tomcat升级为7.0.85
diff --git a/tomcat-7/conf/catalina.policy b/tomcat-7/conf/catalina.policy
index 354d7d6..9a33883 100644
--- a/tomcat-7/conf/catalina.policy
+++ b/tomcat-7/conf/catalina.policy
@@ -72,7 +72,7 @@
permission java.io.FilePermission
"${catalina.base}${file.separator}logs", "read, write";
permission java.io.FilePermission
- "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+ "${catalina.base}${file.separator}logs${file.separator}*", "read, write, delete";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getClassLoader";
@@ -194,8 +194,9 @@
// The Manager application needs access to the following packages to support the
-// session display functionality. These settings support the following
-// configurations:
+// session display functionality. It also requires the custom Tomcat
+// DeployXmlPermission to enable the use of META-INF/context.xml
+// These settings support the following configurations:
// - default CATALINA_HOME == CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
@@ -205,6 +206,7 @@
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
+ permission org.apache.catalina.security.DeployXmlPermission "manager";
};
grant codeBase "file:${catalina.home}/webapps/manager/-" {
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
@@ -212,8 +214,23 @@
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
+ permission org.apache.catalina.security.DeployXmlPermission "manager";
};
+// The Host Manager application needs the custom Tomcat DeployXmlPermission to
+// enable the use of META-INF/context.xml
+// These settings support the following configurations:
+// - default CATALINA_HOME == CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, per instance Host Manager in CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, shared Host Manager in CATALINA_HOME
+grant codeBase "file:${catalina.base}/webapps/host-manager/-" {
+ permission org.apache.catalina.security.DeployXmlPermission "host-manager";
+};
+grant codeBase "file:${catalina.home}/webapps/host-manager/-" {
+ permission org.apache.catalina.security.DeployXmlPermission "host-manager";
+};
+
+
// You can assign additional permissions to particular web applications by
// adding additional "grant" entries here, based on the code base for that
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
diff --git a/tomcat-7/conf/catalina.properties b/tomcat-7/conf/catalina.properties
index cb4e5d5..f231698 100644
--- a/tomcat-7/conf/catalina.properties
+++ b/tomcat-7/conf/catalina.properties
@@ -131,3 +131,7 @@
#tomcat.util.buf.StringCache.char.enabled=true
#tomcat.util.buf.StringCache.trainThreshold=500000
#tomcat.util.buf.StringCache.cacheSize=5000
+
+# Allow for changes to HTTP request validation
+# WARNING: Using this option will expose the server to CVE-2016-6816
+#tomcat.util.http.parser.HttpParser.requestTargetAllow=|
diff --git a/tomcat-7/conf/web.xml b/tomcat-7/conf/web.xml
index 91c8875..9816f30 100644
--- a/tomcat-7/conf/web.xml
+++ b/tomcat-7/conf/web.xml
@@ -232,8 +232,8 @@
<!-- suppressSmap Should the generation of SMAP info for JSR45 -->
<!-- debugging be suppressed? [false] -->
<!-- -->
- <!-- trimSpaces Should white spaces in template text between -->
- <!-- actions or directives be trimmed? [false] -->
+ <!-- trimSpaces Should template text that consists entirely of -->
+ <!-- whitespace be removed from the output? [false] -->
<!-- -->
<!-- xpoweredBy Determines whether X-Powered-By response -->
<!-- header is added by generated servlet. [false] -->
@@ -330,6 +330,11 @@
<!-- If not set, then webAppRootDir is used. -->
<!-- Recommended value: WEB-INF/cgi -->
<!-- -->
+ <!-- enableCmdLineArguments -->
+ <!-- Are command line parameters generated from -->
+ <!-- the query string as per section 4.4 of 3875 -->
+ <!-- RFC? [true] -->
+ <!-- -->
<!-- executable Name of the executable used to run the -->
<!-- script. [perl] -->
<!-- -->
@@ -342,6 +347,15 @@
<!-- [ACCEPT[-0-9A-Z]*|CACHE-CONTROL|COOKIE|HOST| -->
<!-- IF-[-0-9A-Z]*|REFERER|USER-AGENT] -->
<!-- -->
+ <!-- environment-variable- An environment to be set for the execution -->
+ <!-- environment of the CGI script. The name of -->
+ <!-- variable is taken from the parameter name. -->
+ <!-- To configure an environment variable named -->
+ <!-- FOO, configure a parameter named -->
+ <!-- environment-variable-FOO. The parameter value -->
+ <!-- is used as the environment variable value. -->
+ <!-- The default is no environment variables. -->
+ <!-- -->
<!-- parameterEncoding Name of parameter encoding to be used with -->
<!-- CGI servlet. -->
<!-- [System.getProperty("file.encoding","UTF-8")] -->
@@ -2869,7 +2883,7 @@
</mime-mapping>
<mime-mapping>
<extension>otf</extension>
- <mime-type>application/x-font-otf</mime-type>
+ <mime-type>font/otf</mime-type>
</mime-mapping>
<mime-mapping>
<!-- OpenDocument Drawing Template -->
@@ -3908,11 +3922,11 @@
</mime-mapping>
<mime-mapping>
<extension>ttc</extension>
- <mime-type>application/x-font-ttf</mime-type>
+ <mime-type>font/collection</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ttf</extension>
- <mime-type>application/x-font-ttf</mime-type>
+ <mime-type>font/ttf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ttl</extension>
@@ -4301,7 +4315,11 @@
</mime-mapping>
<mime-mapping>
<extension>woff</extension>
- <mime-type>application/x-font-woff</mime-type>
+ <mime-type>font/woff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>woff2</extension>
+ <mime-type>font/woff2</mime-type>
</mime-mapping>
<mime-mapping>
<extension>wpd</extension>