockquote></td></tr></table>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51583">51583</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1157874">r1157874</a>, <a href="http://svn.apache.org/viewvc?view=rev&rev=1162102">r1162102</a>): Fix

3791

shutdown delay in jdbc-pool. (fhanik/kkolinko)

3792

</td></tr>

3793

</table>

3794

</blockquote></td></tr></table>

3795

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.21 (markt)/Other"></a><a name="Tomcat_7.0.21_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

3796

3797

3798

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51558">51558</a>: Don't force the use of StandardManager when using

3799

any of the <code>Tomcat#addWebapp()</code> methods. (markt)

3800

</td></tr>

3801

3802

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51704">51704</a>: Make use of <code>File#mkdirs()</code> more robust.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

3807

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.20 (markt)"></a><a name="Tomcat_7.0.20_(markt)"><strong>Tomcat 7.0.20 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-08-11</strong></font></td></tr><tr><td colspan="2"><blockquote>

3808

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.20 (markt)/Catalina"></a><a name="Tomcat_7.0.20_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

3809

3810

3811

Corrected missing comma in the value of <code>jarsToSkip</code>

3812

property in <code>conf/catalina.properties</code> file, which

3813

caused tomcat-jdbc.jar and commons-beanutils*.jar to be not

3814

ignored when scanning jars for tag libraries. (kkolinko)

3815

</td></tr>

3816

3817

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41709">41709</a>: Provide exception messages where no message is

3818

provided currently for IllegalStateExcpetions triggered by calling

3819

HttpServletResponse methods when the reponse is committed. (markt)

3820

</td></tr>

3821

3822

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51509">51509</a>: Fix potential concurrency issue in CSRF prevention

3823

filter that may lead to some requests failing that should not. (markt)

3824

</td></tr>

3825

3826

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51518">51518</a>: Correct error in web.xml parsing rules for the

3827

<others/> tag when using absolute ordering. (markt)

3828

</td></tr>

3829

3830

Move the SetCharacterEncoding filter from the examples web application

3831

to the <code>org.apache.catalina.filters</code> package so it is

3832

available for all web applications. (markt)

3833

</td></tr>

3834

3835

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51550">51550</a>: Internal errors in Tomcat components that process

3836

requests before they are passed to a web application, such as

3837

Authenticators, now return a 500 response rather than a 200 response.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51555">51555</a>: Allow destroy() to be called on Lifecycle components

3842

that are in the initialized state. (markt)

3843

</td></tr>

3844

3845

Add x-threadname pattern format token to ExtendedAccessLogValve to log

3846

the current request thread name. Based on a patch from Felix Schumacher.

(timw)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51584">51584</a>: Ensure file paths are encoded/decoded when translated

3851

to/from URLs when working with resources from a Context so special

3852

characters don't cause issues. (markt)

3853

</td></tr>

3854

3855

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51586">51586</a>: Expand error handling to cover anything that is

3856

recoverable (or might be recoverable) when loading classes during

3857

HandlesTypes processing. (markt)

3858

</td></tr>

3859

3860

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51588">51588</a>: Make it easier to extend the AccessLogValve to add

3861

support for custom elements. (markt)

3862

</td></tr>

3863

3864

Ensure that calls to StandardWrapper methods() that may trigger creation

3865

of a Servlet instance always do so in way that correctly instantiates a

3866

Servlet instance. (markt)

3867

</td></tr>

3868

3869

In JDBCStore: Committing connection if autoCommit is false.

3870

Make sure committed connection is returned to the pool if datasource is

enabled. (kfujino)

</td></tr>

Split <code>condition</code> attribute of AccessLogValve into two,

3875

<code>conditionIf</code> and <code>conditionUnless</code>. Implement

3876

conditional logging that logs only if a request attribute is present.

(kkolinko)

</td></tr>

Allow to have several AccessLogValve instances in the same scope (e.g.

3881

in the same Context). (kkolinko)

3882

</td></tr>

3883

3884

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51610">51610</a>: If an unchecked exception occurs during a lifecycle

3885

transition (e.g. web application start) ensure that the component is

3886

put into the failed state. (markt)

3887

</td></tr>

3888

3889

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51614">51614</a>: Avoid calling store.load() and session.expire()

3890

twice in PersistentManager when expiring sessions. (kfujino)

3891

</td></tr>

3892

3893

Prevent spurious log warnings on container stop if a child component has

3894

previously failed. (markt)

3895

</td></tr>

3896

3897

Add missing getter and setter for the alwaysUseSession attribute of the

3898

authenticators. (markt)

3899

</td></tr>

3900

</table>

3901

</blockquote></td></tr></table>

3902

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.20 (markt)/Coyote"></a><a name="Tomcat_7.0.20_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

3903

3904

3905

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49595">49595</a>: Prevent JVM crash with the AJP APR connector when

3906

flushing a closed socket. (jfclere)

3907

</td></tr>

3908

3909

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50394">50394</a>: Return -1 instead of throwing an exception when

3910

encountering an EOF while processing an input stream with the HTTP APR

connector. (jfclere)

</td></tr>

Correctly handle a connectionTimeout value of -1 (no timeout) for the

3915

HTTP NIO and AJP NIO connectors. (markt)

3916

</td></tr>

3917

3918

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51503">51503</a>: Add additional validation that prevents a connector

3919

from starting if it does not have a port > 0. (markt)

3920

</td></tr>

3921

3922

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51557">51557</a>: Ignore HTTP headers that do not comply with RFC 2616

3923

and use header names that are not tokens. (markt)

3924

</td></tr>

3925

3926

Improve error handling for HTTP APR if an error occurs while using

sendfile. (markt)

</td></tr>

Ensure that when using sendfile, HTTP APR sockets are not added to

3931

multiple pollers. This may cause errors during shutdown. (markt)

3932

</td></tr>

3933

3934

Set <code>reuse</code> flag of final AJP <code>END_RESPONSE</code>

3935

packet to <code>0</code> if we plan to close the connection. (rjung)

3936

</td></tr>

3937

3938

Correctly indicate if socket is closing when calling recycle for the AJP

3939

NIO processor. Note since the flag is unused in this case there were no

3940

bugs triggered by the re-factoring error. (rjung)

3941

</td></tr>

3942

</table>

3943

</blockquote></td></tr></table>

3944

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.20 (markt)/Jasper"></a><a name="Tomcat_7.0.20_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

3945

3946

3947

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51532">51532</a>: JSP files with dependencies in JARs were recompiled on

3948

every access leading to poor performance. (markt)

3949

</td></tr>

3950

3951

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51544">51544</a>: Correctly resolve bean methods in EL so accessible

3952

methods that are overridden by inaccessible methods do not cause an

3953

IllegalAccessException. (markt)

3954

</td></tr>

3955

</table>

3956

</blockquote></td></tr></table>

3957

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.20 (markt)/Web applications"></a><a name="Tomcat_7.0.20_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

3958

3959

3960

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=41498">41498</a>: Add the allRolesMode attribute to the Realm

3961

configuration page in the documentation web application. (markt)

3962

</td></tr>

3963

3964

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48997">48997</a>: Fixed some typos and correct cross-referencing to the

3965

HTTP Connector documentation with the SSL How-To page of the

3966

documentation web application. (markt)

3967

</td></tr>

3968

3969

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49122">49122</a>: Improvements and fixes for index page for ROOT web

3970

application. Based on a patch provided by pidster. (markt)

3971

</td></tr>

3972

3973

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51516">51516</a>: Correct documentation web application to show correct

3974

system property name for changing the name of the SSO session cookie.

(markt)

</td></tr>

Configure the Manager and Host Manager web applications with the Set

3979

Character Encoding Filter to make the default request character encoding

3980

UTF-8 to improve i18n support. Note that best results will be obtained

3981

if the connector is also configured with

3982

<code>URIEncoding="UTF-8"</code>.(markt)

3983

</td></tr>

3984

3985

Update the documentation web application to be even more explicit about

3986

the implications of setting the path attribute on a Context element in

server.xml. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51561">51561</a>: Update the Realm page within the documentation web

3991

application to recommend the use of digest.[bat|sh] to generate digests

3992

rather than calling RealmBase directly. (markt)

3993

</td></tr>

3994

3995

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51567">51567</a>: Update the class loading page of the documentation

3996

web application to include information on the search order for the

3997

common class loader when separate values are used for $CATALINA_HOME and

3998

$CATALINA_BASE. (markt)

3999

</td></tr>

4000

4001

Improve class loading documentation and logging documentation.

(kkolinko)

</td></tr>

Add information to the security page of the the documentation web

4006

application for the ciphers attribute of the Connector element. (markt)

4007

</td></tr>

4008

</table>

4009

</blockquote></td></tr></table>

4010

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.20 (markt)/Other"></a><a name="Tomcat_7.0.20_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4011

4012

4013

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51503">51503</a>: Add additional validation to Windows installer that

4014

ensure that the shutdown port, HTTP port and AJP port are all specified

4015

during the install process. (markt)

4016

</td></tr>

4017

4018

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51531">51531</a>: Update sample Eclipse classpath file to reflect

4019

updated ECJ jar. Patch provided by Ian Brandt. (markt)

4020

</td></tr>

4021

4022

Convert Tomcat unit tests to JUnit 4. (kkolinko)

4023

</td></tr>

4024

4025

Update optional CheckStyle library to 5.4. (kkolinko)

4026

</td></tr>

4027

4028

Remove <code>resolveHosts</code> attribute from AccessLogValve

4029

configuration in the default <code>server.xml</code>. It was documented

4030

in 7.0.19 that it has no effect. (kkolinko)

4031

</td></tr>

4032

4033

Simplify mapping for <code>jsp</code> servlet in the default

4034

<code>web.xml</code>. (kkolinko)

4035

</td></tr>

4036

4037

Correctly handle uninstall with the Windows installer if the service is

4038

installed with a name that contains a '-' character. (markt)

4039

</td></tr>

4040

4041

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51598">51598</a>: Prevent direct invocation of the Windows uninstaller

4042

without a service name from executing since the uninstall will not be

complete. (markt)

</td></tr>

Use Tomcat icon (cat) instead of Apache Commons Daemon (feather) one

4047

in the list of uninstallable programs on Windows. (kkolinko)

4048

</td></tr>

4049

4050

Update to Apache Commons Daemon 1.0.7. (markt)

4051

</td></tr>

4052

4053

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51621">51621</a>: Add additional required JARs to the deployer

4054

distribution. (markt)

4055

</td></tr>

4056

4057

Fix a small number of warnings reported by FindBugs. (markt)

4058

</td></tr>

4059

4060

Update to version 1.1.22 of the native component for the AJP APR/native

4061

and HTTP APR/native connectors. (markt)

4062

</td></tr>

4063

</table>

4064

</blockquote></td></tr></table>

4065

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.19 (markt)"></a><a name="Tomcat_7.0.19_(markt)"><strong>Tomcat 7.0.19 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-07-19</strong></font></td></tr><tr><td colspan="2"><blockquote>

4066

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.19 (markt)/Catalina"></a><a name="Tomcat_7.0.19_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4067

4068

4069

Add option to activate access log for unit tests. (rjung)

4070

</td></tr>

4071

4072

Fix regression in year number formatting for AccessLogValve. (rjung)

4073

</td></tr>

4074

4075

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46252">46252</a>: Allow to specify character set to be used to write

4076

the access log in AccessLogValve. (kkolinko)

4077

</td></tr>

4078

4079

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51494">51494</a>: Prevent an NPE when a long running request completes

4080

if the associated web application was destroyed while the request was

processing. (markt)

</td></tr>

Allow choosing a locale for timestamp formatting in AccessLogValve.

(rjung)

</td></tr>

When generating access logs for errors, log at the Context/Host level if

4089

a Context or Host can be identified for the failed request. (markt)

4090

</td></tr>

4091

4092

Create a directory for access log or error log (in AccessLogValve and

4093

in JULI FileHandler) automatically when it is specified as a part of

4094

the file name, e.g. in the <code>prefix</code> attribute. Earlier this

4095

happened only if it was specified with the <code>directory</code>

4096

attribute. (kkolinko)

4097

</td></tr>

4098

4099

Log a failure if access log file cannot be opened. (kkolinko)

4100

</td></tr>

4101

4102

Use en_US as locale for timestamps in ExtendedAccessLogValve.

(rjung)

</td></tr>

Use en_US as locale for creationdate in WebdavServlet. (rjung)

4107

</td></tr>

4108

</table>

4109

</blockquote></td></tr></table>

4110

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.19 (markt)/Coyote"></a><a name="Tomcat_7.0.19_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4111

4112

4113

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51477">51477</a>: Support all SSL protocol combinations in the

4114

APR/native connector. This only works when using the native library

4115

version 1.1.21 or later, which is not yet released. (rjung)

4116

</td></tr>

4117

4118

Various refactorings to reduce code duplication and unnecessary code in

4119

the connectors. (markt)

4120

</td></tr>

4121

4122

Correct regression introduced in 7.0.17 that triggered 400 entries in

4123

the AccessLog when using the AJP/BIO connector. (markt)

4124

</td></tr>

4125

4126

Fix regression producing invalid MBean names when using IPV6

4127

addresses for connectors. (rjung)

4128

</td></tr>

4129

4130

Add missing thread name in RequestProcessor when Servlet 3 Async

4131

is used. Fixes null thread name in access log and JMX MBean. (rjung)

4132

</td></tr>

4133

4134

Fix CVE-2011-2526. Protect against infinite loops (HTTP NIO) and crashes

4135

(HTTP APR) if sendfile is configured to send more data than is available

in the file. (markt)

</td></tr>

Prevent NPEs when a socket is closed in non-error conditions after

4140

sendfile processing when using the HTTP NIO connector. (markt)

4141

</td></tr>

4142

</table>

4143

</blockquote></td></tr></table>

4144

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.19 (markt)/Cluster"></a><a name="Tomcat_7.0.19_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4145

4146

4147

Remove unnecessary server.xml parsing code for old cluster

4148

implementation that does not ship as part of Tomcat 7. (markt)

4149

</td></tr>

4150

</table>

4151

</blockquote></td></tr></table>

4152

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.19 (markt)/Web applications"></a><a name="Tomcat_7.0.19_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4153

4154

4155

Add additional information to the documentation web application on the

4156

benefits and remaining risks when running under a security manager.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51490">51490</a>: Correct broken HTML in JSP tag plugin examples and

4161

improve the <c:if> example to make failures more obvious. Based on

4162

suggestions by Charles. (markt)

4163

</td></tr>

4164

4165

Document ExtendedAccessLogValve. (rjung)

4166

</td></tr>

4167

4168

Correct default value of <code>enableLookups</code> for connectors

4169

and mention, that <code>resolveHosts</code> for the AccessLogValve

4170

is replaced by <code>enableLookups</code>. (rjung)

4171

</td></tr>

4172

</table>

4173

</blockquote></td></tr></table>

Include jdbc-pool into Tomcat release. (fhanik)

4178

</td></tr>

4179

</table>

4180

</blockquote></td></tr></table>

4181

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.19 (markt)/Other"></a><a name="Tomcat_7.0.19_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4182

4183

4184

Update to Apache Commons Daemon 1.0.6. (markt)

4185

</td></tr>

4186

4187

Update to Eclipse JDT Compiler 3.7. (markt)

4188

</td></tr>

4189

</table>

4190

</blockquote></td></tr></table>

4191

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.18 (markt)"></a><a name="Tomcat_7.0.18_(markt)"><strong>Tomcat 7.0.18 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

4192

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.18 (markt)/Catalina"></a><a name="Tomcat_7.0.18_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4193

4194

4195

Correct regression introduced in 7.0.17 that triggered an NPE if a

4196

CrawlerSessionManagerValve was used without setting crawlerUserAgents.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51466">51466</a>: Correct comment typos in HostManagerServlet. Patch

4201

provided by Felix Schumacher. (markt)

4202

</td></tr>

4203

4204

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51467">51467</a>: Invoke Thread.start() rather than Thread.run() so that

4205

listeners and filters are stopped in a separate thread rather than the

4206

current thread. Patch provided by Felix Schumacher. (markt)

4207

</td></tr>

4208

4209

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51473">51473</a>: Fix concatenation of values in

4210

<code>SecurityConfig.setSecurityProperty()</code>. (kkolinko)

4211

</td></tr>

4212

4213

Fix response.encodeURL() for the special case of an absolute URL

4214

with no path segment (http://name). (rjung)

4215

</td></tr>

4216

</table>

4217

</blockquote></td></tr></table>

4218

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.18 (markt)/Coyote"></a><a name="Tomcat_7.0.18_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4219

4220

4221

Correct regression caused by connector re-factoring that made AJP

4222

APR/native connector very unstable on Windows platforms. (markt)

4223

</td></tr>

4224

4225

Correct regression caused by connector re-factoring that meant that

4226

sendfile data was not reset between pipe-lined HTTP requests. (markt)

4227

</td></tr>

4228

</table>

4229

</blockquote></td></tr></table>

4230

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.18 (markt)/Tribes"></a><a name="Tomcat_7.0.18_(markt)/Tribes"><strong>Tribes</strong></a></font></td></tr><tr><td><blockquote>

4231

4232

4233

Re-factor tests to align packages for tests with the classes under test.

4234

Start to convert non-JUnit tests to JUnit. Remove unnecessary code.

(markt)

</td></tr>

Add synchronization to receiver socket binding to prevent test failures

on Linux. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4243

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.18 (markt)/Other"></a><a name="Tomcat_7.0.18_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4244

4245

4246

More code clean-up to remove unused code and reduce IDE warnings.

(markt/kkolinko)

</td></tr>

Further improvements to the Windows installer. (markt/kkolinko)

4251

</td></tr>

4252

</table>

4253

</blockquote></td></tr></table>

4254

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.17 (markt)"></a><a name="Tomcat_7.0.17_(markt)"><strong>Tomcat 7.0.17 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

4255

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.17 (markt)/Catalina"></a><a name="Tomcat_7.0.17_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4256

4257

4258

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48956">48956</a>: Add regular expression support for SSI. (markt)

4259

</td></tr>

4260

4261

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49165">49165</a>: Allow any time stamp formats supported by

4262

SimpleDateFormat in AccessLogValve. Support logging begin and/or end of

request. (rjung)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50677">50677</a>: Allow system property variables to be used in the

4267

values of "common.loader" and other "*.loader" properties in the

4268

<code>catalina.properties</code> file. (kkolinko)

4269

</td></tr>

4270

4271

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51376">51376</a>: When adding a Servlet via

4272

ServletContext#addServlet(String, Servlet), the Servlet was not

4273

initialized when the web application started and a load on startup value

was set. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51386">51386</a>: Correct code for processing @HandlesTypes annotations

4278

so only types of interest are reported to a ServletContainerInitializer.

(markt)

</td></tr>

Add the Tomcat extras, ant-junit and Java Help Jars to the list of JARs

4283

to skip when scanning for TLDs and web fragments. (rjung)

4284

</td></tr>

4285

4286

The fix for bug <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51310">51310</a> caused a regression that re-introduced

4287

bug <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49957">49957</a> and deleted the contents of the work directory

4288

when Tomcat was shutdown. This fix ensures that that work directory for

4289

an application is not deleted when Tomcat is shutdown. (markt)

4290

</td></tr>

4291

4292

Correct issues with JULI's OneLineFormatter including: correctly

4293

re-using formatted timestamps when possible; thread-safety issues in

4294

timestamp formatting; correcting the output of any milliseconds to

4295

include leading zeros and formatting any parameters present.

4296

(kkolinko/markt/rjung)

4297

</td></tr>

4298

4299

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51395">51395</a>: Fix memory leak triggered when an application that

4300

includes a SAXParserFactory is the first web application to be loaded.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51396">51396</a>: Correctly handle jsp-file entries in web.xml when the

4305

JSP servlet has been configured via code when embedding Tomcat. (markt)

4306

</td></tr>

4307

4308

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51400">51400</a>: Avoid known bottleneck in JVM when converting between

4309

Strings and bytes by always providing a Charset rather than an encoding

4310

name. Based on a patch by Dave Engberg. (markt)

4311

</td></tr>

4312

4313

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51401">51401</a>: Correctly initialise shared WebRuleSet instance used

4314

by the digesters that parse web.xml and prevent incorrect warnings about

4315

multiple occurrences of elements that are only allowed to appear once in

4316

web.xml and web-fragment.xml. (kfujino)

4317

</td></tr>

4318

4319

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51403">51403</a>: Avoid NPE in JULI FileHandler if formatter is

4320

misconfigured. (kkolinko)

4321

</td></tr>

4322

4323

Previous improvements in JAR scanning performance introduced a start-up

4324

performance penalty for some use cases. This fix addresses those

4325

performance penalties while retaining the original improvements. (markt)

4326

</td></tr>

4327

4328

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51418">51418</a>: Provide more control over Context creation when

4329

embedding Tomcat. Based on a patch by Benson Margulies. (markt/kkolinko)

4330

</td></tr>

4331

4332

Remove redundant copy of catalina.properties from o.a.c.startup.

4333

Generate this copy for inclusion in bin and src jars during the

4334

ant "compile" task. (rjung)

4335

</td></tr>

4336

4337

Use system properties loaded from catalina.properties via the class

4338

path in unit tests. (rjung)

4339

</td></tr>

4340

4341

Improve JMX unit test. (rjung)

4342

</td></tr>

4343

4344

Fix IllegalStateException for JavaScript files when switching from

4345

Writer to OutputStream. The special handling of this case in the

4346

DefaultServlet was broken due to a MIME type change for JavaScript.

(funkman)

</td></tr>

Fix CVE-2011-2204. Prevent user passwords appearing in log files if a

4351

runtime exception (e.g. OOME) occurs while creating a new user for a

4352

MemoryUserDatabase via JMX. (markt)

4353

</td></tr>

4354

4355

Fix an issue with the CrawlerSessionManagerValve that meant sessions

4356

were not always correctly tracked. (markt)

4357

</td></tr>

4358

4359

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51436">51436</a>: Send 100 (Continue) response earlier to enable

4360

ServletRequestListener implementations to read the request body. Based

4361

on a patch by Simon Olofsson. (markt)

4362

</td></tr>

4363

4364

Ensure an access log entry is made if an error occurs during

4365

asynchronous request processing and the socket is immediately closed.

(markt)

</td></tr>

Ensure that if asyncDispatch() is called during an onTimeout event and

4370

the target Servlet does not call startAsync() or complete() that Tomcat

4371

calls complete() once the target Servlet exits. (markt)

4372

</td></tr>

4373

4374

Improve the handling for Servlets that implement the deprecated

4375

SingleThreadModel when embedding Tomcat. (markt)

4376

</td></tr>

4377

4378

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51445">51445</a>: Correctly initialise all instances of Servlets that

4379

implement SingleThreadModel. Based on a patch by Felix Schumacher.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51453">51453</a>: Fix a regression in the preemptive authentication

4384

support (enhancement <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=12428">12428</a>) that could trigger authentication

4385

even if preemptive authentication was disabled. (markt)

4386

</td></tr>

4387

4388

Prevent possible NPE when serving Servlets that implement the

4389

SingleThreadModel interface. (markt)

4390

</td></tr>

4391

4392

In launcher for embedded Tomcat: do not change <code>catalina.home</code>

4393

system property if it had a value. (kkolinko)

4394

</td></tr>

4395

4396

When using Servlets that implement the SingleThreadModel interface, add

4397

the single instance created to the pool when it is determined that a

4398

pool of servlets is required rather than throwing it away. (markt)

4399

</td></tr>

4400

</table>

4401

</blockquote></td></tr></table>

4402

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.17 (markt)/Coyote"></a><a name="Tomcat_7.0.17_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4403

4404

4405

Fix unit test for bindOnInit which was failing for APR on some

platforms. (rjung)

</td></tr>

Remove superfluous quotes from thread names for connection pools.

(rjung)

</td></tr>

Fix crash observed during pausing the connector when using APR.

4414

Only add socket to poller if we are sure we don't close it later.

(rjung)

</td></tr>

Various refactorings to reduce code duplication and unnecessary code in

4419

the connectors. (markt)

4420

</td></tr>

4421

4422

Correct a regression introduced in Apache Tomcat 7.0.11 that broke

4423

certificate revocation list handling. (markt)

4424

</td></tr>

4425

</table>

4426

</blockquote></td></tr></table>

4427

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.17 (markt)/Jasper"></a><a name="Tomcat_7.0.17_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4428

4429

4430

Improve the message printed by TldLocationsCache and add configuration

4431

example to the <code>logging.properties</code> file. (kkolinko)

4432

</td></tr>

4433

4434

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=33453">33453</a>: Recompile JSPs if last modified time of the source or

4435

any of its dependencies changes either forwards or backwards. Note that

4436

this introduces an incompatible change to the code generated for JSPs.

4437

Tomcat will automatically re-compile any JSPs and tag files found in the

4438

work directory when upgrading from 7.0.16 or earlier to 7.0.17 or later.

4439

If you later downgrade from 7.0.17 or later to 7.0.16 or earlier, you

4440

must empty the work directory as part of the downgrade process. (markt)

4441

</td></tr>

4442

4443

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=36362">36362</a>: Handle the case where tag file attributes (which can

4444

use any valid XML name) have a name which is not a Java identifier.

(markt/kkolinko)

</td></tr>

Broaden the exception handling in the EL Parser so that more failures to

4449

parse an expression include the failed expression in the exception

4450

message. Hopefully, this will help track down the cause of

4451

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51088">51088</a>. (markt)

4452

</td></tr>

4453

</table>

4454

</blockquote></td></tr></table>

4455

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.17 (markt)/Cluster"></a><a name="Tomcat_7.0.17_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4456

4457

4458

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51306">51306</a>: Avoid NPE when handleSESSION_EXPIRED is processed

4459

while handleSESSION_CREATED is being processed. (kfujino)

4460

</td></tr>

4461

4462

Notifications of changes in session ID to other nodes in the cluster

4463

should be controlled by notifySessionListenersOnReplication rather than

4464

notifyListenersOnReplication. (markt)

4465

</td></tr>

4466

4467

The change in session ID is notified to the container event listener on

4468

the backup node in cluster.

4469

This notification is controlled by

4470

notifyContainerListenersOnReplication.(kfujino)

4471

</td></tr>

4472

</table>

4473

</blockquote></td></tr></table>

4474

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.17 (markt)/Web applications"></a><a name="Tomcat_7.0.17_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4475

4476

4477

Update Maven repository information in the documentation to reflect

4478

current usage. (markt)

4479

</td></tr>

4480

4481

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43538">43538</a>: Add host name and IP address to the HTML Manager

4482

application. Patch by Dennis Lundberg. (markt)

4483

</td></tr>

4484

4485

Add <code>session="false"</code> directive to the index page of the

4486

ROOT web application. (kkolinko)

4487

</td></tr>

4488

4489

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51443">51443</a>: Document the notifySessionListenersOnReplication

4490

attribute for the DeltaManager. (markt)

4491

</td></tr>

4492

4493

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51447">51447</a>: Viewing a back up session in the HTML Manager web

4494

application no longer changes the session to a primary session. Based on

4495

a patch provided by Eiji Takahashi. (markt)

4496

</td></tr>

4497

</table>

4498

</blockquote></td></tr></table>

4499

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.17 (markt)/Other"></a><a name="Tomcat_7.0.17_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4500

4501

4502

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=33262">33262</a>: Install monitor to auto-start for current user only

4503

rather than all users to be consistent with menu item creation. (markt)

4504

</td></tr>

4505

4506

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=40510">40510</a>: Provide an option to install shortcuts for the current

4507

user or all users. Also ensure registry is correctly cleaned on

4508

uninstall for 64-bit platforms. (markt)

4509

</td></tr>

4510

4511

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50949">50949</a>: Provide the ability to specify the AJP port and

4512

service name when installing Tomcat using the Windows installer. This

4513

permits multiple instances of the same Tomcat version to be installed

4514

side-by-side. (markt)

4515

</td></tr>

4516

4517

Clean up shell and batch scripts (improve consistency,

4518

clarify comments, add <code>configtest</code> command support for

Windows). (rjung)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51206">51206</a>: Make CATALINA_BASE visible for setenv.sh. (rjung)

4523

</td></tr>

4524

4525

Remove unnecessary variable BASEDIR from scripts. (rjung)

4526

</td></tr>

4527

4528

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51425">51425</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51450">51450</a>: Update Spanish translations. Based

4529

on patches provided by Jesus Marin. (markt)

4530

</td></tr>

4531

</table>

4532

</blockquote></td></tr></table>

4533

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.16 (markt)"></a><a name="Tomcat_7.0.16_(markt)"><strong>Tomcat 7.0.16 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-06-17</strong></font></td></tr><tr><td colspan="2"><blockquote>

4534

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.16 (markt)/Catalina"></a><a name="Tomcat_7.0.16_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4535

4536

4537

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51249">51249</a>: Further improve system property replacement code

4538

in ClassLoaderLogManager of Tomcat JULI to cover some corner cases.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51264">51264</a>: Improve the previous fix for this issue by returning

4543

the connection to the pool when not in use so it does not appear to be

4544

an abandoned connection. Patch provided by Felix Schumacher. (markt)

4545

</td></tr>

4546

4547

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51324">51324</a>: Improve handling of exceptions when flushing the

4548

response buffer to ensure that the doFlush flag does not get stuck in

4549

the enabled state. Patch provided by Jeremy Norris. (markt)

4550

</td></tr>

4551

4552

Correct a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51278">51278</a> that prevented any

4553

web application from being marked as distributable. (kfujino/markt)

4554

</td></tr>

4555

4556

Correct a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51278">51278</a> that prevented a

4557

web application from overriding the default welcome files. (markt)

4558

</td></tr>

4559

4560

Enable remaining valves for Servlet 3 asynchronous processing support.

(markt)

</td></tr>

Avoid possible NPE when logging requests received during embedded Tomcat

shutdown. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51340">51340</a>: Fix thread-safety issue when parsing multiple web.xml

4569

files in parallel. Apache Tomcat does not do this but products that

4570

embed it may. (markt)

4571

</td></tr>

4572

4573

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51344">51344</a>: Fix problem with Lifecycle re-factoring for deprecated

4574

embedded class that prevented events being triggered. (markt)

4575

</td></tr>

4576

4577

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51348">51348</a>: Prevent possible NPE when processing WebDAV locks.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4582

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.16 (markt)/Coyote"></a><a name="Tomcat_7.0.16_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4583

4584

4585

When parsing the port in the HTTP host header, restrict the value to be

4586

base 10 integer digits rather than hexadecimal ones.

4587

(rjung/markt/kkolinko)

4588

</td></tr>

4589

4590

Various refactorings to reduce code duplication and unnecessary code in

4591

the connectors. (markt)

4592

</td></tr>

4593

</table>

4594

</blockquote></td></tr></table>

4595

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.16 (markt)/Jasper"></a><a name="Tomcat_7.0.16_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4596

4597

4598

Change JAR scanning log messages where no TLDs are found to DEBUG level

4599

and replace the multiple messages with a single INFO level message that

4600

indicates that at least one JAR was scanned needlessly and how to obtain

more info. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4605

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.16 (markt)/Cluster"></a><a name="Tomcat_7.0.16_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4606

4607

4608

Enable Servlet 3 asynchronous processing support when using clustering.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4613

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.16 (markt)/Web applications"></a><a name="Tomcat_7.0.16_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4614

4615

4616

Correct the log4j configuration settings when defining conversion

4617

patterns in the documentation web application. (markt)

4618

</td></tr>

4619

</table>

4620

</blockquote></td></tr></table>

4621

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.15 (markt)"></a><a name="Tomcat_7.0.15_(markt)"><strong>Tomcat 7.0.15 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

4622

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.15 (markt)/Catalina"></a><a name="Tomcat_7.0.15_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4623

4624

4625

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=27122">27122</a>: Remove a workaround for a very old and since fixed

4626

Mozilla bug and change the default value of the securePagesWithPragma

4627

attribute of the Authenticator Valves to false. These changes should

4628

reduce the likelihood of issues when downloading files with IE. (markt)

4629

</td></tr>

4630

4631

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35054">35054</a>: Check that a file is not specified for a Host's

4632

appBase and log an error if it is. (markt)

4633

</td></tr>

4634

4635

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51197">51197</a>: Fix possible dropped connection when sendError or

4636

sendRedirect are used during async processing. (markt)

4637

</td></tr>

4638

4639

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51221">51221</a>: Correct Spanish translation of text used in a 302

4640

response. Patch provided by Paco Soberón. (markt)

4641

</td></tr>

4642

4643

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51249">51249</a>: Correct ClassLoaderLogManager system property

4644

replacement code so properties of the form "}${...}" can be used

4645

without error. (markt)

4646

</td></tr>

4647

4648

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51264">51264</a>: Allow the JDBC persistent session store to use a

4649

JNDI datasource to define the database in which sessions are persisted.

4650

Patch provided by Felix Schumacher. (markt)

4651

</td></tr>

4652

4653

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51274">51274</a>: Add missing i18n strings in PersistentManagerBase.

4654

Patch provided by Eiji Takahashi. (markt)

4655

</td></tr>

4656

4657

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51276">51276</a>: Provide an abstraction for accessing content in JARs

4658

so the most efficient method can be selected depending on the type of

4659

URL used to identify the JAR. This improves startup time when JARs are

4660

located in $CATALINA_BASE/lib. (markt)

4661

</td></tr>

4662

4663

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51277">51277</a>: Improve error message if an application is deployed

4664

with an incomplete FORM authentication configuration. (markt)

4665

</td></tr>

4666

4667

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51278">51278</a>: Allow ServletContainerInitializers to override

4668

settings in the global default web.xml and the host web.xml. (markt)

4669

</td></tr>

4670

4671

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51310">51310</a>: When stopping the Server object on shutdown call

4672

destroy() after calling stop(). (markt)

4673

</td></tr>

4674

</table>

4675

</blockquote></td></tr></table>

4676

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.15 (markt)/Coyote"></a><a name="Tomcat_7.0.15_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4677

4678

4679

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51145">51145</a>: Add an AJP-NIO connector. (markt/rjung)

4680

</td></tr>

4681

</table>

4682

</blockquote></td></tr></table>

4683

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.15 (markt)/Jasper"></a><a name="Tomcat_7.0.15_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4684

4685

4686

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51220">51220</a>: Add a system property to enable tag pooling with JSPs

4687

that use a custom base class. Based on a patch by Dan Mikusa. (markt)

4688

</td></tr>

4689

4690

Include a comment header in generated java files that indicates when the

4691

file was generated and which version of Tomcat generated it. (markt)

4692

</td></tr>

4693

4694

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51240">51240</a>: Ensure that maxConnections limit is enforced when

4695

multiple acceptor threads are configured. (markt)

4696

</td></tr>

4697

</table>

4698

</blockquote></td></tr></table>

4699

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.15 (markt)/Cluster"></a><a name="Tomcat_7.0.15_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4700

4701

4702

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51230">51230</a>: Add missing attributes to JMX for ReplicationValve and

4703

JvmRouteBinderValve. Patch provided by Eiji Takahashi. (markt)

4704

</td></tr>

4705

</table>

4706

</blockquote></td></tr></table>

4707

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.15 (markt)/Web applications"></a><a name="Tomcat_7.0.15_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4708

4709

4710

Add documentation for AJP-NIO connector. (markt/rjung)

4711

</td></tr>

4712

4713

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51182">51182</a>: Document JAAS supported added in <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51119">51119</a>.

4714

Patch provided by Neil Laurance. (markt)

4715

</td></tr>

4716

4717

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51225">51225</a>: Fix broken documentation links for non-English locales

4718

in the HTML Manager application. Patch provided by Eiji Takahashi.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51229">51229</a>: Fix bugs in the Servlet 3.0 asynchronous examples.

4723

Patch provided by Eiji Takahashi. (markt)

4724

</td></tr>

4725

4726

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51251">51251</a>: Add web application version support to the Ant tasks.

4727

Based on a patch provided by Eiji Takahashi. (markt)

4728

</td></tr>

4729

4730

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51294">51294</a>: Clarify behaviour of unpackWAR attribute of

4731

StandardContext components. (markt)

4732

</td></tr>

4733

</table>

4734

</blockquote></td></tr></table>

4735

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.15 (markt)/Other"></a><a name="Tomcat_7.0.15_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4736

4737

4738

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46451">46451</a>: Configure svn:bugtraq properties for Tomcat trunk.

4739

Based on a patch provided by Marc Guillemot. (markt)

4740

</td></tr>

4741

4742

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51309">51309</a>: Correct logic in catalina.sh stop when using a PID

4743

file to ensure the correct message is shown. Patch provided by Caio

Cezar. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4748

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.14 (markt)"></a><a name="Tomcat_7.0.14_(markt)"><strong>Tomcat 7.0.14 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-05-12</strong></font></td></tr><tr><td colspan="2"><blockquote>

4749

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.14 (markt)/Catalina"></a><a name="Tomcat_7.0.14_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4750

4751

4752

Stylistic improvements to MIME type sync script.

4753

Based on a patch provided by Felix Schumacher. (rjung)

4754

</td></tr>

4755

4756

Ensure that the SSLValve provides the SSL key size as an Integer rather

4757

than a String. (markt)

4758

</td></tr>

4759

4760

Ensure that the RemoteIpValve works correctly with Servlet 3.0

4761

asynchronous requests. (markt)

4762

</td></tr>

4763

4764

Use safe equality test when determining event type in the

4765

MapperListener. (markt)

4766

</td></tr>

4767

4768

Use correct class loader when loading Servlet classes in

4769

StandardWrapper. (markt)

4770

</td></tr>

4771

4772

Provide additional configuration options for the RemoteIpValve and

4773

RemoteIpFilter to allow greater control over the values returned by

4774

ServletRequest#getServerPort() and ServletRequest#getLocalPort() when

4775

Tomcat is behind a reverse proxy. (markt)

4776

</td></tr>

4777

4778

Ensure session cookie paths end in <code>/</code> so that session

4779

cookies created for a context with a path of <code>/foo</code> do not

4780

get returned with requests mapped to a context with a path of

4781

<code>/foobar</code>. (markt)

4782

</td></tr>

4783

</table>

4784

</blockquote></td></tr></table>

4785

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.14 (markt)/Jasper"></a><a name="Tomcat_7.0.14_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4786

4787

4788

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51177">51177</a>: Ensure Tomcat's MapElResolver always returns

4789

<code>Object.class</code> for <code>getType()</code> as required by the

4790

EL specification. (markt)

4791

</td></tr>

4792

</table>

4793

</blockquote></td></tr></table>

4794

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.13 (markt)"></a><a name="Tomcat_7.0.13_(markt)"><strong>Tomcat 7.0.13 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

4795

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.13 (markt)/Catalina"></a><a name="Tomcat_7.0.13_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

4796

4797

4798

Correct mix-up in Realm Javadoc. (markt)

4799

</td></tr>

4800

4801

Fix display of response headers in AccessLogValve. (kkolinko)

4802

</td></tr>

4803

4804

Implement display of multiple request headers in AccessLogValve:

4805

print not just the value of the first header, but of the all of them,

4806

separated by commas. (kkolinko)

4807

</td></tr>

4808

4809

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50306">50306</a>: New StuckThreadDetectionValve to detect requests that

4810

take a long time to process, which might indicate that their processing

4811

threads are stuck. Based on a patch provided by TomLu. (slaurent)

4812

</td></tr>

4813

4814

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51038">51038</a>: Ensure that asynchronous requests are included in

access logs. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51042">51042</a>: Don't trigger session creation listeners when a

4819

session ID is changed as part of the authentication process. (markt)

4820

</td></tr>

4821

4822

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51050">51050</a>: Add additional common but non-standard file extension

4823

to MIME type mappings for MPEG 4 files. Based on a patch by Cédrik Lime.

(markt)

</td></tr>

Add some additional common JARs that do not contain TLDs or web

4828

fragments to the list of JARs to skip when scanning for TLDs and web

fragments. (markt)

</td></tr>

While scanning JARs for TLDs and fragments, avoid using JarFile and use

4833

JarInputStream as in most circumstances where JARs are scanned, JarFile

4834

will create a temporary copy of the JAR rather than using the resource

4835

directly. This change significantly improves startup performance for

4836

applications with lots of JARs to be scanned. (markt)

4837

</td></tr>

4838

4839

Ensure response is committed when <code>AsyncContext#complete()</code>

is called. (markt)

</td></tr>

Add a container event that is fired when a session's ID is changed,

4844

e.g. on authentication. (markt)

4845

</td></tr>

4846

4847

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51099">51099</a>: Correctly implement non-default login configurations

4848

(configured via the loginConfigName attribute) for the the SPNEGO

4849

authenticator. (fhanik/markt)

4850

</td></tr>

4851

4852

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51119">51119</a>: Add JAAS authentication support to the

4853

JMXRemoteLifecycleListener. Patch provided by Neil Laurance. (markt)

4854

</td></tr>

4855

4856

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51136">51136</a>: Provide methods that enable the name of a Context on

4857

Context creation when using Tomcat in an embedded scenario. Based on a

4858

patch provided by David Calavera. (markt)

4859

</td></tr>

4860

4861

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51137">51137</a>: Add additional Microsoft Office MIME type mappings.

(rjung)

</td></tr>

Partial sync of MIME type mapping with mime.types from the Apache web

4866

server. About 600 MIME types added, some changed. (rjung)

4867

</td></tr>

4868

4869

Make access logging more robust when logging requests that generate 400

4870

responses since the request object is unlikely to be fully/correctly

4871

populated in that case. (markt)

4872

</td></tr>

4873

</table>

4874

</blockquote></td></tr></table>

4875

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.13 (markt)/Coyote"></a><a name="Tomcat_7.0.13_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

4876

4877

4878

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50957">50957</a>: Fix regression in HTTP BIO connector that triggered

4879

errors when processing pipe-lined requests. (markt)

4880

</td></tr>

4881

4882

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50158">50158</a>: Ensure the asynchronous requests never timeout if the

4883

timeout is set to zero or less. Based on a patch provided by Chris.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51073">51073</a>: Throw an exception and do not start the APR connector

4888

if it is configured for SSL and an invalid value is provided for

SSLProtocol. (markt)

</td></tr>

Align all the connector implementations with the documented default

4893

setting for processorCache of 200. This changes the default from -1

4894

(unlimited) for the AJP-BIO, AJP-APR and HTTP-APR connectors. Additional

4895

information was also added to the documentation on how to select an

appropriate value.

</td></tr>

Take account of time spent waiting for a processing thread when

4900

calculating connection and keep-alive timeouts for the HTTP BIO

connector. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51095">51095</a>: Don't trigger a NullPointerException when the SSL

4905

handshake fails with the HTTP-APR connector. Patch provided by Mike

Glazer. (markt)

</td></tr>

Improve handling in AJP connectors of the case where too large a AJP

4910

packet is received. (markt)

4911

</td></tr>

4912

4913

Restore the automatic disabling of HTTP keep-alive with the BIO

4914

connector once 75% of the processing threads are in use and make the

4915

threshold configurable. (markt)

4916

</td></tr>

4917

4918

Make pollerSize and maxConnections synonyms for the APR connectors since

4919

they perform the same function. (markt)

4920

</td></tr>

4921

4922

Use maxThreads rather than 10000 as the default maxConnections for the

4923

BIO connectors. (markt)

4924

</td></tr>

4925

</table>

4926

</blockquote></td></tr></table>

4927

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.13 (markt)/Jasper"></a><a name="Tomcat_7.0.13_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

4928

4929

4930

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47371">47371</a>: Correctly coerce the empty string to zero when used as

4931

an operand in EL arithmetic. Patch provided by gbt. (markt)

4932

</td></tr>

4933

4934

Label JSP/tag file line and column numbers when reporting errors since

4935

it may not be immediately obvious what the numbers represent. (markt)

4936

</td></tr>

4937

4938

Correct a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49916">49916</a> that resulted in

4939

JSPs being compiled twice rather than just once. (markt)

4940

</td></tr>

4941

4942

Log JARs that are scanned for TLDs where no TLD is found so that users

4943

can easily identify JARs that can be added to the list of JARs to skip.

(markt)

</td></tr>

Use a single TLD location cache for a web application rather than one

4948

per JSP compilation to speed up JSP compilation. (markt)

4949

</td></tr>

4950

4951

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51124">51124</a>: Refactor BodyContentImpl to assist in determining the

4952

root cause of this bug. Based on a patch by Ramiro. (markt)

4953

</td></tr>

4954

</table>

4955

</blockquote></td></tr></table>

4956

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.13 (markt)/Cluster"></a><a name="Tomcat_7.0.13_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

4957

4958

4959

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50950">50950</a>: Correct possible NotSerializableException for an

4960

authenticated session when running with a security manager. (markt)

4961

</td></tr>

4962

</table>

4963

</blockquote></td></tr></table>

4964

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.13 (markt)/Web applications"></a><a name="Tomcat_7.0.13_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

4965

4966

4967

Configure Security Manager How-To to include a copy of the actual

4968

conf/catalina.policy file when the documentation is built, rather

4969

than maintaining a copy of its content. (kkolinko)

4970

</td></tr>

4971

4972

Fix broken stylesheet URL in XML based manager status output. (rjung)

4973

</td></tr>

4974

4975

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51156">51156</a>: Ensure session expiration option is available in

4976

Manager application was running web applications that were defined in

server.xml. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

4981

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.13 (markt)/Other"></a><a name="Tomcat_7.0.13_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

4982

4983

4984

Clarify error messages in *.sh files to mention that if a script is

4985

not found it might be because execute permission is needed. (kkolinko)

4986

</td></tr>

4987

4988

Update Apache Commons Pool to 1.5.6. (markt)

4989

</td></tr>

4990

4991

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51135">51135</a>: Fix auto-detection of JAVA_HOME for 64-bit Windows

4992

platforms that only have a 32-bit JVM installed. (markt)

4993

</td></tr>

4994

4995

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51154">51154</a>: Remove duplicate @deprecated tags in ServletContext

4996

Javadoc. Patch provided by sebb. (markt)

4997

</td></tr>

4998

4999

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=51155">51155</a>: Add comments to @deprecated tags that have none. Patch

5000

provided by sebb. (markt)

5001

</td></tr>

5002

</table>

5003

</blockquote></td></tr></table>

5004

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.12 (markt)"></a><a name="Tomcat_7.0.12_(markt)"><strong>Tomcat 7.0.12 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-04-06</strong></font></td></tr><tr><td colspan="2"><blockquote>

5005

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.12 (markt)/Catalina"></a><a name="Tomcat_7.0.12_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5006

5007

5008

Automatically correct invalid paths when specified for Context elements

5009

inside server.xml and log a warning that the configuration has been

corrected. (markt)

</td></tr>

Don't unpack WAR files if they are not located in the Host's

appBase. (markt)

</td></tr>

Don't log to standard out in SSLValve. (markt)

5018

</td></tr>

5019

5020

Handle the case where a web crawler provides an invalid session ID in

5021

the CrawlerSessionManagerValve. (markt)

5022

</td></tr>

5023

5024

Update pattern used in CrawlerSessionManagerValve to that used by the

5025

ASF infrastructure team. (markt)

5026

</td></tr>

5027

5028

Remove unnecessary whitespace from MIME mapping entries in global

5029

web.xml file. (markt)

5030

</td></tr>

5031

5032

When using parallel deployment, correctly handle the scenario when the

5033

client sends multiple JSESSIONID cookies. (markt)

5034

</td></tr>

5035

5036

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=12428">12428</a>: Add support (disabled by default) for preemptive

5037

authentication. This can be configured per context. Based on a patch

5038

suggested by Werner Donn. (markt)

5039

</td></tr>

5040

5041

Make the CSRF nonce cache serializable so that it can be replicated

5042

across a cluster and/or persisted across Tomcat restarts. (markt)

5043

</td></tr>

5044

5045

Resolve some refactoring TODOs in the implementation of the new Context

5046

attribute "swallowAbortedUploads". (markt)

5047

</td></tr>

5048

5049

Include the seed time when calculating the time taken to create

5050

SecureRandom instances for session ID generation, report excessive times

5051

(greater than 100ms) at INFO level and provide a value for the message

5052

key so a meaningful message appears in the logs. (markt)

5053

</td></tr>

5054

5055

Don't register Contexts that fail to start with the Mapper. (markt)

5056

</td></tr>

5057

5058

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48685">48685</a>: Add initial support for SPNEGO/Kerberos authentication

5059

also referred to as integrated Windows authentication. This includes

5060

user authentication, authorisation via the directory using the

5061

user's delegated credentials and exposing the user's delegated

5062

credentials via a request attribute so applications can make use of them

5063

to impersonate the current user when accessing third-party systems that

5064

use a compatible authentication mechanism. Based on a patch provided by

5065

Michael Osipov. (markt)

5066

</td></tr>

5067

5068

HTTP range requests cannot be reliably served when a Writer is in use so

5069

prevent the DefaultServlet from attempting to do so. (kkolinko)

5070

</td></tr>

5071

5072

Protect the DefaultServlet from Valves, Filters and Wrappers that write

5073

content to the response. Prevent partial responses to partial GET

5074

requests in this case since the range cannot be reliably determined.

5075

Also prevent the DefaultServlet from setting a content length header

5076

since this too cannot be reliably determined. (markt)

5077

</td></tr>

5078

5079

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50929">50929</a>: When wrapping an exception, include the root cause.

5080

Patch provided by sebb. (markt)

5081

</td></tr>

5082

5083

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50991">50991</a>: Fix regression in fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=25060">25060</a> that called

5084

close on a JNDI resource while it was still available to the

application. (markt)

</td></tr>

Provide a configuration option that lets the close method to be used for

5089

a JNDI Resource to be defined by the user. This change also disables

5090

using the close method unless one is explicitly defined for the

5091

resource and limits it to singleton resources. (markt)

5092

</td></tr>

5093

5094

Correctly track changes to context.xml files and trigger redeployment

5095

when copyXML is set to false. (markt)

5096

</td></tr>

5097

5098

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50997">50997</a>: Relax the requirement that directories must have a

5099

name ending in <code>.jar</code> to be treated as an expanded JAR file

5100

by the default JarScanner. Based on patch by Rodion Zhitomirsky. (markt)

5101

</td></tr>

5102

5103

Don't append the jvmRoute to a session ID if the jvmRoute is a zero

5104

length string. (markt)

5105

</td></tr>

5106

5107

Don't register non-singelton DataSource resources with JMX. (markt)

5108

</td></tr>

5109

5110

CVE-2011-1184: Provide additional configuration options for the DIGEST

5111

authenticator. (markt)

5112

</td></tr>

5113

5114

Provide a workaround for Tomcat hanging during shutdown when running the

unit tests. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5119

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.12 (markt)/Coyote"></a><a name="Tomcat_7.0.12_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5120

5121

5122

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50887">50887</a>: Add support for configuring the JSSE provider used to

5123

convert client certificates. Based on a patch by pknopp. (markt)

5124

</td></tr>

5125

5126

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50903">50903</a>: When a connector is stopped, ensure that requests that

5127

are currently in a keep-alive state and waiting for client data are not

5128

processed. Requests where processing has started will continue to

completion. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50927">50927</a>: Improve error message when SSLCertificateFile is not

5133

specified when using APR with SSL. Based on a patch provided by sebb.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50928">50928</a>: Don't ignore keyPass attribute for HTTP BIO and

5138

NIO connectors. Based on a patch provided by sebb. (markt)

5139

</td></tr>

5140

</table>

5141

</blockquote></td></tr></table>

5142

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.12 (markt)/Cluster"></a><a name="Tomcat_7.0.12_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5143

5144

5145

Securely seed the SecureRandom instance used for UUID generation and

5146

report excessive creation time (greater than 100ms) at INFO level.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5151

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.12 (markt)/Web applications"></a><a name="Tomcat_7.0.12_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5152

5153

5154

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50924">50924</a>: Clean-up HTTP connector comparison table. (markt)

5155

</td></tr>

5156

5157

Slightly expanded the documentation of the Host element to clarify the

5158

relationship between host name and DNS name. (markt)

5159

</td></tr>

5160

5161

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50925">50925</a>: Update SSL how-to to take account of

5162

<code>keyPass</code> connector attribute. (markt)

5163

</td></tr>

5164

5165

Improve Tomcat Logging documentation. (kkolinko)

5166

</td></tr>

5167

5168

Align the authenticator documentation and MBean descriptors with the

5169

implementation. (markt)

5170

</td></tr>

5171

5172

Prevent the custom error pages for the Manager and Host Manager

5173

applications from being accessed directly. (markt)

5174

</td></tr>

5175

5176

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50984">50984</a>: When using the Manager application ensure that

5177

undeployment fails if a file cannot be deleted. (markt)

5178

</td></tr>

5179

</table>

5180

</blockquote></td></tr></table>

5181

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.12 (markt)/Other"></a><a name="Tomcat_7.0.12_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

5182

5183

5184

Update Eclipse JDT complier to 3.6.2. (markt)

5185

</td></tr>

5186

5187

Update WSDL4J library to 1.6.2 (used by JSR 109 support in the extras

package). (markt)

</td></tr>

Update optional CheckStyle library to 5.3. (markt)

5192

</td></tr>

5193

5194

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50911">50911</a>: Reduce noise generated during the build of the Windows

5195

installer so warnings are more obvious. Patch provided by sebb. (markt)

5196

</td></tr>

5197

5198

Further work to reduce compiler and validation warnings across the code

base. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5203

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.11 (markt)"></a><a name="Tomcat_7.0.11_(markt)"><strong>Tomcat 7.0.11 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-03-11</strong></font></td></tr><tr><td colspan="2"><blockquote>

5204

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.11 (markt)/Catalina"></a><a name="Tomcat_7.0.11_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5205

5206

5207

CVE-2011-1088: Completed fix. Don't ignore @ServletSecurity

annotations. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=25060">25060</a>: Close Apache Commons DBCP datasources when the

5212

associated JNDI naming context is stopped (e.g. for a non-global

5213

DataSource resource on web application reload) to close remaining

5214

database connections immediately rather than waiting for garbage

collection. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=26701">26701</a>: Provide a mechanism for users to register their own

5219

<code>URLStreamHandlerFactory</code> objects. (markt)

5220

</td></tr>

5221

5222

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50855">50855</a>: Fix NPE on HttpServletRequest.logout() when debug

5223

logging is enabled. (markt)

5224

</td></tr>

5225

5226

New context attribute "swallowAbortedUploads" allows

5227

to make request data swallowing configurable for requests

5228

that are too large. (rjung)

5229

</td></tr>

5230

5231

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50854">50854</a>: Add additional permissions required by the Manager

5232

application when running under a security Manager and support a shared

5233

Manager installation when $CATALINA_HOME != CATALINA_BASE. (markt)

5234

</td></tr>

5235

5236

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50893">50893</a>: Add additional information to the download README for

5237

the extras components. (markt)

5238

</td></tr>

5239

5240

Calling <code>stop()</code> and then <code>destroy()</code> on a

5241

connector incorrectly triggered an exception. (markt)

5242

</td></tr>

5243

</table>

5244

</blockquote></td></tr></table>

5245

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.11 (markt)/Coyote"></a><a name="Tomcat_7.0.11_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5246

5247

5248

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48208">48208</a>: Allow the configuration of a custom trust manager for

5249

use in CLIENT-CERT authentication. (markt)

5250

</td></tr>

5251

5252

Fix issues that prevented asynchronous servlets from working when used

5253

with the HTTP APR connector on platforms that support TCP_DEFER_ACCEPT.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5258

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.11 (markt)/Jasper"></a><a name="Tomcat_7.0.11_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5259

5260

5261

Correct possible threading issue in JSP compilation when development

5262

mode is used. (markt)

5263

</td></tr>

5264

5265

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50895">50895</a>: Don't initialize classes created during the

5266

compilation stage. (markt)

5267

</td></tr>

5268

</table>

5269

</blockquote></td></tr></table>

5270

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.10 (markt)"></a><a name="Tomcat_7.0.10_(markt)"><strong>Tomcat 7.0.10 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-03-08</strong></font></td></tr><tr><td colspan="2"><blockquote>

5271

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.10 (markt)/Catalina"></a><a name="Tomcat_7.0.10_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5272

5273

5274

CVE-2011-1088: Partial fix. Don't ignore @ServletSecurity

annotations. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=27988">27988</a>: Improve reporting of missing files. (markt)

5279

</td></tr>

5280

5281

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=28852">28852</a>: Add URL encoding where missing to parameters in URLs

5282

presented by Ant tasks to the Manager application. Based on a patch by

5283

Stephane Bailliez. (markt)

5284

</td></tr>

5285

5286

Improve handling of SSL renegotiation by failing earlier when the

5287

request body contains more bytes than maxSavePostSize. (markt)

5288

</td></tr>

5289

5290

Improve shut down speed by not renewing threads during shut down when

5291

the <code>ThreadLocalLeakPreventionListener</code> is enabled. (markt)

5292

</td></tr>

5293

</table>

5294

</blockquote></td></tr></table>

5295

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.10 (markt)/Coyote"></a><a name="Tomcat_7.0.10_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5296

5297

5298

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49284">49284</a>: Add SSL re-negotiation support to the HTTP NIO

5299

connector and extend test cases to cover CLIENT-CERT authentication.

(fhanik/markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5304

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.9 (markt)"></a><a name="Tomcat_7.0.9_(markt)"><strong>Tomcat 7.0.9 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

5305

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.9 (markt)/Catalina"></a><a name="Tomcat_7.0.9_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5306

5307

5308

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=19444">19444</a>: Add an option to the JNDI realm to allow role searches

5309

to be performed by the authenticated user. (markt)

5310

</td></tr>

5311

5312

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=21669">21669</a>: Add the ability to specify the roleBase for the JNDI

5313

Realm as relative to the users DN. Based on a patch by Art W. (markt)

5314

</td></tr>

5315

5316

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=22405">22405</a>: Add a new Lifecycle listener,

5317

<code>org.apache.catalina.security.SecurityListener</code> that prevents

5318

Tomcat from starting insecurely. It requires that Tomcat is not started

5319

as root and that a umask at least as restrictive as 0007 is used. This

5320

new listener is not enabled by default.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48863">48863</a>: Better logging when specifying an invalid directory

5325

for a class loader. Based on a patch by Ralf Hauser. (markt/kkolinko)

5326

</td></tr>

5327

5328

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48870">48870</a>: Refactor to remove use of parallel arrays. (markt)

5329

</td></tr>

5330

5331

Enhance the RemoteIpFilter and RemoteIpValve so that the modified remote

5332

address, remote host, protocol and server port may be used in an access

5333

log if desired. (markt)

5334

</td></tr>

5335

5336

Restore access to Environments, Resources and ResourceLinks via JMX

5337

which was lost in early 7.0.x re-factoring. (markt)

5338

</td></tr>

5339

5340

Remove ServerLifecycleListener. This was already removed from server.xml

5341

and with the Lifecycle re-factoring is no longer required. (markt)

5342

</td></tr>

5343

5344

Add additional checks to ensure that sub-classes of

5345

<code>org.apache.catalina.util.LifecycleBase</code> correctly implement

5346

the expected state transitions. (markt)

5347

</td></tr>

5348

5349

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50189">50189</a>: Once the application has finished writing to the

5350

response, prevent further reads from the request since this causes

5351

various problems in the connectors which do not expect this. (markt)

5352

</td></tr>

5353

5354

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50700">50700</a>: Ensure that the override attribute of context

5355

parameters is correctly followed. (markt)

5356

</td></tr>

5357

5358

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50721">50721</a>: Correctly handle URL decoding where the URL ends in

5359

%nn. Patch provided by Christof Marti. (markt)

5360

</td></tr>

5361

5362

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50737">50737</a>: Add additional information when an invalid WAR file is

detected. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50748">50748</a>: Allow the content length header to be set up to the

5367

point the response is committed when a writer is being used. (markt)

5368

</td></tr>

5369

5370

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50751">50751</a>: When authenticating with the JNDI Realm, only attempt

5371

to read user attributes from the directory if attributes are required.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50752">50752</a>: Fix typo in debug message in deprecated Embedded

class. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50789">50789</a>: Provide an option to enable ServletRequestListeners

5380

for forwards as required by some CDI frameworks. (markt)

5381

</td></tr>

5382

5383

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50793">50793</a>: When processing Servlet 3.0 async requests, ensure

5384

that the requestInitialized and requestDestroyed events are only fired

5385

once per request at the correct times. (markt)

5386

</td></tr>

5387

5388

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50802">50802</a>: Ensure that

5389

<code>ServletContext.getResourcePaths()</code> includes static resources

5390

packaged in JAR files in its output. (markt)

5391

</td></tr>

5392

5393

Web crawlers can trigger the creation of many thousands of sessions as

5394

they crawl a site which may result in significant memory consumption.

5395

The new Crawler Session Manager Valve ensures that crawlers are

5396

associated with a single session - just like normal users - regardless

5397

of whether or not they provide a session token with their requests.

(markt)

</td></tr>

Don't attempt to start NamingResources for Contexts multiple times.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50826">50826</a>: Avoid <code>IllegalArgumentException</code> if an

5406

embedded Tomcat instance that includes at least one Context is destroyed

5407

without ever being started. (markt)

5408

</td></tr>

5409

5410

Ensure a web application is taken out of service if the web.xml file is

5411

not valid. (kkolinko/markt)

5412

</td></tr>

5413

5414

Ensure Servlet 2.2 jspFile elements are correctly converted to use a

5415

leading '/' if missing. (markt)

5416

</td></tr>

5417

5418

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50836">50836</a>: Better documentation of the meaning of

5419

<code>Lifecycle.isAvailable()</code> and correct a couple of cases where

5420

this could incorrectly return true. (markt)

5421

</td></tr>

5422

</table>

5423

</blockquote></td></tr></table>

5424

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.9 (markt)/Coyote"></a><a name="Tomcat_7.0.9_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5425

5426

5427

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50780">50780</a>: Fix memory leak in APR implementation of AJP

5428

connector introduced by the refactoring for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49884">49884</a>. (markt)

5429

</td></tr>

5430

5431

If server configuration errors and/or faulty applications caused the

5432

ulimit for open files to be reached, the acceptor threads for all

5433

connectors could enter a tight loop. This loop consumed CPU and also

5434

logged an error message for every iteration of the loop which lead to

5435

large log files being generated. The acceptors have been enhanced to

5436

better handle this situation. (markt)

5437

</td></tr>

5438

</table>

5439

</blockquote></td></tr></table>

5440

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.9 (markt)/Jasper"></a><a name="Tomcat_7.0.9_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5441

5442

5443

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50720">50720</a>: Ensure that the use of non-ISO-8859-1 character sets

5444

for web.xml does not trigger an error when Jasper parses the web.xml

file. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50726">50726</a>: Ensure that the use of the genStringAsCharArray does

5449

not result in String constants that are too long for valid Java code.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50790">50790</a>: Improve method resolution in EL expressions. (markt)

5454

</td></tr>

5455

</table>

5456

</blockquote></td></tr></table>

5457

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.9 (markt)/Cluster"></a><a name="Tomcat_7.0.9_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5458

5459

5460

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50771">50771</a>: Ensure HttpServletRequest#getAuthType() returns the

5461

name of the authentication scheme if request has already been

5462

authenticated. (kfujino)

5463

</td></tr>

5464

</table>

5465

</blockquote></td></tr></table>

5466

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.9 (markt)/Web applications"></a><a name="Tomcat_7.0.9_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5467

5468

5469

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50713">50713</a>: Remove roles command from the Manager application.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5474

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.9 (markt)/Tribes"></a><a name="Tomcat_7.0.9_(markt)/Tribes"><strong>Tribes</strong></a></font></td></tr><tr><td><blockquote>

5475

5476

5477

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50667">50667</a> (<a href="http://svn.apache.org/viewvc?view=rev&rev=1068549">r1068549</a>): Allow RPC callers to get

5478

confirmation when sending a reply. (fhanik)

5479

</td></tr>

5480

</table>

5481

</blockquote></td></tr></table>

5482

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.9 (markt)/Other"></a><a name="Tomcat_7.0.9_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

5483

5484

5485

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50743">50743</a>: Cache CheckStyle results between builds to speed up

5486

validation. Patch provided by Oliver. (markt)

5487

</td></tr>

5488

</table>

5489

</blockquote></td></tr></table>

5490

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.8 (markt)"></a><a name="Tomcat_7.0.8_(markt)"><strong>Tomcat 7.0.8 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-02-05</strong></font></td></tr><tr><td colspan="2"><blockquote>

5491

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.8 (markt)/Catalina"></a><a name="Tomcat_7.0.8_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5492

5493

5494

Fix NPE in CoyoteAdapter when postParseRequest() call fails. (kkolinko)

5495

</td></tr>

5496

5497

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50709">50709</a>: Make <code>ApplicationContextFacade</code> non-final to

5498

enable extension. (markt)

5499

</td></tr>

5500

5501

When running under a security manager, user requests may fail with a

5502

security exception. (markt)

5503

</td></tr>

5504

</table>

5505

</blockquote></td></tr></table>

5506

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.8 (markt)/Coyote"></a><a name="Tomcat_7.0.8_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5507

5508

5509

Reduce level of log message for invalid URL parameters from WARNING to

INFO. (markt)

</td></tr>

Fix hanging Servlet 3 asynchronous requests when using the APR based AJP

connector. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5518

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.8 (markt)/Other"></a><a name="Tomcat_7.0.8_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

5519

5520

5521

Align server.xml installed by the Windows installer with the one

5522

bundled in zip/tar.gz files. The differences are LockOutRealm being

5523

used and AccessLogValve being enabled by default. (kkolinko)

5524

</td></tr>

5525

</table>

5526

</blockquote></td></tr></table>

5527

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.7 (markt)"></a><a name="Tomcat_7.0.7_(markt)"><strong>Tomcat 7.0.7 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

5528

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.7 (markt)/Catalina"></a><a name="Tomcat_7.0.7_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5529

5530

5531

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=18462">18462</a>: Don't merge <code>stdout</code> and

5532

<code>stderr</code> internally so users retain the option to treat them

separately. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=18797">18797</a>: Provide protection against <code>null</code> or zero

5537

length names being provided for users, roles and groups in the

5538

<code>MemoryRealm</code> and <code>UserDatabaseRealm</code>. (markt)

5539

</td></tr>

5540

5541

Improve fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50205">50205</a> to trigger an error earlier if invalid

5542

configuration is used. (markt)

5543

</td></tr>

5544

5545

Provide additional control over component class loaders, primarily for

5546

use when embedding. (markt)

5547

</td></tr>

5548

5549

Fix NPE in RemoteAddrFilter, RemoteHostFilter. (kkolinko)

5550

</td></tr>

5551

5552

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49711">49711</a>: HttpServletRequest#getParts will work in a filter

5553

or servlet without an @MultipartConfig annotation or

5554

MultipartConfigElement if the new "allowCasualMultipartParsing"

5555

context attribute is set to "true". (schultz)

5556

</td></tr>

5557

5558

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49978">49978</a>: Correct another instance where deployment incorrectly

5559

failed if a directory in the work area already existed. (markt)

5560

</td></tr>

5561

5562

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50582">50582</a>: Refactor access logging so chunked encoding is not

5563

forced for all requests if bytes sent is logged. (markt)

5564

</td></tr>

5565

5566

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50597">50597</a>: Don't instantiate a new instance of a Filter if

5567

an instance was provided via the

5568

<code>ServletContext.addFilter(String, Filter)</code> method. Patch

5569

provided by Ismael Juma. (markt)

5570

</td></tr>

5571

5572

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50598">50598</a>: Correct URL for Manager text interface. (markt)

5573

</td></tr>

5574

5575

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50620">50620</a>: Stop exceptions that occur during

5576

<code>Session.endAccess()</code> from preventing the normal completion

5577

of <code>Request.recycle()</code>. (markt)

5578

</td></tr>

5579

5580

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50629">50629</a>: Make <code>StandardContext.bindThread()</code> and

5581

<code>StandardContext.unbindThread()</code> protected to allow use by

sub-classes. (markt)

</td></tr>

Use getName() instead of logName() in error messages in StandardContext.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50642">50642</a>: Move the <code>sun.net.www.http.HttpClient</code>

5590

keep-alive thread memory leak protection from the

5591

JreMemoryLeakPreventionListener to the WebappClassLoader since the

5592

thread that triggers the memory leak is created on demand. (markt)

5593

</td></tr>

5594

5595

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50673">50673</a>: Improve Catalina shutdown when running as a service.

5596

Do not call System.exit(). (kkolinko)

5597

</td></tr>

5598

5599

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50683">50683</a>: Ensure annotations are scanned when

5600

<code>unpackWARs</code> is set to <code>false</code> in the Host

5601

where a web application is deployed. (markt)

5602

</td></tr>

5603

5604

Improve HTTP specification compliance in support of

5605

<code>Accept-Language</code> header. This protects from known exploit

5606

of the Oracle JVM bug that triggers a DoS, CVE-2010-4476. (kkolinko)

5607

</td></tr>

5608

</table>

5609

</blockquote></td></tr></table>

5610

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.7 (markt)/Coyote"></a><a name="Tomcat_7.0.7_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5611

5612

5613

Prevent possible thread exhaustion if a Comet timeout event takes a

5614

while to complete. (markt)

5615

</td></tr>

5616

5617

Prvent multiple Comet END events if the CometServlet calls

5618

<code>event.close()</code> during an END event. (markt)

5619

</td></tr>

5620

5621

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50325">50325</a>: When the JVM indicates support for RFC 5746, disable

5622

Tomcat's <code>allowUnsafeLegacyRenegotiation</code> configuration

5623

attribute and use the JVM configuration to control renegotiation.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50405">50405</a>: Fix occassional NPE when using NIO connector and

Comet. (markt)

</td></tr>

Ensure correct recycling of NIO input filters when processing Comet

events. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50627">50627</a>: Correct interaction of NIO socket and Poller when

5636

processing Comet events. (markt)

5637

</td></tr>

5638

5639

Correct interaction of APR socket and Poller when processing Comet

events. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50631">50631</a>: InternalNioInputBuffer should honor

5644

<code>maxHttpHeadSize</code>. (kkolinko)

5645

</td></tr>

5646

</table>

5647

</blockquote></td></tr></table>

5648

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.7 (markt)/Jasper"></a><a name="Tomcat_7.0.7_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5649

5650

5651

Improve special case handling of

5652

<code>javax.servlet.jsp.el.ScopedAttributeELResolver</code> in

5653

<code>javax.el.CompositeELResolver</code> to handle sub-classes. (markt)

5654

</td></tr>

5655

5656

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=15688">15688</a>: Use fully-qualified class names in generated jsp files

5657

to avoid naming conflicts with user imports. (markt)

5658

</td></tr>

5659

5660

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46819">46819</a>: Remove redundant object instantiations in

5661

JspRuntimeLibrary. Patch provided by Anthony Whitford. (markt)

5662

</td></tr>

5663

5664

Improve error message when EL identifiers are not valid Java identifiers

5665

and use i18n for the error message. (markt)

5666

</td></tr>

5667

5668

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50680">50680</a>: Prevent an NPE when using tag files from an exploded

5669

JAR file, e.g. from within an IDE. Patch provided by Larry Isaacs.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5674

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.7 (markt)/Cluster"></a><a name="Tomcat_7.0.7_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5675

5676

5677

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50591">50591</a>: Fix NPE in ReplicationValve. (kkolinko)

5678

</td></tr>

5679

5680

Internationalise the log messages for the FarmWarDeployer. (markt)

5681

</td></tr>

5682

5683

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50600">50600</a>: Prevent a <code>ConcurrentModificationException</code>

5684

when removing a WAR file via the FarmWarDeployer. (markt)

5685

</td></tr>

5686

5687

Be consistent with locks on sessionCreationTiming,

5688

sessionExpirationTiming in DeltaManager.resetStatistics(). (kkolinko)

5689

</td></tr>

5690

5691

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50648">50648</a>: Correctly set the interrupt status if a thread using

5692

<code>RpcChannel</code> is interrupted waiting for a message reply.

5693

Based on a patch by Olivier Costet. (markt)

5694

</td></tr>

5695

5696

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50646">50646</a>: Ensure larger Tribes messages are fully read. Patch

5697

provided by Olivier Costet. (markt)

5698

</td></tr>

5699

5700

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50679">50679</a>: Update the FarmWarDeployer to support parallel

deployment. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5705

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.7 (markt)/Web applications"></a><a name="Tomcat_7.0.7_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

5706

5707

5708

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=22278">22278</a>: Add a commented out <code>RemoteAddrValve</code> that

5709

limits access to the Manager and Host Manager applications to localhost.

5710

Based on a patch by Yann Cébron. (markt)

5711

</td></tr>

5712

5713

Correct a handful of Javadoc warnings. (markt)

5714

</td></tr>

5715

5716

Provide additional detail about how web application version order is

5717

determined when using parallel deployment. (markt)

5718

</td></tr>

5719

5720

Correct the documentation for the recoveryCount count attribute of the

5721

the default cluster membership. (markt)

5722

</td></tr>

5723

5724

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50441">50441</a>: Clarify when it is valid to set the docBase attribute

5725

in a Context element. (markt)

5726

</td></tr>

5727

5728

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50526">50526</a>: Provide additional documetation on configuring

5729

JavaMail resources. (markt)

5730

</td></tr>

5731

5732

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50599">50599</a>: Use correct names of roles required to access the

5733

Manager application. (markt)

5734

</td></tr>

5735

</table>

5736

</blockquote></td></tr></table>

5737

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.7 (markt)/Other"></a><a name="Tomcat_7.0.7_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

5738

5739

5740

Extend the Checkstyle tests to check for license headers. (markt)

5741

</td></tr>

5742

5743

Modify the build script so a release build always rebuilds the

5744

dependencies to ensure that the correct Tomcat version appears in the

manifest. (markt)

</td></tr>

Code clean-up to remove unused code and reduce IDE warnings. (markt)

5749

</td></tr>

5750

5751

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50601">50601</a>: Code clean-up. Patch provided by sebb. (markt)

5752

</td></tr>

5753

5754

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50606">50606</a>: Improve CGIServlet: Provide support for specifying

5755

empty value for the <code>executable</code> init-param. Provide support

5756

for explicit additional arguments for the executable. Those were

5757

broken when implementing fix for bug <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49657">49657</a>. (kkolinko)

5758

</td></tr>

5759

</table>

5760

</blockquote></td></tr></table>

5761

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.6 (markt)"></a><a name="Tomcat_7.0.6_(markt)"><strong>Tomcat 7.0.6 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released 2011-01-14</strong></font></td></tr><tr><td colspan="2"><blockquote>

5762

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.6 (markt)/General"></a><a name="Tomcat_7.0.6_(markt)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

5763

5764

5765

Update to Apache Commons Daemon 1.0.5. (mturk)

5766

</td></tr>

5767

</table>

5768

</blockquote></td></tr></table>

5769

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.6 (markt)/Catalina"></a><a name="Tomcat_7.0.6_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

5770

5771

5772

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=8705">8705</a>: <code>org.apache.catalina.SessionListener</code> now

5773

extends <code>java.util.EventListener</code>. (markt)

5774

</td></tr>

5775

5776

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=10526">10526</a>: Add an option to the <code>Authenticator</code>s to

5777

force the creation of a session on authentication which may offer some

5778

performance benefits. (markt)

5779

</td></tr>

5780

5781

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=10972">10972</a>: Improve error message if the className attribute is

5782

missing on an element in server.xml where it is required. (markt)

5783

</td></tr>

5784

5785

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48692">48692</a>: Provide option to parse

5786

<code>application/x-www-form-urlencoded</code> PUT requests. (schultz)

5787

</td></tr>

5788

5789

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48822">48822</a>: Include context name in case of error while stopping

5790

or starting a context during its reload. Patch provided by Marc

5791

Guillemot. (slaurent)

5792

</td></tr>

5793

5794

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48837">48837</a>: Extend thread local memory leak detection to include

5795

classes loaded by subordinate class loaders to the web

5796

application's class loader such as the Jasper class loader. Based

5797

on a patch by Sylvain Laurent. (markt)

5798

</td></tr>

5799

5800

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48973">48973</a>: Avoid creating a SESSIONS.ser file when stopping an

5801

application if there's no session. Patch provided by Marc Guillemot.

(slaurent)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49000">49000</a>: No longer accept specification invalid name only

5806

cookies by default. This behaviour can be restored using a system

property. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49159">49159</a>: Improve memory leak protection by renewing threads of

5811

the pool when a web application is stopped. (slaurent)

5812

</td></tr>

5813

5814

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49372">49372</a>: Re-fix after connector re-factoring. If connector

5815

initialisation fails (e.g. if a port is alreasy in use) do not trigger

5816

an <code>LifecycleException</code> for an invalid state transition.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49543">49543</a>: Allow Tomcat to use shared data sources with per

5821

application credentials. (fhanik)

5822

</td></tr>

5823

5824

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49650">49650</a>: Remove unnecessary entries package.access property

5825

defined in catalina.properties. Patch provided by Owen Farrell. (markt)

5826

</td></tr>

5827

5828

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50106">50106</a>: Correct several MBean descriptors. Patch provided by

5829

Eiji Takahashi. (markt)

5830

</td></tr>

5831

5832

Further performance improvements to session ID generation. Remove legacy

5833

configuration options that are no longer required. Provide additional

5834

options to control the <code>SecureRandom</code> instances used to

5835

generate session IDs. (markt)

5836

</td></tr>

5837

5838

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50201">50201</a>: Update the access log reference in

5839

<code>StandardEngine</code> when the ROOT web application is redeployed,

5840

started, stopped or defaultHost is changed. (markt/kkolinko)

5841

</td></tr>

5842

5843

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50282">50282</a>: Load

5844

<code>javax.security.auth.login.Configuration</code> with

5845

<code>JreMemoryLeakPreventionListener</code> to avoid memory leak when

5846

stopping a web application that would use JAAS. (slaurent)

5847

</td></tr>

5848

5849

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50351">50351</a>: Fix the regression that broke BeanFactory resources

5850

caused by the previous fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50159">50159</a>. (markt)

5851

</td></tr>

5852

5853

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50352">50352</a>: Ensure that <code>AsyncListener.onComplete()</code> is

5854

fired when <code>AsyncContext.complete()</code> is called. (markt)

5855

</td></tr>

5856

5857

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50358">50358</a>: Set the correct LifecycleState when stopping instances

5858

of the deprecated Embedded class. (markt)

5859

</td></tr>

5860

5861

Further Lifecycle refactoring for Connectors and associated components.

(markt)

</td></tr>

Correct handling of versioned web applications in deployer. (markt)

5866

</td></tr>

5867

5868

Correct removal of <code>LifeCycleListener</code>s from

5869

<code>Container</code>s via JMX. (markt)

5870

</td></tr>

5871

5872

Don't use <code>null</code>s to construct log messages. (markt)

5873

</td></tr>

5874

5875

Code clean-up. Replace use of inefficient constructors with more

5876

efficient alternatives. (markt)

5877

</td></tr>

5878

5879

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50411">50411</a>: Ensure sessions are removed from the

5880

<code>Store</code> associated with a <code>PersistentManager</code>.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50413">50413</a>: Ensure 304 responses are not returned when using

5885

static files as error pages. (markt/kkolinko)

5886

</td></tr>

5887

5888

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50448">50448</a>: Fix possible <code>IllegalStateException</code>

5889

caused by recent session management refactoring. (markt)

5890

</td></tr>

5891

5892

Ensure aliases settings for a context are retained after a context is

reloaded. (markt)

</td></tr>

Log a warning if context.xml files define values for properties that do

5897

not exist (e.g. if there is a typo in a property name). (markt)

5898

</td></tr>

5899

5900

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50453">50453</a>: Correctly handle multiple <code>X-Forwarded-For</code>

5901

headers in the RemoteIpFilter and RemoteIpValve. Patch provided by Jim

Riggs. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50541">50541</a>: Add support for setting the size limit and time limit

5906

for LDAP seaches when using the JNDI Realm with <code>userSearch</code>.

(markt)

</td></tr>

All configuration options that use regular expression now require a

5911

single regular expression (using <code>java.util.regex</code>) rather

5912

than a list of comma-separated or semi-colon-separated expressions.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50496">50496</a>: Bytes sent in the access log are now counted after

5917

compression, chunking etc rather than before. (markt)

5918

</td></tr>

5919

5920

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50550">50550</a>: When a new directory is created (e.g. via WebDAV)

5921

ensure that a subsequent request for that directory does not result in a

5922

404 response. (markt)

5923

</td></tr>

5924

5925

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50554">50554</a>: Code clean up. (markt)

5926

</td></tr>

5927

5928

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50556">50556</a>: Improve JreMemoryLeakPreventionListener to prevent

5929

a potential class loader leak caused by a thread spawned when the class

5930

<code>com.sun.jndi.ldap.LdapPoolManager</code> is initialized and the

5931

system property <code>com.sun.jndi.ldap.connect.pool.timeout</code> is

5932

set to a value greater than 0. (slaurent)

5933

</td></tr>

5934

</table>

5935

</blockquote></td></tr></table>

5936

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.6 (markt)/Coyote"></a><a name="Tomcat_7.0.6_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

5937

5938

5939

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47319">47319</a>: Return the client's IP address rather than null

5940

for calls to <code>getRemoteHost()</code> when the APR connector is

5941

used with <code>enableLookups="true"</code> but the IP address

5942

is not resolveable. (markt)

5943

</td></tr>

5944

5945

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50108">50108</a>: Add get/set methods for Connector property

5946

minSpareThreads. Patch provided by Eiji Takahashi. (markt)

5947

</td></tr>

5948

5949

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50360">50360</a>: Provide an option to control when the socket

5950

associated with a connector is bound. By default, the socket is bound on

5951

<code>Connector.init()</code> and released on

5952

<code>Connector.destroy()</code> as per the current behaviour but this

5953

can be changed so that the socket is bound on

5954

<code>Connector.start()</code> and released on

5955

<code>Connector.stop()</code>. This fix also includes further Lifecycle

5956

refactoring for Connectors and associated components. (markt)

5957

</td></tr>

5958

5959

Remove a huge memory leak in the NIO connector introduced by the fix

5960

for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49884">49884</a>. (markt)

5961

</td></tr>

5962

5963

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50467">50467</a>: Protected against NPE triggered by a race condition

5964

that causes the NIO poller to fail, preventing the processing of further

requests. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5969

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.6 (markt)/Jasper"></a><a name="Tomcat_7.0.6_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

5970

5971

5972

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=13731">13731</a>: Make variables in <code>_jspService()</code> method

5973

final where possible. (markt)

5974

</td></tr>

5975

5976

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50408">50408</a>: Fix <code>NoSuchMethodException</code> when using

5977

scoped variables with EL method invocation. (markt)

5978

</td></tr>

5979

5980

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50460">50460</a>: Avoid a memory leak caused by using a cached exception

5981

instance in <code>JspDocumentParser</code> and

5982

<code>ProxyDirContext</code>. (kkolinko)

5983

</td></tr>

5984

5985

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50500">50500</a>: Use correct coercions (as per the EL spec) for

5986

arithmetic operations involving string values containing '.',

5987

'e' or 'E'. Based on a patch by Brian Weisleder.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

5992

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.6 (markt)/Cluster"></a><a name="Tomcat_7.0.6_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

5993

5994

5995

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50185">50185</a>: Add additional trace level logging to Tribes to assist

5996

with fault diagnosis. Based on a patch by Ariel. (markt)

5997

</td></tr>

5998

5999

Don't try and obtain session data from the cluster if the current

6000

node is the only node in the cluster. Log requesting session data as

6001

INFO rather than WARNING. (markt)

6002

</td></tr>

6003

6004

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50503">50503</a>: When web application has a version, Engine level

6005

Clustering works correctly. (kfujino)

6006

</td></tr>

6007

6008

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50547">50547</a>: Add time stamp for CHANGE_SESSION_ID message and

6009

SESSION_EXPIRED message. (kfujino)

6010

</td></tr>

6011

</table>

6012

</blockquote></td></tr></table>

6013

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.6 (markt)/Web applications"></a><a name="Tomcat_7.0.6_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

6014

6015

6016

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=21157">21157</a>: Ensure cookies are written before the response is

6017

commited in the Cookie example. Patch provided by Stefan Radzom. (markt)

6018

</td></tr>

6019

6020

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50294">50294</a>: Add more information to documentation regarding format

6021

of configuration files. Patch provided by Luke Meyer. (markt)

6022

</td></tr>

6023

6024

Correctly validate provided context path so sessions for the ROOT web

6025

application can be viewed through the HTML Manager. (markt)

6026

</td></tr>

6027

6028

Improve documentation of database connection factory. (rjung)

6029

</td></tr>

6030

6031

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50488">50488</a>: Update classpath required when using jsvc and add a

6032

note regarding server VMs. (markt)

6033

</td></tr>

6034

6035

Further filtering of Manager display output. (kkolinko)

6036

</td></tr>

6037

</table>

6038

</blockquote></td></tr></table>

6039

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.6 (markt)/Other"></a><a name="Tomcat_7.0.6_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

6040

6041

6042

Don't configure Windows installer to use PID file since it is not

6043

removed when the service stops which prevents the service from starting.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=14416">14416</a>: Make <code>TagLibraryInfo.getTag()</code> more robust

6048

at handling <code>null</code>s. (markt)

6049

</td></tr>

6050

6051

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50552">50552</a>: Avoid NPE that hides error message when using Ant

tasks. (schultz)

</td></tr>

Provide two alternative locations for the libraries downloaded from

6056

the ASF web site at build time. Use the main distribution site as

6057

default and the archive one as fallback. (kkolinko)

6058

</td></tr>

6059

</table>

6060

</blockquote></td></tr></table>

6061

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.5 (markt)"></a><a name="Tomcat_7.0.5_(markt)"><strong>Tomcat 7.0.5 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>beta, 2010-12-01</strong></font></td></tr><tr><td colspan="2"><blockquote>

6062

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.5 (markt)/General"></a><a name="Tomcat_7.0.5_(markt)/General"><strong>General</strong></a></font></td></tr><tr><td><blockquote>

6063

6064

6065

Update to Apache Commons Daemon 1.0.4. (mturk)

6066

</td></tr>

6067

</table>

6068

</blockquote></td></tr></table>

6069

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.5 (markt)/Catalina"></a><a name="Tomcat_7.0.5_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

6070

6071

6072

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=3839">3839</a>: Provide a mechanism to gracefully handle the case where

6073

users book-mark the form login page or otherwise misuse the FORM

6074

authentication process. Based on a suggestion by Mark Morris. (markt)

6075

</td></tr>

6076

6077

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49180">49180</a>: Add option to disable log rotation in

6078

juli FileHandler. Patch provided by Pid (pidster at apache). (funkman)

6079

</td></tr>

6080

6081

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49991">49991</a>: Ensure servlet request listeners are fired for

6082

the login and error pages during FORM authentication. (markt)

6083

</td></tr>

6084

6085

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50107">50107</a>: When removing a Host via JMX, do not attempt to

6086

destroy the host's pipeline twice. Patch provided by Eiji

Takahashi. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50138">50138</a>: Fix threading issues in

6091

<code>org.apache.catalina.security.SecurityUtil</code>. (markt)

6092

</td></tr>

6093

6094

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50157">50157</a>: Ensure MapperListener is only added to a container

object once. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50159">50159</a>: Add a new attribute for <code><Resource></code>

6099

elements, <code>singleton</code>, that controls whether or not a new

6100

object is created every time a JNDI lookup is performed to obtain the

6101

resource. The default value is <code>true</code>, which will return the

6102

same instance of the resource in every JNDI lookup. (markt)

6103

</td></tr>

6104

6105

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50168">50168</a>: Separate the <code>Lifecycle.DESTROY_EVENT</code> into

6106

<code>Lifecycle.BEFORE_DESTROY_EVENT</code> and

6107

<code>Lifecycle.AFTER_DESTROY_EVENT</code>. Use the additional state to

6108

ensure that <code>Context</code> objects are only destroyed once.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50169">50169</a>: Ensure that when a Container is started that it

6113

doesn't try and register with the mapper unless its parent has

6114

already started. Patch provided by Eiji Takahashi. (markt)

6115

</td></tr>

6116

6117

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50222">50222</a>: Modify memory leak prevention code so it pins the

6118

system class loader in memory rather than than the common class loader,

6119

which is better for embedded systems. Patch provided by Christopher

Schultz. (markt)

</td></tr>

Improve debug logging for MapperListener registration. (markt)

6124

</td></tr>

6125

6126

Expose names of LifecycleListeners and ContainerListeners for

6127

StandardContext via JMX. (markt)

6128

</td></tr>

6129

6130

Add a new option, <code>resourceOnlyServlets</code>, to Context elements

6131

that provides a mechanism for working around the issues caused by new

6132

requirements for welcome file mapping introduced in Servlet 3.0. By

6133

default, the existing Tomcat 6.0.x welcome file handling is used.

(markt)

</td></tr>

Make Tomcat more tolerant of <code>null</code> when generating JMX names

for Valves. (markt)

</td></tr>

Make AccessLogValve attribute <code>enabled</code> changeable via JMX.

(pero)

</td></tr>

Correct infinite loop if <code>ServletRequest.startAsync(ServletRequest,

6146

ServletResponse)</code> was called. (markt)

6147

</td></tr>

6148

6149

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50232">50232</a>: Remove dependency between StoreBase and

6150

PersistentManager and associated code clean-up. Patch provided by

6151

Tiago Batista. (markt)

6152

</td></tr>

6153

6154

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50252">50252</a>: Prevent ClassCastException when using a

6155

<ResourceLink>. Patch provided by Eiji Takahashi. (markt)

6156

</td></tr>

6157

6158

Reduce synchronization in session managers to improve performance of

6159

session creation. (markt)

6160

</td></tr>

6161

6162

If starting children automatically when adding them to a container (e.g.

6163

when adding a Context to a Host) don't lock the parent's set

6164

of children whilst the new child is being started since this can block

6165

other threads and cause issues such as lost cluster messages. (markt)

6166

</td></tr>

6167

6168

Implement support for parallel deployment. This allows multiple versions

6169

of the same web application to be deployed to the same context path at

6170

the same time. Users without a current session will be mapped to the

6171

latest version of the web application. Users with a current session will

6172

continue to use the version of the web application with which the

6173

session is associated until the session expires. (markt)

6174

</td></tr>

6175

6176

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50308">50308</a>: Allow asynchronous request processing to call

6177

<code>AsyncContext.dispatch()</code> once the asynchronous request has

timed out. (markt)

</td></tr>

Make memory leak prevention code that clears ThreadLocal instances more

6182

robust against objects with toString() methods that throw exceptions.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

6187

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.5 (markt)/Coyote"></a><a name="Tomcat_7.0.5_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

6188

6189

6190

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49860">49860</a>: Complete support for handling trailing headers in

6191

chunked HTTP requests. (markt)

6192

</td></tr>

6193

6194

Impose a limit on the length of the trailing headers. The limit

6195

is configurable with a system property and is <code>8192</code>

6196

by default. (kkolinko)

6197

</td></tr>

6198

6199

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50207">50207</a>: Ensure Comet timeout events are triggered. This bug

6200

was a regression triggered by the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49884">49884</a>. (markt)

6201

</td></tr>

6202

</table>

6203

</blockquote></td></tr></table>

6204

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.5 (markt)/Jasper"></a><a name="Tomcat_7.0.5_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

6205

6206

6207

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49297">49297</a>: Enforce the rules in the JSP specification for parsing

6208

the attributes of custom and standard actions that require that

6209

the attribute names are unique within an element and that there is

6210

whitespace before the attribute name. The whitespace test can be

6211

disabled by setting the system property

6212

<code>org.apache.jasper.compiler.Parser.STRICT_WHITESPACE</code> to

6213

<code>false</code>. Attributes of the page directive have slightly

6214

different rules. The implementation of that part of the fix is based on

6215

a patch by genspring. (markt)

6216

</td></tr>

6217

6218

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50105">50105</a>: When processing composite EL expressions use

6219

<code>Enum.name()</code> rather than <code>Enum.toString()</code> as

6220

required by the EL specification. (markt)

6221

</td></tr>

6222

6223

Fix minor thread-safety and performance issues in the implementation

6224

of <code>maxLoadedJsps</code>. (rjung)

6225

</td></tr>

6226

6227

Add support for unloading JSPs that have not been requested for a

6228

long time using the new parameter <code>jspIdleTimeout</code>. (rjung)

6229

</td></tr>

6230

6231

Add logging and JMX support to JSP unloading. (rjung)

6232

</td></tr>

6233

6234

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50192">50192</a>: Improve performance for EL when running under a

6235

security manager. Based on a patch by Robert Goff. (markt)

6236

</td></tr>

6237

6238

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50228">50228</a>: Improve recycling of <code>BodyContentImpl</code>.

6239

This avoids keeping a cached reference to a webapp-provided Writer

6240

used in JspFragment.invoke() calls. (kkolinko)

6241

</td></tr>

6242

6243

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50273">50273</a>: Provide a workaround for an HP-UX issue that can

6244

result in large numbers of SEVERE log messages appearing in the logs as

6245

a result of normal operation. (markt)

6246

</td></tr>

6247

6248

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50293">50293</a>: Increase the size of internal ELResolver array from 2

6249

to 8 since in typical usage there are at least 5 resolvers. Based on a

6250

patch by Robert Goff. (markt)

6251

</td></tr>

6252

</table>

6253

</blockquote></td></tr></table>

6254

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.5 (markt)/Cluster"></a><a name="Tomcat_7.0.5_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

6255

6256

6257

Add support for maxActiveSessions attribute to BackupManager. (kfujino)

6258

</td></tr>

6259

6260

Improve sending an access message in DeltaManager.

6261

maxInactiveInterval of not Manager but the session is used.

6262

If maxInactiveInterval is negative, an access message is not sending.

(kfujino)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50183">50183</a>: BIO sender was not scheduling tasks to the executor

6267

during normal operation. Patch provided by Ariel. (markt)

6268

</td></tr>

6269

6270

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50184">50184</a>: Add an option to the RpcChannel to enable the Channel

6271

send options to be set for the reply message. Based on a patch by Ariel.

(markt)

</td></tr>

Ensure that a new Context waiting for session data from other nodes in

6276

the cluster does not block the processing of clustering messages for

6277

other Contexts. (markt)

6278

</td></tr>

6279

</table>

6280

</blockquote></td></tr></table>

6281

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.5 (markt)/Web applications"></a><a name="Tomcat_7.0.5_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

6282

6283

6284

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49426">49426</a>: Localize messages in the Manager application based on

6285

the Locale of the user rather than the default Locale of the server.

(markt)

</td></tr>

Localize messages in the Host Manager application based on the Locale of

6290

the user rather than the default Locale of the server. (markt)

6291

</td></tr>

6292

6293

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50242">50242</a>: Provide a sample log4j configuration that more

6294

closely matches the default JULI configuration. Patch provided by

6295

Christopher Schultz. (markt)

6296

</td></tr>

6297

6298

Restore the ability to edit the contents of /WEB-INF and /META-INF via

6299

WebDAV via the provision of a new configuration option,

6300

allowSpecialPaths. (markt)

6301

</td></tr>

6302

6303

Correct broken links for on-line JavaDocs. (markt)

6304

</td></tr>

6305

6306

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50230">50230</a>: Add new DistributedManager interface that is

6307

implemented by the Backup Manager to remove circular dependency between

6308

tomcat-catalina-ha and tomcat-catalina modules. Also allows third-party

6309

distributed Manager implementations to report full session information

6310

through the HTML Manager. (markt)

6311

</td></tr>

6312

6313

Improve Tomcat Logging documentation. (kkolinko)

6314

</td></tr>

6315

6316

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50303">50303</a>: Update JNDI how-to to reflect the new JavaMail

6317

download location and that JAF is now included in Java SE 6. (markt)

6318

</td></tr>

6319

6320

Fix ordering functionality on sessions page for the HTML Manager

application. (markt)

</td></tr>

Fix primary sessions not always being treated as such in the HTML

6325

Manager application. (markt)

6326

</td></tr>

6327

6328

Fix message not being displayed after session attribute removal in the

6329

HTML Manager application. (markt)

6330

</td></tr>

6331

6332

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50310">50310</a>: Fix display of Servlet information in the Manager

application. (markt)

</td></tr>

CVE-2010-4172: Multiple XSS in the Manager application. (markt/kkolinko)

6337

</td></tr>

6338

6339

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50316">50316</a>: Fix display of negative values in the Manager

6340

application. (kkolinko)

6341

</td></tr>

6342

6343

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50318">50318</a>: Avoid NPE when trying to view session detail for an

6344

expired session in the Manager application. (markt)

6345

</td></tr>

6346

</table>

6347

</blockquote></td></tr></table>

6348

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.5 (markt)/Other"></a><a name="Tomcat_7.0.5_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

6349

6350

6351

Correct a handful of Javadoc warnings. (markt)

6352

</td></tr>

6353

6354

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=22965">22965</a>: Fix some typos and formatting issues in the global

6355

web.xml file. Based on a patch by Yann Cébron. (markt)

6356

</td></tr>

6357

6358

Extend Checkstyle validation checks to check for unused imports. (markt)

6359

</td></tr>

6360

6361

General code clean-up to reduce (not eliminate) the number of warnings

6362

reported by IDEs. (markt)

6363

</td></tr>

6364

6365

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50140">50140</a>: Don't ignore a user specified installation

6366

directory when performing a silent install with the Windows installer on

6367

64-bit platforms. (markt)

6368

</td></tr>

6369

6370

Reimplemented Windows installer dialogs, using modern libraries

6371

(nsDialogs, MUI2). (kkolinko)

6372

</td></tr>

6373

6374

When installing with the Windows installer on 64-bit platforms, allow

6375

the user to select either a 32-bit JDK or a 64-bit JDK. If a 32-bit JDK

6376

is selected, the 32-bit service wrapper and the 32-bit native DLL will

6377

be installed. If a 64-bit JDK is selected, the 64-bit service wrapper

6378

and the 64-bit native DLL will be installed. (markt/kkolinko)

6379

</td></tr>

6380

6381

Create Windows shortcuts for the Manager and Host Manager webapps.

(kkolinko)

</td></tr>

Support /? command line option in the Windows Installer. (kkolinko)

6386

</td></tr>

6387

6388

Display and allow to change roles for the Tomcat admin user in the

6389

Windows installer. (kkolinko)

6390

</td></tr>

6391

6392

In the Windows installer: do not leave stale <code>server.xml</code>

6393

and <code>tomcat-users.xml</code> fragments in the $TEMP folder.

(kkolinko)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49819">49819</a>: Redesign of home page by Pid (pidster at apache).

(timw)

</td></tr>

</table>

</blockquote></td></tr></table>

6402

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.4 (markt)"></a><a name="Tomcat_7.0.4_(markt)"><strong>Tomcat 7.0.4 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>beta, 2010-10-21</strong></font></td></tr><tr><td colspan="2"><blockquote>

6403

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.4 (markt)/Catalina"></a><a name="Tomcat_7.0.4_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

6404

6405

6406

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49428">49428</a>: Re-implement the fix for bug <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49428">49428</a> –

6407

namespace issues for some Microsoft WebDAV clients. (kkolinko)

6408

</td></tr>

6409

6410

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49669">49669</a>: Fix memory leak triggered by using the deprecated

6411

javax.security.auth.Policy class. (markt)

6412

</td></tr>

6413

6414

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49922">49922</a>: Don't add filter twice to filter chain if the

6415

filter matches more than one URL pattern and/or Servlet name. Patch

6416

provided by heyoulin. (markt)

6417

</td></tr>

6418

6419

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49937">49937</a>: Use an InstanceManager when creating an AsyncListener

6420

through the AsyncContext to ensure annotations are processed. Based on a

6421

patch by David Jencks. (markt)

6422

</td></tr>

6423

6424

To avoid NoSuchMethodException, xmlValidation and xmlNamespaceAware are

6425

removed from the createStandardHost definition

6426

of mbeans-descriptors.xml. (kfujino)

6427

</td></tr>

6428

6429

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49945">49945</a>: Continue improvements to JMX. Fix a handful of

6430

attributes that were showing as Unavailable in JConsole. Patch provided

6431

by Chamith Buddhika. (markt)

6432

</td></tr>

6433

6434

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49952">49952</a>: Allow ServletContainerInitializers to add listeners to

6435

a web application. Patch provided by David Jencks. (markt)

6436

</td></tr>

6437

6438

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49956">49956</a>: Handle case when @Resource annotation uses the full

6439

JNDI name for a resource. Based on a patch by Gurkan Erdogdu. (markt)

6440

</td></tr>

6441

6442

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49557">49557</a>: Correct regression due to Lifecycle refactoring that

6443

cleared all work directories (with compiled JSPs and persisted sessions)

6444

when Tomcat was stopped. (markt)

6445

</td></tr>

6446

6447

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49978">49978</a>: Correctly handle the case when a directory expected

6448

to be created during web application start is already present. Rather

6449

than throwing an exception and failing to start, allow the web

6450

application to start normally. (markt)

6451

</td></tr>

6452

6453

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49987">49987</a>: Fix thread safety issue with population of servlet

6454

context initialization parameters. (markt)

6455

</td></tr>

6456

6457

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49994">49994</a>: As per the Java EE 6 specification, return a new

6458

object instance for each JNDI look up of a resource reference. (markt)

6459

</td></tr>

6460

6461

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50015">50015</a>: Re-factor dynamic servlet security implementation to

6462

make extensions, such as JACC implementations, simpler. Patch provided

6463

by David Jencks. (markt)

6464

</td></tr>

6465

6466

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50016">50016</a>: Re-factor <code>isUserInRole()</code> and

6467

<code>login()/logout()</code> methods to support JACC implementations

6468

and to improve encapsulation. Patch provided by David Jencks. (markt)

6469

</td></tr>

6470

6471

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50017">50017</a>: Code clean-up. No functional change. Patch provided by

sebb. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50027">50027</a>: Avoid NPE on start when a Context is defined in

6476

server.xml with one or more JNDI resources. (markt)

6477

</td></tr>

6478

6479

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50059">50059</a>: JARs should always be searched for static resources

6480

even if the web application is marked as meta-data complete. (markt)

6481

</td></tr>

6482

6483

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50063">50063</a>: Correct regression in fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50059">50059</a> that

6484

causes applications marked as meta-data complete to return 404s for all

6485

requests. Patch provided by heyoulin. (markt)

6486

</td></tr>

6487

6488

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50087">50087</a>: Catch ClassFormatErrors when scanning for annotations.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

6493

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.4 (markt)/Coyote"></a><a name="Tomcat_7.0.4_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

6494

6495

6496

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49923">49923</a>: Avoid using negative timeouts during acceptor unlock

6497

to ensure APR connector shuts down properly. (mturk)

6498

</td></tr>

6499

6500

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49972">49972</a>: Fix potential thread safe issue when formatting dates

6501

for use in HTTP headers. (markt)

6502

</td></tr>

6503

6504

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50003">50003</a>: Set not maxThreads but minSpareThreads to

6505

corePoolSize, if AbstractEndpoint.setMinSpareThreads is called.

(kfujino)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50044">50044</a>: Fix issue when using comet where socket remained in

6510

long poll after the comet request has ended. (markt)

6511

</td></tr>

6512

6513

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50054">50054</a>: Correctly handle the setting of minSpareThreads in

6514

AJP connector. (kfujino)

6515

</td></tr>

6516

6517

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50072">50072</a>: Fix issues when using a non-blocking read for the

6518

request line with the NIO connector that could result in the request

6519

line being mis-read. (markt)

6520

</td></tr>

6521

</table>

6522

</blockquote></td></tr></table>

6523

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.4 (markt)/Jasper"></a><a name="Tomcat_7.0.4_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

6524

6525

6526

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49986">49986</a>: Fix thread safety issue for JSP reload. (timw)

6527

</td></tr>

6528

6529

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49998">49998</a>: Make jsp:root detection work with single quoted

6530

attributes as well. (timw)

6531

</td></tr>

6532

6533

Correctly handle the setting of primitive bean values via expression

language. (markt)

</td></tr>

Don't swallow exceptions when processing TLD files and handle the

6538

case when there is no web.xml file. (markt)

6539

</td></tr>

6540

6541

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50066">50066</a>: Fix building of recursive tag files when the file

6542

depends on a JAR file. Patch provided by Sylvain Laurent. (markt)

6543

</td></tr>

6544

6545

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50078">50078</a>: Fix threading problem in EL caches. Patch provided by

6546

Takayoshi Kimura. (markt)

6547

</td></tr>

6548

6549

Make EL cache sizes configurable. (markt)

6550

</td></tr>

6551

</table>

6552

</blockquote></td></tr></table>

6553

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.4 (markt)/Web applications"></a><a name="Tomcat_7.0.4_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

6554

6555

6556

Apply filters to default home page so copyright year is correctly

displayed. (markt)

</td></tr>

</table>

</blockquote></td></tr></table>

6561

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.4 (markt)/Other"></a><a name="Tomcat_7.0.4_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

6562

6563

6564

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48716">48716</a>: Do not call reset if the default LogManager is in use.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50013">50013</a>: Correctly package classes from

6569

<code>org.apache.tomcat.util.file</code> and add the tomcat-util.jar to

6570

the class path for the Ant tasks. Based on a patch provided by

6571

Sylvain Laurent. (markt)

6572

</td></tr>

6573

</table>

6574

</blockquote></td></tr></table>

6575

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.3 (markt)"></a><a name="Tomcat_7.0.3_(markt)"><strong>Tomcat 7.0.3 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

6576

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.3 (markt)/Catalina"></a><a name="Tomcat_7.0.3_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

6577

6578

6579

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48644">48644</a>: Review all instances of catching Throwable and

6580

re-throw where appropriate. (markt)

6581

</td></tr>

6582

6583

Allow glob patterns in the <code>jarsToSkip</code> configuration and add

6584

some debug logging to the jar scanner. (rjung)

6585

</td></tr>

6586

6587

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48738">48738</a>: Workaround a couple of long standing JDK bugs to

6588

enable GZIP compressed output streams to be flushed. Based on a patch

6589

provided by Jiong Wang. (markt)

6590

</td></tr>

6591

6592

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48967">48967</a>: Replace strings "catalina.base" and "catalina.home"

6593

by globally defined constants. Patch provided by Marc Guillemot. (rjung)

6594

</td></tr>

6595

6596

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49195">49195</a>: Don't report an error when shutting down a Windows

6597

service for a Tomcat instance that has a disabled shutdown port. (markt)

6598

</td></tr>

6599

6600

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49209">49209</a>: Prevent possible AccessControlException during

6601

undeployment when running with a security manager. Patch provided by

6602

Sylvain Laurent. (markt)

6603

</td></tr>

6604

6605

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49657">49657</a>: Handle CGI executables with spaces in the path.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49667">49667</a>: Ensure that using the JDBC driver memory leak

6610

prevention code does not cause a one of the memory leaks it is meant to

avoid. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49670">49670</a>: Restore SSO functionality that was broken by Lifecycle

refactoring. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49698">49698</a>: Allow a listener to complete an asynchronous request

6619

if it times out. (markt)

6620

</td></tr>

6621

6622

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49714">49714</a>: The annotation process of Jar doesn't influence

6623

distributable element of web.xml. (kfujino)

6624

</td></tr>

6625

6626

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49721">49721</a>: Alls JAR in a web application should be searched for

6627

resources, not just those with a web-fragment.xml that is going to be

processed. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49728">49728</a>: Improve PID file handling when another process is

6632

managing the PID file and Tomcat does not have write access. (markt)

6633

</td></tr>

6634

6635

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49730">49730</a>: Fix a race condition in StandardThreadExector that can

6636

cause requests to experience large delays. Patch provided by Sylvain

Laurent. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49749">49749</a>: Single sign on cookies should have httpOnly flag set

6641

using same rules as session cookies. (markt)

6642

</td></tr>

6643

6644

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49750">49750</a>: Align <code>WebappClassLoader.validate()</code>

6645

implementation with Javadoc and ensure that <code>javax.servlet.*</code>

6646

classes can not be loaded by a <code>WebappClassLoader</code> instance.

6647

Patch provided by pid. (markt)

6648

</td></tr>

6649

6650

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49757">49757</a>: Correct some generics warnings. Based on a patch

6651

provided by Gábor. (markt)

6652

</td></tr>

6653

6654

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49779">49779</a>: Improve handling of POST requests and FORM

6655

authentication, particularly when the user agent responds to the 302

6656

response by repeating the POST request including a request body. Any

6657

request body provided at this point is now swallowed. (markt)

6658

</td></tr>

6659

6660

CSRF prevention filter did not correctly handle URLs that used anchors.

(markt)

</td></tr>

Fix memory leak on web application stopped caused by failed to

6665

de-register the web application's Servlets with the MBean server.

(markt)

</td></tr>

More tweaks to the Lifecycle refactoring to ensure that when a component

6670

is being destroyed, the destroy method is only called once on each

6671

child component. (markt)

6672

</td></tr>

6673

6674

Keep the MBean names for web applications consistent between Tomcat 6

6675

and Tomcat 7. (markt)

6676

</td></tr>

6677

6678

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49856">49856</a>: Add an executorName attribute to Connectors so it is

6679

possible to trace ThreadPool to Connector to Executor via the JMX

interface. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49865">49865</a>: Tomcat failed to start if catalina.properties was not

present. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49876">49876</a>: Fix the generics warnings in the copied Apache Jakarta

6688

BCEL code. Based on a patch by Gábor. (markt)

6689

</td></tr>

6690

6691

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49883">49883</a>: Ensure that the CombinedRealm and LockOutRealm return

6692

a name for use in log messages rather than throwing an

6693

<code>UnsupportedOperationException</code>. (markt)

6694

</td></tr>

6695

6696

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49884">49884</a>: Fix occassional NullPointerException on async

6697

complete(). This resulted in a major refactoring of the async

6698

implementation to address a number of threading issues. (markt)

6699

</td></tr>

6700

6701

Update the version numbers in ServerInfo defaults to Tomcat 7.0.x.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49892">49892</a>: Correct JNDI name for method resource injections.

6706

Based on a patch by Gurkan Erdogdu. (markt)

6707

</td></tr>

6708

6709

Ensure that Context elements defined in server.xml use any configClass

6710

setting specified in the parent Host element. (markt)

6711

</td></tr>

6712

6713

GSOC 2010. Enable the creation of Services, Engines, Connectors, Hosts

6714

and Contexts via JMX from a minimal server.xml that contains only a

6715

Server element. Based on a patch by Chamith Buddhika. (markt)

6716

</td></tr>

6717

6718

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49909">49909</a>: Fix a regression introduced with the fix for

6719

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=47950">47950</a> that prevented JSTL classes being loaded. (markt)

6720

</td></tr>

6721

6722

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49915">49915</a>: Make error more obvious, particularly when accessed

6723

via JConsole, if StandardServer.storeConfig() is called when there is

6724

no StoreConfig implementation present. (markt)

6725

</td></tr>

6726

6727

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50018">50018</a>: Fix some minor Javadoc errors in Jasper source.

6728

Based on a patch by sebb. (timw)

6729

</td></tr>

6730

6731

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50021">50021</a>: Correct a regression in the fix for <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46844">46844</a>

6732

that may have caused additional problems during a failure at start up.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50026">50026</a>: Prevent serving of resources from WEB-INF and

6737

META-INF directories when DefaultServlet or WebdavServlet is mapped

6738

to a sub-path of the context. This changes DefaultServlet to always

6739

serve resources with paths relative to the root of the context

6740

regardless of where it is mapped, which is a breaking change for

6741

current servlet-mappings that map the default servlet to a subpath.

(timw)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=50689">50689</a>: Provide 100 Continue responses at appropriate points

6746

during FORM authentication if client indicates that they are expected.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

6751

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.3 (markt)/Coyote"></a><a name="Tomcat_7.0.3_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

6752

6753

6754

Wait for the connectors to exit before closing them down. (mturk)

6755

</td></tr>

6756

6757

Follow up to <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48545">48545</a>. Make JSSE connectors more tolerant of a

6758

incorrect trust store password. (markt)

6759

</td></tr>

6760

6761

Fix some edge cases in the NIO connector when handling requests that are

6762

not received all at the same time and the socket needs to be returned to

the poller. (markt)

</td></tr>

Further work to reduce the code duplication in the HTTP connectors.

(markt)

</td></tr>

Make sure acceptor threads are stopped when the connector is stopped.

(markt)

</td></tr>

Make sure async timeout thread is stopped when the connector is stopped.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49625">49625</a>: Ensure Vary header is set if response may be

6779

compressed rather than only setting it if it is compressed. (markt)

6780

</td></tr>

6781

6782

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49802">49802</a>: Re-factor connector pause, stop and destroy methods so

6783

that calling any of those methods has the expected results. (markt)

6784

</td></tr>

6785

6786

Various refactorings to reduce code duplication and unnecessary code in

6787

the connectors. (markt)

6788

</td></tr>

6789

6790

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49860">49860</a>: Add partial support for trailing headers in chunked

6791

HTTP requests. (markt)

6792

</td></tr>

6793

</table>

6794

</blockquote></td></tr></table>

6795

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.3 (markt)/Jasper"></a><a name="Tomcat_7.0.3_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

6796

6797

6798

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49665">49665</a>: Provide better information including JSP file name and

6799

location when a missing file is detected during TLD handling. Patch

6800

provided by Ted Leung. (markt)

6801

</td></tr>

6802

6803

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49726">49726</a>: Specifying a default content type via a JSP property

6804

group should not prevent a page from setting some other content type.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49799">49799</a>: The new <code>omit</code> attribute for

6809

<code>jsp:attribute</code> elements now supports the use of expressions

6810

and expression language. (markt)

6811

</td></tr>

6812

6813

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49916">49916</a>: Switch to using an initialisation parameter to pass

6814

JSP file information from Catalina to Jasper. This simplifies the

6815

Catalina code as well as making it easier for Geronimo and others to

6816

integrate Jasper. Patch provided by David Jencks. (markt)

6817

</td></tr>

6818

6819

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49985">49985</a>: Fix thread safety issue in EL parser. (markt)

6820

</td></tr>

6821

</table>

6822

</blockquote></td></tr></table>

6823

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.3 (markt)/Cluster"></a><a name="Tomcat_7.0.3_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

6824

6825

6826

Remove domainReplication attribute from ClusterManager.

6827

If you send session to only same domain, use DomainFilterInterceptor.

(kfujino)

</td></tr>

Add Null check when CHANGE_SESSION_ID message received. (kfujino)

6832

</td></tr>

6833

6834

Add support for LAST_ACCESS_AT_START system property to DeltaSession.

(kfujino)

</td></tr>

Avoid a NPE in the DeltaManager when a parallel request invalidates the

6839

session before the current request has a chance to send the replication

message. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49905">49905</a>: Prevent memory leak when using asynchronous session

replication. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49924">49924</a>: When non-primary node changes into a primary node,

6848

make sure isPrimarySession is changed to true. (kfujino)

6849

</td></tr>

6850

</table>

6851

</blockquote></td></tr></table>

6852

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.3 (markt)/Web applications"></a><a name="Tomcat_7.0.3_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

6853

6854

6855

Correct the class name of the default JAR scanner in the documentation

6856

web application. (rjung)

6857

</td></tr>

6858

6859

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49585">49585</a>: Update JSVC documentation to reflect new packaging

6860

of Commons Daemon. (markt)

6861

</td></tr>

6862

6863

Update the Servlet, JSP and EL Javadoc links to link to the

6864

specifications and the relevant part of the Java EE 6 Javadoc. (markt)

6865

</td></tr>

6866

6867

Update a few places in the docs where the Manager documentation referred

6868

to the old role name of manager rather than than the new manager-script.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

6873

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.3 (markt)/Extras"></a><a name="Tomcat_7.0.3_(markt)/Extras"><strong>Extras</strong></a></font></td></tr><tr><td><blockquote>

6874

6875

6876

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49861">49861</a>: Don't log RMI ports formatted with commas for the

6877

JMX remote listener. (markt)

6878

</td></tr>

6879

</table>

6880

</blockquote></td></tr></table>

6881

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.3 (markt)/Other"></a><a name="Tomcat_7.0.3_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

6882

6883

6884

Correct the user names created by the Windows installer for the Manager

6885

and Host Manager applications. (mturk)

6886

</td></tr>

6887

6888

Correct the Eclipse compiler dependency in the Jasper POM. (markt)

6889

</td></tr>

6890

6891

Extend Checkstyle validation checks to check import order. (markt)

6892

</td></tr>

6893

6894

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49758">49758</a>: Fix generics warnings exposed by a fix in Eclipse 3.6.

6895

Patch provided by sebb. (markt)

6896

</td></tr>

6897

6898

Update Apache Commons Pool to 1.5.5. (markt)

6899

</td></tr>

6900

6901

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49955">49955</a>: Improvement and correction of Building Tomcat guide.

6902

Based on a patch from Wesley Acheson. (timw)

6903

</td></tr>

6904

</table>

6905

</blockquote></td></tr></table>

6906

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.2 (markt)"></a><a name="Tomcat_7.0.2_(markt)"><strong>Tomcat 7.0.2 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>beta, 2010-08-11</strong></font></td></tr><tr><td colspan="2"><blockquote>

6907

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.2 (markt)/Catalina"></a><a name="Tomcat_7.0.2_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

6908

6909

6910

Fix regression that prevented running with a security manager enabled.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

6915

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.2 (markt)/Web applications"></a><a name="Tomcat_7.0.2_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

6916

6917

6918

Correct Javadoc errors. (markt)

6919

</td></tr>

6920

6921

Provide Javadoc for Servlet 3.0 API, JSP 2.2 API and EL 2.2 API.

(markt)

</td></tr>

Remove second copy of RUNNING.txt from the full-docs distribution. Some

6926

unpacking utilities can't handle multiple copies of a file with the same

6927

name in a directory. (markt)

6928

</td></tr>

6929

</table>

6930

</blockquote></td></tr></table>

6931

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.2 (markt)/Other"></a><a name="Tomcat_7.0.2_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

6932

6933

6934

Extend Checkstyle validation checks to check for tabs in nearly all text

files. (markt)

</td></tr>

Update Apache Commons Daemon from 1.0.2 to 1.0.3. (markt)

6939

</td></tr>

6940

6941

Update Eclipse JDT Core Batch Compiler (ecj.jar) from 3.5.1 to 3.6.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

6946

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.1 (markt)"></a><a name="Tomcat_7.0.1_(markt)"><strong>Tomcat 7.0.1 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>not released</strong></font></td></tr><tr><td colspan="2"><blockquote>

6947

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.1 (markt)/Catalina"></a><a name="Tomcat_7.0.1_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

6948

6949

6950

GSOC 2010. Continue work to align MBean descriptors with reality. Patch

6951

provided by Chamith Buddhika. (markt)

6952

</td></tr>

6953

6954

When running under a security manager, enforce package access and

6955

package definition restrictions defined in the catalina.properties file.

(markt)

</td></tr>

When using a Loader configured with

6960

<code>searchExternalFirst="true"</code> failure to find the

6961

class in an external repository should not prevent searching of the

6962

local repositories. (markt)

6963

</td></tr>

6964

6965

Add entryPoint support to the CSRF prevention filter. (markt)

6966

</td></tr>

6967

6968

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48297">48297</a>: Correctly initialise handler chain for web services

resources. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48960">48960</a>: Add a new option to the SSI Servlet and SSI Filter to

6973

allow the disabling of the <code>exec</code> command. This is now

6974

disabled by default. Based on a patch by Yair Lenga. (markt)

6975

</td></tr>

6976

6977

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48998">48998</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49617">49617</a>: Add the ExpiresFilter, a port of the

6978

httpd mod_expires module. Patch provided by Cyrille Le Clerc. (markt)

6979

</td></tr>

6980

6981

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49030">49030</a>: When initializing/starting/stopping connectors and

6982

one of them fails, do not ignore the others. (markt/kkolinko)

6983

</td></tr>

6984

6985

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49128">49128</a>: Don't swallow exceptions unnecessarily in

6986

<code>WebappClassLoader.start()</code>. (markt)

6987

</td></tr>

6988

6989

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49182">49182</a>: Align comments in setclasspath.[sh|bat] with

6990

behaviour. Based on a patch provided by sebb. (markt)

6991

</td></tr>

6992

6993

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49230">49230</a>: Enhance JRE leak prevention listener with protection

6994

for the keep-alive thread started by

6995

<code>sun.net.www.http.HttpClient</code>. Based on a patch provided by

Rob Kooper. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49414">49414</a>: When reporting threads that may have triggered a

7000

memory leak on web application stop, attempt to differentiate between

7001

request processing threads and threads started by the application.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49428">49428</a>: Add a work-around for the known namespace issues for

7006

some Microsoft WebDAV clients. Patch provided by Panagiotis Astithas.

(markt)

</td></tr>

Add support for <code>*.jar</code> pattern in VirtualWebappLoader.

(kkolinko)

</td></tr>

Use a LockOutRealm in the default configuration to prevent attempts to

7015

guess user passwords by brute-force. (markt)

7016

</td></tr>

7017

7018

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49478">49478</a>: Add support for user specified character sets to the

7019

<code>AddDefaultCharsetFilter</code>. Based on a patch by Felix

Schumacher. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49503">49503</a>: Make sure connectors bind to their associated ports

7024

sufficiently early to allow jsvc and the

7025

org.apache.catalina.startup.EXIT_ON_INIT_FAILURE system property to

7026

operate correctly. (markt)

7027

</td></tr>

7028

7029

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49525">49525</a>: Ensure cookies for the ROOT context have a path of /

7030

rather than an empty string. (markt)

7031

</td></tr>

7032

7033

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49528">49528</a>, <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49567">49567</a>: Ensure that

7034

<code>AsyncContext.isAsyncStarted()</code> returns the correct value

7035

after <code>AsyncContext.start()</code> and that if

7036

<code>AsyncContext.complete()</code> is called on a separate thread that

7037

it is handled correctly. (markt)

7038

</td></tr>

7039

7040

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49530">49530</a>: Contexts and Servlets not stopped when Tomcat is shut

down. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49536">49536</a>: If no ROOT context is deployed, ensure a 404 rather

7045

than a 200 is returned for requests that don't map to any other context.

(markt)

</td></tr>

Additional debug logging in StandardContext to provide information on

7050

Manager selection. (markt)

7051

</td></tr>

7052

7053

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49550">49550</a>: Supress deprecation warning where deprecated code is

7054

required to be used. No functional change. Patch provided by Sebb.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49551">49551</a>: Allow default context.xml location to be specified

7059

using an absolute path. (markt)

7060

</td></tr>

7061

7062

Improve logging of unhandled exceptions in servlets by including the

7063

path of the context where the error occurred. (markt)

7064

</td></tr>

7065

7066

Include session ID in error message logged when trying to set an

7067

attribute on an invalid session. (markt)

7068

</td></tr>

7069

7070

Improve the CSRF protection filter by using SecureRandom rather than

7071

Random to generate nonces. Also make the implementation class used user

7072

configurable. (markt)

7073

</td></tr>

7074

7075

Avoid NullPointerException, when copyXML=true and META-INF/context.xml

7076

does not exist. (kfujino)

7077

</td></tr>

7078

7079

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49598">49598</a>: When session is changed and the session cookie is

7080

replaced, ensure that the new Set-Cookie header overwrites the old

7081

Set-Cookie header. (markt)

7082

</td></tr>

7083

7084

Create a thread to trigger asynchronous timeouts when using the BIO

7085

connector, change the default timeout to 10s (was infinite) and make the

7086

default timeout configurable using the <code>asyncTimeout</code>

7087

attribute on the connector. (pero/markt)

7088

</td></tr>

7089

7090

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49600">49600</a>: Make exceptions returned by the

7091

<code>ProxyDirContext</code> consistent for resources that weren't found

7092

by checking the <code>DirContext</code> or the cache. Test case based on

7093

a patch provided by Marc Guillemot. (markt)

7094

</td></tr>

7095

7096

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49613">49613</a>: Improve performance when using SSL for applications

7097

that make multiple class to <code>Request.getAttributeNames()</code>.

7098

Patch provided by Sampo Savolainen. (markt)

7099

</td></tr>

7100

7101

Handle the edge cases where resources packaged in JARs have names that

7102

start with a single quote character or a double quote character. (markt)

7103

</td></tr>

7104

7105

Correct copy and paste typo in web.xml parsing rules that mixed up

7106

<code>local-ejb-ref</code> and <code>resource-env-ref</code>. (markt)

7107

</td></tr>

7108

7109

Refactor session managers to remove unused code and to reduce code

7110

duplication. Also, all session managers used for session replication now

7111

extend <code>org.apache.catalina.ha.session.ClusterManagerBase</code>.

(markt)

</td></tr>

</table>

</blockquote></td></tr></table>

7116

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.1 (markt)/Jasper"></a><a name="Tomcat_7.0.1_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

7117

7118

7119

Remove references to Jikes since it does not support Java 6. (markt)

7120

</td></tr>

7121

7122

Correct over zealous type checking for EL in attributes that broke the

7123

use of JSF converters. (markt)

7124

</td></tr>

7125

7126

Correct algorithm used to identify correct method to use when a

7127

MethodExpressions is used in EL. (markt)

7128

</td></tr>

7129

7130

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49217">49217</a>: Ensure that identifiers used in EL meet the

7131

requirements of the Java Language Specification. (markt)

7132

</td></tr>

7133

7134

Improve logging of JSP exceptions by including JSP snippet (if enabled)

7135

rather than just the root cause in the host log. (markt)

7136

</td></tr>

7137

7138

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49555">49555</a>: Correctly handled Tag Libraries where functions are

7139

defined in static inner classes. (markt)

7140

</td></tr>

7141

</table>

7142

</blockquote></td></tr></table>

7143

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.1 (markt)/Cluster"></a><a name="Tomcat_7.0.1_(markt)/Cluster"><strong>Cluster</strong></a></font></td></tr><tr><td><blockquote>

7144

7145

7146

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49127">49127</a>: Don't swallow exceptions unnecessarily in

7147

<code>SimpleTcpReplicationManager.startInternal()</code>. (markt)

7148

</td></tr>

7149

7150

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49407">49407</a>: Change the BackupManager so it is consistent with

7151

DeltaManager and reports both primary and backup sessions when active

7152

sessions are requested. (markt)

7153

</td></tr>

7154

7155

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49445">49445</a>: When session ID is changed after authentication,

7156

ensure the DeltaManager replicates the change in ID to the other nodes

7157

in the cluster. (kfujino)

7158

</td></tr>

7159

</table>

7160

</blockquote></td></tr></table>

7161

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.1 (markt)/Web applications"></a><a name="Tomcat_7.0.1_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

7162

7163

7164

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49112">49112</a>: Update the ROOT web application's index page. Patch

7165

provided by pid. (markt)

7166

</td></tr>

7167

7168

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49213">49213</a>: Add the permissions necessary to enable the Manager

7169

application to operate currently when running with a security manager.

(markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49436">49436</a>: Correct documented default for readonly attribute of

7174

the UserDatabase component. (markt)

7175

</td></tr>

7176

7177

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49475">49475</a>: Use new role name for manager application access on

7178

the ROOT web application's index page. (markt)

7179

</td></tr>

7180

7181

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49476">49476</a>: CSRF protection was preventing access to the session

7182

expiration features. Also switch the manager application to the generic

7183

CSRF protection filter. (markt)

7184

</td></tr>

7185

7186

Better handle failure to create directories required for new hosts in

7187

the Host Manager application. (markt)

7188

</td></tr>

7189

7190

Switch the Host Manager application to the generic CSRF protection for

7191

the HTML interface and prevent started hosts from being started and

7192

stopped hosts from being stopped. (markt)

7193

</td></tr>

7194

7195

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49518">49518</a>: Fix typo in extras documentation. (markt)

7196

</td></tr>

7197

7198

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49522">49522</a>: Fix regression due to change of name for MBeans for

7199

naming resources that broke the complete server status page in the

7200

manager application. Note these MBeans now have a new name. (markt)

7201

</td></tr>

7202

7203

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49570">49570</a>: When using the example compression filter, set the

7204

Vary header on compressed responses. (markt)

7205

</td></tr>

7206

7207

Add redirects for the root of the manager and host-manager web

7208

applications that redirect users to the html interface rather than

7209

returning a 404. (markt)

7210

</td></tr>

7211

7212

Provide the HTML Manager application with the ability to differentiate

7213

between primary, backup and proxy sessions. Note that proxy sessions are

7214

only shown if enabled in web.xml. (markt)

7215

</td></tr>

7216

</table>

7217

</blockquote></td></tr></table>

7218

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.1 (markt)/Other"></a><a name="Tomcat_7.0.1_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

7219

7220

7221

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49130">49130</a>: Better describe the core package in the Windows

7222

installer, making it clear that the service will be installed. Patch

7223

provided by sebb. (markt)

7224

</td></tr>

7225

7226

Re-factor unit tests to enable them to be run once with each of the HTTP

7227

connector implementations (BIO, NIO and APR/native). (markt)

7228

</td></tr>

7229

7230

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=49268">49268</a>: Add the necessary plumbing to include CheckStyle in

7231

the build process. Start with no checks. Additional checks will be

7232

added as they are agreed. (markt)

7233

</td></tr>

7234

7235

Updated to Ant 1.8.1. The build now requires a minimum of Ant 1.8.x.

(markt)

</td></tr>

Update the re-packaged version of commons-fileupload from 1.2.1 to

7240

1.2.2. The layout of re-packaged version was also restored to the

7241

original commons-fileupload layout to make merging of future updates

easier. (markt)

</td></tr>

Update the re-packaged version of Jakarta BCEL from trunk revision

7246

880760 to trunk revision 978831. (markt)

7247

</td></tr>

7248

</table>

7249

</blockquote></td></tr></table>

7250

</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.0 (markt)"></a><a name="Tomcat_7.0.0_(markt)"><strong>Tomcat 7.0.0 (markt)</strong></a></font></td><td align="right" bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>beta, 2010-06-29</strong></font></td></tr><tr><td colspan="2"><blockquote>

7251

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.0 (markt)/Catalina"></a><a name="Tomcat_7.0.0_(markt)/Catalina"><strong>Catalina</strong></a></font></td></tr><tr><td><blockquote>

7252

7253

7254

Update Servlet support to the Servlet 3.0 specification. (all)

7255

</td></tr>

7256

7257

Improve and document VirtualWebappLoader. (rjung)

7258

</td></tr>

7259

7260

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=43642">43642</a>: Add prestartminSpareThreads attribute for Executor.

(jfclere)

</td></tr>

Switch from AnnotationProcessor to InstanceManager. Patch provided by

7265

David Jecks with modifications by Remy. (remm/fhanik)

7266

</td></tr>

7267

7268

<a href="http://svn.apache.org/viewvc?view=rev&rev=620845">r620845</a> and <a href="http://svn.apache.org/viewvc?view=rev&rev=669119">r669119</a>. Make shutdown address

7269

configurable. (jfclere)

7270

</td></tr>

7271

7272

<a href="http://svn.apache.org/viewvc?view=rev&rev=651977">r651977</a> Add some missing control checks to

7273

<code>ThreadWithAttributes</code>. (markt)

7274

</td></tr>

7275

7276

<a href="http://svn.apache.org/viewvc?view=rev&rev=677640">r677640</a> Add a startup class that does not require any

7277

configuration files. (costin)

7278

</td></tr>

7279

7280

<a href="http://svn.apache.org/viewvc?view=rev&rev=700532">r700532</a> Log if temporary file operations within the CGI

7281

servlet fail. Make sure header Reader is closed on failure. (markt)

7282

</td></tr>

7283

7284

<a href="http://svn.apache.org/viewvc?view=rev&rev=708541">r708541</a> Delete references to DefaultContext which was removed

in 6.0.x. (markt)

</td></tr>

<a href="http://svn.apache.org/viewvc?view=rev&rev=709018">r709018</a> Initial implementation of an asynchronous file handler

for JULI. (fhanik)

</td></tr>

Give session thisAccessedTime and lastAccessedTime clear semantics.

(rjung)

</td></tr>

Expose thisAccessedTime via Session interface. (rjung)

7297

</td></tr>

7298

7299

Provide a log format for JULI that provides the same information as the

7300

default but on a single line. (markt)

7301

</td></tr>

7302

7303

<a href="http://svn.apache.org/viewvc?view=rev&rev=723889">r723889</a> Provide the ability to configure the Executor job

7304

queue size and a timeout for adding jobs to the queue. (fhanik)

7305

</td></tr>

7306

7307

Add support for aliases to StandardContext. This allows content from

7308

other directories and/or WAR files to be mapped to paths within the

context. (markt)

</td></tr>

Provide clearer definition of Lifecycle interface, particularly start

7313

and stop, and align components that implement Lifecycle with this

definition. (markt)

</td></tr>

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48662">48662</a>: Provide a new option to control the copying of context

7318

XML descriptors from web applications to the host's xmlBase. Copying of

7319

XML descriptors is now disabled by default. (markt)

7320

</td></tr>

7321

7322

Move comet classes from the org.apache.catalina package to the

7323

org.apache.catalina.comet package to allow comet to work under a

7324

security manager. (markt)

7325

</td></tr>

7326

</table>

7327

</blockquote></td></tr></table>

7328

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.0 (markt)/Coyote"></a><a name="Tomcat_7.0.0_(markt)/Coyote"><strong>Coyote</strong></a></font></td></tr><tr><td><blockquote>

7329

7330

7331

Port SSLInsecureRenegotiation from mod_ssl. This requires

7332

to use tomcat-native 1.2.21 that have option to detect this

7333

support from OpenSSL library. (mturk)

7334

</td></tr>

7335

7336

Allow bigger AJP packets also for request bodies and responses

7337

using the packetSize attribute of the Connector. (rjung)

7338

</td></tr>

7339

<tr><td><img alt="update" class="icon" src="./images/update.gif"></td><td><a href="http://svn.apache.org/viewvc?view=rev&rev=703017">r703017</a> Make Java socket options consistent between NIO

7340

and JIO connector. Expose all the socket options available on

7341

<code>java.net.Socket</code> (fhanik)

7342

</td></tr>

7343

7344

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=46051">46051</a>: The writer returned by <code>getWriter()</code> now

7345

conforms to the <code>PrintWriter</code> specification and uses platform

7346

dependent line endings rather than always using <code>\r\n</code>.

(markt)

</td></tr>

Use tc-native 1.2.x which is based on APR 1.3.3+ (mturk)

7351

</td></tr>

7352

7353

<a href="http://svn.apache.org/viewvc?view=rev&rev=724239">r724239</a> NIO connector now always uses an Executor. (fhanik)

7354

</td></tr>

7355

7356

<a href="http://svn.apache.org/viewvc?view=rev&rev=724393">r724393</a> Implement keepAliveCount for NIO connector in a thread

7357

safe manner. (fhanik)

7358

</td></tr>

7359

7360

<a href="http://svn.apache.org/viewvc?view=rev&rev=724849">r724849</a> Implement keep alive timeout for NIO connector.

(fhanik)

</td></tr>

</table>

</blockquote></td></tr></table>

7365

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.0 (markt)/Jasper"></a><a name="Tomcat_7.0.0_(markt)/Jasper"><strong>Jasper</strong></a></font></td></tr><tr><td><blockquote>

7366

7367

7368

Update JSP support to the JSP 2.2 specification. (markt)

7369

</td></tr>

7370

7371

Update EL support to the EL 2.2 specification. (markt)

7372

</td></tr>

7373

7374

<a href="http://svn.apache.org/viewvc?view=rev&rev=787978">r787978</a> Use "1.6" as the default value for compilerSourceVM

7375

and compilerTargetVM options of Jasper. (kkolinko)

7376

</td></tr>

7377

7378

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48358">48358</a>: Add support for limiting the number of JSPs that are

7379

loaded at any one time. Based on a patch by Isabel Drost. (markt)

7380

</td></tr>

7381

7382

<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=48689">48689</a>: Access TLD files through a new JarResource interface

7383

to make extending Jasper simpler, particularly in OSGi environments.

7384

Patch provided by Jarek Gawor. (markt)

7385

</td></tr>

7386

</table>

7387

</blockquote></td></tr></table>

7388

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="High Availability"></a><a name="High_Availability"><strong>High Availability</strong></a></font></td></tr><tr><td><blockquote>

7389

7390

7391

Add support for UDP and secure communication to tribes. (fhanik)

7392

</td></tr>

7393

7394

Add versioning to the tribes communication protocol to support future

7395

developments. (fhanik)

7396

</td></tr>

7397

7398

Add a demo on how to use the payload. (fhanik)

7399

</td></tr>

7400

7401

Started to add JMX support to the cluster implementation. (markt)

7402

</td></tr>

7403

7404

<a href="http://svn.apache.org/viewvc?view=rev&rev=609778">r609778</a> Minor fixes to the throughput interceptor and the

7405

NIO receiver. (fhanik)

7406

</td></tr>

7407

7408

<a href="http://svn.apache.org/viewvc?view=rev&rev=630234">r630234</a> Additional checks for the NIO receiver. (fhanik)

7409

</td></tr>

7410

7411

<a href="http://svn.apache.org/viewvc?view=rev&rev=671650">r671650</a> Improve error message when multicast is not enabled.

(fhanik)

</td></tr>

</table>

</blockquote></td></tr></table>

7416

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.0 (markt)/Web applications"></a><a name="Tomcat_7.0.0_(markt)/Web_applications"><strong>Web applications</strong></a></font></td></tr><tr><td><blockquote>

7417

7418

7419

<a href="http://svn.apache.org/viewvc?view=rev&rev=631321">r631321</a> Update changelog to support the <rev> element

7420

in the documentation. (fhanik)

7421

</td></tr>

7422

7423

A number of additional roles were added to the Manager and Host Manager

7424

applications to separate out permissions for the HTML interface, the

7425

text interface and the JMX proxy. (markt)

7426

</td></tr>

7427

7428

CSRF protection was added to the Manager and Host Manager applications.

(markt)

</td></tr>

List array elements in the JMX proxy output of the Manager application.

(rjung)

</td></tr>

</table>

</blockquote></td></tr></table>

7437

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.0 (markt)/Extras"></a><a name="Tomcat_7.0.0_(markt)/Extras"><strong>Extras</strong></a></font></td></tr><tr><td><blockquote>

7438

7439

7440

A new JmxRemoteLifecycleListener that can be used to fix the ports used

7441

for remote JMX connections, eg when using JConsole. (markt)

7442

</td></tr>

7443

</table>

7444

</blockquote></td></tr></table>

7445

<table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat 7.0.0 (markt)/Other"></a><a name="Tomcat_7.0.0_(markt)/Other"><strong>Other</strong></a></font></td></tr><tr><td><blockquote>

7446

7447

7448

Numerous code clean-up changes including the use of generics and

7449

removing unused imports, fields, parameters and methods. (markt)

7450

</td></tr>

7451

7452

All deprecated internal code has been removed. <b>Warning:</b> If you

7453

have custom components for a previous Tomcat version that extend

7454

internal Tomcat classes and override deprecated methods it is highly

7455

likely that they will no longer work. (markt)

7456

</td></tr>

7457

7458

Parameterize version number throughout build scripts and source. (rjung)

7459

</td></tr>

7460

</table>

7461

</blockquote></td></tr></table>

7462

</blockquote></td></tr></table></td></tr><tr><td colspan="2"><hr noshade size="1"></td></tr><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>

7463

7464

</em></font></div></td></tr></table></body></html>