You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/10/11 19:00:16 UTC
[tomcat] 01/02: First pass at 10.1 to 11.0 updates
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f04018e7ce8b3865bcebe68d5c8489a4fea81acb
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Oct 11 19:55:09 2022 +0100
First pass at 10.1 to 11.0 updates
---
README.md | 2 +-
build.properties.default | 8 +-
build.xml | 4 +-
java/org/apache/catalina/ant/jmx/package.html | 4 +-
java/org/apache/catalina/ant/package.html | 4 +-
java/org/apache/catalina/util/ServerInfo.java | 4 +-
java/org/apache/tomcat/util/compat/JreCompat.java | 2 +-
modules/jdbc-pool/pom.xml | 4 +-
modules/openssl-foreign/pom.xml | 2 +-
modules/owb/pom.xml | 2 +-
res/ide-support/eclipse/eclipse.project | 2 +-
res/ide-support/eclipse/start-tomcat.launch | 6 +-
res/ide-support/eclipse/stop-tomcat.launch | 6 +-
res/maven/mvn-pub.xml | 2 +-
res/maven/mvn.properties.default | 2 +-
res/rat/rat-excludes.txt | 2 +-
webapps/docs/changelog.xml | 2498 +--------------------
webapps/docs/config/http.xml | 2 +-
webapps/docs/tomcat-docs.xsl | 8 +-
webapps/docs/web-socket-howto.xml | 31 -
20 files changed, 35 insertions(+), 2560 deletions(-)
diff --git a/README.md b/README.md
index 839a36719c..e1abc71e7b 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@ The documentation available as of the date of this release is
included in the docs webapp which ships with tomcat. You can access that webapp
by starting tomcat and visiting <http://localhost:8080/docs/> in your browser.
The most up-to-date documentation for each version can be found at:
-- [Tomcat 10.1](https://tomcat.apache.org/tomcat-10.1-doc/)
+- [Tomcat 11.0](https://tomcat.apache.org/tomcat-11.0-doc/)
- [Tomcat 10.0](https://tomcat.apache.org/tomcat-10.0-doc/)
- [Tomcat 9](https://tomcat.apache.org/tomcat-9.0-doc/)
- [Tomcat 8](https://tomcat.apache.org/tomcat-8.5-doc/)
diff --git a/build.properties.default b/build.properties.default
index 4b6859cf61..82fb31bc3e 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -29,11 +29,11 @@
# -----------------------------------------------------------------------------
# ----- Version Control Flags -----
-version.major=10
-version.minor=1
-version.build=2
+version.major=11
+version.minor=0
+version.build=0
version.patch=0
-version.suffix=
+version.suffix=-M1
version.dev=-dev
# ----- Build tools -----
diff --git a/build.xml b/build.xml
index b76fbcd3bf..e49889674e 100644
--- a/build.xml
+++ b/build.xml
@@ -15,7 +15,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<project name="Tomcat 10.1" default="deploy" basedir="."
+<project name="Tomcat 11.0" default="deploy" basedir="."
xmlns:if="ant:if"
xmlns:unless="ant:unless"
xmlns:jacoco="antlib:org.jacoco.ant"
@@ -2068,7 +2068,7 @@
<executiondata>
<file file="${coverage.datafile}"/>
</executiondata>
- <structure name="Tomcat 10.1.x Code Coverage">
+ <structure name="Tomcat 11.0.x Code Coverage">
<classfiles>
<fileset dir="${tomcat.classes}"/>
</classfiles>
diff --git a/java/org/apache/catalina/ant/jmx/package.html b/java/org/apache/catalina/ant/jmx/package.html
index e05ece3a3b..f7867a2759 100644
--- a/java/org/apache/catalina/ant/jmx/package.html
+++ b/java/org/apache/catalina/ant/jmx/package.html
@@ -20,8 +20,8 @@
<em>Ant (version 1.6 or later)</em> that can be used to interact with the
Remote JMX JSR 160 RMI Adaptor to get/set attributes, invoke MBean operations
and query for Mbeans inside a running instance of Tomcat. For more information, see
-<a href="https://tomcat.apache.org/tomcat-10.1-doc/monitoring.html">
-https://tomcat.apache.org/tomcat-10.1-doc/monitoring.html</a>.</p>
+<a href="https://tomcat.apache.org/tomcat-11.0-doc/monitoring.html">
+https://tomcat.apache.org/tomcat-11.0-doc/monitoring.html</a>.</p>
<p>Each task element can open a new jmx connection or reference an
existing one. The following attribute are exists in every tasks:</p>
diff --git a/java/org/apache/catalina/ant/package.html b/java/org/apache/catalina/ant/package.html
index 830afc801e..e4067ad25a 100644
--- a/java/org/apache/catalina/ant/package.html
+++ b/java/org/apache/catalina/ant/package.html
@@ -20,8 +20,8 @@
<em>Ant (version 1.6.x or later)</em> that can be used to interact with the
Manager application to deploy, undeploy, list, reload, start and stop web applications
from a running instance of Tomcat. For more information, see
-<a href="https://tomcat.apache.org/tomcat-10.1-doc/manager-howto.html">
-https://tomcat.apache.org/tomcat-10.1-doc/manager-howto.html</a>.</p>
+<a href="https://tomcat.apache.org/tomcat-11.0-doc/manager-howto.html">
+https://tomcat.apache.org/tomcat-11.0-doc/manager-howto.html</a>.</p>
<p>The attributes of each task element correspond
exactly to the request parameters that are included with an HTTP request
diff --git a/java/org/apache/catalina/util/ServerInfo.java b/java/org/apache/catalina/util/ServerInfo.java
index 4f45b29663..7f8f1748ce 100644
--- a/java/org/apache/catalina/util/ServerInfo.java
+++ b/java/org/apache/catalina/util/ServerInfo.java
@@ -67,13 +67,13 @@ public class ServerInfo {
ExceptionUtils.handleThrowable(t);
}
if (info == null || info.equals("Apache Tomcat/@VERSION@")) {
- info = "Apache Tomcat/10.1.x-dev";
+ info = "Apache Tomcat/11.0.x-dev";
}
if (built == null || built.equals("@VERSION_BUILT@")) {
built = "unknown";
}
if (number == null || number.equals("@VERSION_NUMBER@")) {
- number = "10.1.x";
+ number = "11.0.x";
}
serverInfo = info;
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java b/java/org/apache/tomcat/util/compat/JreCompat.java
index 3e90bed588..993096617a 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -48,7 +48,7 @@ public class JreCompat {
}
graalAvailable = result || System.getProperty("org.graalvm.nativeimage.imagecode") != null;
- // This is Tomcat 10.1.x with a minimum Java version of Java 11.
+ // This is Tomcat 11.0.x with a minimum Java version of Java 11.
// Look for the highest supported JVM first
if (Jre19Compat.isSupported()) {
instance = new Jre19Compat();
diff --git a/modules/jdbc-pool/pom.xml b/modules/jdbc-pool/pom.xml
index 30895250dc..40e7f286f9 100644
--- a/modules/jdbc-pool/pom.xml
+++ b/modules/jdbc-pool/pom.xml
@@ -65,7 +65,7 @@
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-juli</artifactId>
- <version>10.1.0-M8</version>
+ <version>11.0.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>junit</groupId>
@@ -76,7 +76,7 @@
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-dbcp</artifactId>
- <version>10.1.0-M8</version>
+ <version>11.0.0-SNAPSHOT</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/modules/openssl-foreign/pom.xml b/modules/openssl-foreign/pom.xml
index aac7d891c9..8811bcc22c 100644
--- a/modules/openssl-foreign/pom.xml
+++ b/modules/openssl-foreign/pom.xml
@@ -31,7 +31,7 @@
<version>0.1-SNAPSHOT</version>
<properties>
- <tomcat.version>10.1.0</tomcat.version>
+ <tomcat.version>11.0.0-SNAPSHOT</tomcat.version>
<project.build.outputTimestamp>2021-12-02T12:00:00Z</project.build.outputTimestamp>
</properties>
diff --git a/modules/owb/pom.xml b/modules/owb/pom.xml
index 303f9d2982..539ec7f5ff 100644
--- a/modules/owb/pom.xml
+++ b/modules/owb/pom.xml
@@ -36,7 +36,7 @@
<geronimo-atinject.version>1.2</geronimo-atinject.version>
<geronimo-interceptor.version>1.2</geronimo-interceptor.version>
<geronimo-jcdi.version>1.3</geronimo-jcdi.version>
- <tomcat.version>10.1.0</tomcat.version>
+ <tomcat.version>11.0.0-SNAPSHOT</tomcat.version>
</properties>
<dependencies>
diff --git a/res/ide-support/eclipse/eclipse.project b/res/ide-support/eclipse/eclipse.project
index 8139e415ed..10027f6de0 100644
--- a/res/ide-support/eclipse/eclipse.project
+++ b/res/ide-support/eclipse/eclipse.project
@@ -16,7 +16,7 @@
limitations under the License.
-->
<projectDescription>
- <name>tomcat-10.1.x</name>
+ <name>tomcat-11.0.x</name>
<comment></comment>
<projects>
</projects>
diff --git a/res/ide-support/eclipse/start-tomcat.launch b/res/ide-support/eclipse/start-tomcat.launch
index b0f3eb56f3..0dc362f659 100644
--- a/res/ide-support/eclipse/start-tomcat.launch
+++ b/res/ide-support/eclipse/start-tomcat.launch
@@ -17,13 +17,13 @@
-->
<launchConfiguration type="org.eclipse.jdt.launching.localJavaApplication">
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS">
-<listEntry value="/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java"/>
+<listEntry value="/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java"/>
</listAttribute>
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES">
<listEntry value="1"/>
</listAttribute>
<stringAttribute key="org.eclipse.jdt.launching.MAIN_TYPE" value="org.apache.catalina.startup.Bootstrap"/>
<stringAttribute key="org.eclipse.jdt.launching.PROGRAM_ARGUMENTS" value="start"/>
-<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-10.1.x"/>
-<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
+<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-11.0.x"/>
+<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
</launchConfiguration>
diff --git a/res/ide-support/eclipse/stop-tomcat.launch b/res/ide-support/eclipse/stop-tomcat.launch
index 1c7bcd35cb..91db8adf6f 100644
--- a/res/ide-support/eclipse/stop-tomcat.launch
+++ b/res/ide-support/eclipse/stop-tomcat.launch
@@ -17,13 +17,13 @@
-->
<launchConfiguration type="org.eclipse.jdt.launching.localJavaApplication">
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS">
-<listEntry value="/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java"/>
+<listEntry value="/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java"/>
</listAttribute>
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES">
<listEntry value="1"/>
</listAttribute>
<stringAttribute key="org.eclipse.jdt.launching.MAIN_TYPE" value="org.apache.catalina.startup.Bootstrap"/>
<stringAttribute key="org.eclipse.jdt.launching.PROGRAM_ARGUMENTS" value="stop"/>
-<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-10.1.x"/>
-<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
+<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-11.0.x"/>
+<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
</launchConfiguration>
diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml
index 9781949fa5..e24188a968 100644
--- a/res/maven/mvn-pub.xml
+++ b/res/maven/mvn-pub.xml
@@ -15,7 +15,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<project name="Tomcat 10.1 Maven Deployment" default="" basedir="."
+<project name="Tomcat 11.0 Maven Deployment" default="" basedir="."
xmlns:resolver="antlib:org.apache.maven.resolver.ant"
xmlns:if="ant:if"
xmlns:unless="ant:unless">
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 6e72713f8a..de28419e1e 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
maven.asf.release.repo.repositoryId=apache.releases.https
# Release version info
-maven.asf.release.deploy.version=10.1.2
+maven.asf.release.deploy.version=11.0.0-M1
#Where do we load the libraries from
tomcat.lib.path=../../output/build/lib
diff --git a/res/rat/rat-excludes.txt b/res/rat/rat-excludes.txt
index 4b69f950ca..dffcc1bcef 100644
--- a/res/rat/rat-excludes.txt
+++ b/res/rat/rat-excludes.txt
@@ -234,4 +234,4 @@ output/dist/temp/safeToDelete.tmp
output/res/checkstyle/*
-tomcat-10.1.x/**
+tomcat-11.0.x/**
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7f4dc123d8..63de62acd5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,2513 +104,19 @@
They eventually become mixed with the numbered issues (i.e., numbered
issues do not "pop up" wrt. others).
-->
-<section name="Tomcat 10.1.2 (markt)" rtext="in development">
- <subsection name="Other">
- <changelog>
- <update>
- Update to Commons Daemon 1.3.2. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.1 (markt)" rtext="2022-10-11">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Update the <code>RewriteValve</code> to perform pattern matching using
- dotall mode to avoid unexpected behaviour if the URL includes encoded
- line terminators. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>66276</bug>: Fix incorrect class cast when adding
- a descendant of HTTP/2 streams. (lihan)
- </fix>
- <fix>
- <bug>66281</bug>: Fix unexpected timeouts that may appear as client
- disconnections when using HTTP/2 and NIO2. (markt)
- </fix>
- <fix>
- Enforce the requirement of RFC 7230 onwards that a request with a
- malformed <code>content-length</code> header should always be rejected
- with a 400 response. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>66277</bug>: Fix regressions in refactoring from <code>Stack</code>
- <code>ArrayDeque</code>.
- </fix>
- <add>
- Add support for specifying Java 20 (with the value <code>20</code>) as
- the compiler source and/or compiler target for JSP compilation. If used
- with an Eclipse JDT compiler version that does not support these values,
- a warning will be logged and the default will used.
- (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Documentation. Document the <code>nonceRequestParameterName</code>
- attribute for the <code>CsrfPreventionFilter</code>. Based on
- <pr>553</pr> by Mert Ülkgün. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update to the Eclipse JDT compiler 4.23. (markt)
- </update>
- <update>
- Update Objenesis to 3.2. (markt)
- </update>
- <update>
- Update UnboundID to 6.0.6. (markt)
- </update>
- <update>
- Update Checkstyle to 10.3.4. (markt)
- </update>
- <update>
- Update JaCoCo to 0.8.8. (markt)
- </update>
- <update>
- Update SpotBugs to 4.7.2. (markt)
- </update>
- <update>
- Update JSign to 4.2. (markt)
- </update>
- <update>
- Update Derby to 10.16.1.1. (markt)
- </update>
- <add>
- Improvements to Chinese translations. (markt)
- </add>
- <add>
- Improvements to Czech translations. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations. Contributed by tak7iji and
- Shirayuking. (markt)
- </add>
- <add>
- Improvements to Korean translations. (markt)
- </add>
- <add>
- Improvements to Spanish translations. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0 (markt)" rtext="2022-09-26">
- <subsection name="Coyote">
- <changelog>
- <update>
- Update Panama OpenSSL code for the extensive Java 20 changes. (remm)
- </update>
- <fix>
- Fix a regression in refactoring for Hashtables which caused mbeans to
- lose many of their attributes. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <add>
- <bug>66203</bug>: Log an error message when the JSP compiler is unable
- to create the output directory for the generated code. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Further automation to the build process to reduce the number of manual
- steps that release managers must perform. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M20 (markt)" rtext="not released">
- <subsection name="Coyote">
- <changelog>
- <fix>
- Prepare OpenSSL Panama module for Java 20 API changes. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update the Apache Tomcat migration tool for Jakarta EE library to 1.0.4.
- (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M19 (markt)" rtext="not released">
- <subsection name="Coyote">
- <changelog>
- <fix>
- Correct a regression in the previous fix for <bug>66236</bug>. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M18 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Correct handling of HTTP TRACE requests where there are multiple
- instances of an HTTP header with the same name. (markt)
- </fix>
- <fix>
- Implement the requirements of RFC 7231 and do not include sensitive
- headers in responses to HTTP TRACE requests. (markt)
- </fix>
- <fix>
- Implement the clarification in RFC 9110 that the units in HTTP range
- specifiers are case insensitive. (markt)
- </fix>
- <fix>
- Properly-escape role and group information when writing
- MemoryUserDatabase to an XML file. (schultz)
- </fix>
- <fix>
- Move control of XML-export logic from individual support classes into
- MemoryUserDatabase.save(). Deprecate and discontinue use of MemoryUser,
- MemoryRole, and MemoryGroup classes. (schultz)
- </fix>
- <fix>
- <bug>66183</bug>: When logging cookie values in an access log valve and
- there are multiple cookies with the same name, log all cookie values
- rather than just the first. Based on pull request <pr>541</pr> by Han
- Li. (markt)
- </fix>
- <fix>
- <bug>66184</bug>: Ensure that JULI root loggers have a default level of
- <code>INFO</code>. Pull request <pr>533</pr> provided by Piotr P.
- Karwasz. (markt)
- </fix>
- <fix>
- Improve handling of stack overflow errors when parsing SSI expressions.
- (markt)
- </fix>
- <fix>
- <bug>66120</bug>: Enable FORM authentication to work correctly if
- session persistence and restoration occurs during the authentication
- process. (markt)
- </fix>
- <fix>
- <bug>66233</bug>: Include an error message when sending a 400 response
- because a request has too many cookies. (markt)
- </fix>
- <fix>
- When web application deployment fails due to JARs with duplicate
- fragment names, improve the error message by listing the JARs that
- contain the duplicates. Based on pull request <pr>535</pr> by Mads
- Rolsdorph. (markt)
- </fix>
- <fix>
- Replace logging thread for JULI's <code>AsyncFileHandler</code> with an
- executor to protect against failure of the logging thread. Based on pull
- request <pr>545</pr> by Piotr P. Karwasz. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Avoid potential NPE by skipping duplicate accept check when using a Unix
- Domain Socket. Based on <pr>532</pr> by Han Li. (markt)
- </fix>
- <fix>
- Address an edge case in HTTP header parsing that allowed CRCRLF to be
- used as a valid line terminator. (markt)
- </fix>
- <fix>
- Ensure HTTP/2 requests that include connection specific headers are
- rejected. (markt)
- </fix>
- <fix>
- When processing HTTP/2 requests, allow a <code>host</code> header to be
- used in place of an <code>:authority</code> header. (markt)
- </fix>
- <fix>
- When processing HTTP/2 requests, allow a <code>host</code> header and an
- <code>:authority</code> header to be present providing they are
- consistent. (markt)
- </fix>
- <fix>
- When processing HTTP/2 requests, reject requests containing multiple
- <code>host</code> headers. (markt)
- </fix>
- <fix>
- Make parsing of invalid filename directives in
- <code>Content-Disposition</code> headers more robust. Invalid filename
- directives will now be ignored rather than triggering a 500 response.
- (markt)
- </fix>
- <fix>
- <bug>66194</bug>: Log HTTP/2 stream closures (usually caused by client
- errors) via a <code>UserDataHelper</code> to broadly align it with the
- behaviour of HTTP/1.1 for parsing issues and exceeding limits. (markt)
- </fix>
- <fix>
- <bug>66196</bug>: Align HTTP/1.1 with HTTP/2 and throw an exception when
- attempting to commit a response with an header value that includes one
- or more characters with a code point above 255. (markt)
- </fix>
- <fix>
- <bug>66236</bug>: Implement support for the special values zero and
- minus one when configuring <code>maxSavePostSize</code> for a Connector
- when used in conjunction with TLS renegotiation. (markt)
- </fix>
- <fix>
- <bug>66240</bug>: Avoid int overflow when parsing octets by limiting
- the maximum value to 255. Based on a PR <pr>548</pr> by Stefan Mayr.
- (lihan)
- </fix>
- <fix>
- <pr>550</pr>: Correctly handle case where a Servlet responds to a
- request with an expectation with a 2xx response without reading the
- request body. Pull request provided by Malay Shah. (markt)
- </fix>
- <fix>
- <pr>551</pr>: Avoid potential IndexOutOfBoundsException by fixing
- incorrect check when matching HTTP/2 preface. Submitted by 刘文章.
- (lihan)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- Improve handling of stack overflow errors when parsing EL expressions.
- (markt)
- </fix>
- <fix>
- Correct parsing of integer and floating point literals in EL expressions
- so that larger values are correctly parsed to <code>BigInteger</code>
- and <code>BigDecimal</code> respectively. (markt)
- </fix>
- <fix>
- <bug>66235</bug>: Fix various issues with the bean resolver used for
- Graal. (remm)
- </fix>
- <fix>
- Improve the performance of the <code>ImportHandler</code> in the
- Expression Language implementation. This removes a previous optimisation
- that is now detrimental rather than helpful. Pull request <pr>547</pr>
- provided by rmannibucau. (markt)
- </fix>
- <fix>
- Improve handling of EL error messages so instances of Number are not
- formatted in unexpected ways. (markt/kkolinko)
- </fix>
- <fix>
- Switch to using ELException rather than IllegalArgumentException when a
- type conversion fails during an EL arithmetic operation. This is an EL
- error so ELException seems more appropriate. (markt)
- </fix>
- <fix>
- Fix a bug in <code>MethodExpression</code> handling that triggered an
- error when invoking a static method on an instance of the class rather
- than directly on the class. (markt)
- </fix>
- <fix>
- Use <code>BigInteger.remainder()</code> rather than
- <code>BigInteger.mod()</code> when performing the modulus operation for
- instances of <code>BigInteger</code> as part of an EL expression.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- To aid future additions of new functionality, rather than throw an
- <code>IllegalArgumentException</code> if a <code>DeltaRequest</code> is
- passed an unrecognised action type, a warning message will now be
- logged. (markt)
- </fix>
- <fix>
- <bug>66120</bug>: Enable FORM authentication to work correctly if
- session failover occurs during the authentication process. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <add>
- <bug>62312</bug>: Add support for authenticating WebSocket clients with
- an HTTP forward proxy when establishing a connection to a WebSocket
- endpoint via a forward proxy that requires authentication. Based on a
- patch provided by Joe Mokos. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Ensure that zip archives use UTC for file modification times to ensure
- repeatable builds across time zones. (markt)
- </fix>
- <add>
- Improvements to Chinese translations. (lihan)
- </add>
- <add>
- Improvements to Czech translations. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to German translations. (markt)
- </add>
- <add>
- Improvements to Japanese translations. Contributed by tak7iji and
- Shirayuking. (markt)
- </add>
- <add>
- Improvements to Korean translations. Contributed by 수현. (markt)
- </add>
- <add>
- Improvements to Brazilian Portuguese translations. (markt)
- </add>
- <add>
- Improvements to Russian translations. (markt)
- </add>
- <add>
- Improvements to Spanish translations. (markt)
- </add>
- <update>
- Update the Apache Tomcat migration tool for Jakarta EE library to 1.0.3.
- (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M17 (markt)" rtext="2022-07-20">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>66104</bug>: Avoid error message by not trying to clean up old
- files from the logging directory before the directory has been created.
- Based on <pr>521</pr> by HanLi. (markt)
- </fix>
- <update>
- Update the Jakarta Common Annotations API to 2.1.1. This deprecates the
- <code>ManagedBean</code> annotation which will be removed in a future
- release. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- Provide dedicated loggers
- (<code>org.apache.tomcat.util.net.NioEndpoint.handshake</code> /
- <code>org.apache.tomcat.util.net.Nio2Endpoint.handshake</code>) for TLS
- handshake failures. (markt)
- </add>
- <add>
- Enable the use of the FIPS provider for TLS enabled Connectors when
- using Tomcat Native 1.2.34 onwards built with OpenSSL 3.0.x onwards.
- (markt)
- </add>
- <scode>
- Remove the <code>jvmRoute</code> system property used to configure a
- default value for the <code>jvmRoute</code> attribute of an Engine.
- (markt)
- </scode>
- <update>
- Update experimental Panama modules with support for OpenSSL 3.0+.
- OpenSSL 1.1 remains supported. (remm)
- </update>
- <fix>
- Correct a regression in the refactoring to support experimentation with
- project Loom that broke HTTP/2 support if async IO was disabled. (markt)
- </fix>
- <fix>
- Fix duplicate Poller registration with HTTP/2, NIO and async IO that
- could cause HTTP/2 connections to unexpectedly fail. (markt)
- </fix>
- <update>
- Refactor Panama module to better take advantage of the Panama preview
- API updates and fixes. Improves memory session usage and avoids some
- allocations. Review from Maurizio Cimadamore. (remm)
- </update>
- <update>
- Update the minimum recommended version of the Tomcat Native Library to
- 2.0.1. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <add>
- Add support for specifying Java 19 (with the value <code>19</code>) as
- the compiler source and/or compiler target for JSP compilation. If used
- with an Eclipse JDT compiler version that does not support these values,
- a warning will be logged and the default will used.
- (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <update>
- Remove configuration settings related to the restriction on WebSocket
- endpoint deployment that was removed in version 2.1 of the
- specification. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Documentation. <bug>62245</bug>: Include <code>contextXsltFile</code>
- when discussing options for configuring directory listings. (markt)
- </fix>
- <fix>
- Examples. Fix CVE-2022-34305, a low severity XSS vulnerability in the
- Form authentication example. (markt)
- </fix>
- <fix>
- Documentation. Expand the description of the <code>useSendfile</code>
- attribute for HTTP/2 and reference the possibility of file locking when
- using this feature on Windows operating systems. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update to bnd 6.3.1. (markt)
- </update>
- <update>
- The minimum Ant version required to build Tomcat 10.1.x is now 1.10.2.
- (markt)
- </update>
- <add>
- Add additional automation to the build process to reduce the number of
- manual steps that release managers must perform. (schultz)
- </add>
- <add>
- Implement support for reproducible builds. Reproducible builds are
- independent of operating system but require the same Ant version and
- same JDK (vendor and version) to be used as associated version
- information is embedded in a number of build outputs such as JAR file
- manifests. (markt)
- </add>
- <update>
- Update the minimum supported version of Tomcat Native to 1.2.34 to allow
- the removal of the deprecated Java API associated with features that
- will be removed in Tomcat Native 2.0.x. (markt)
- </update>
- <fix>
- Remove and/or update references to the removed
- <code>org.apache.tomcat.util.threads.res</code> package. The
- <code>LocalStrings*.properties</code> files in that package were moved
- to <code>org.apache.tomcat.util.threads</code> package for consistency
- with the rest of the Tomcat code base. (markt)
- </fix>
- <fix>
- <bug>66134</bug>: The NSIS based Tomcat installer for Windows now
- correctly handles the combination of <code>TomcatAdminRoles</code>
- defined in a configuration file and selecting the Manager and/or
- Host Manager web applications in the installer's GUI. (markt)
- </fix>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.27. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.5.3. (remm)
- </update>
- <update>
- Update the Apache Tomcat migration tool for Jakarta EE library to 1.0.1.
- (markt)
- </update>
- <update>
- Update the packaged version of the Tomcat Native Library to 2.0.1 to
- pick up the Windows binaries built with with OpenSSL 3.0.5. (markt)
- </update>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed tak7iji. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M16 (markt)" rtext="2022-06-09">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Update the memory leak protection code to support stopping application
- created executor threads when running on Java 19 and later. (markt)
- </fix>
- <fix>
- Improve the error message if a required <code>--add-opens</code> option
- is missing. (markt)
- </fix>
- <fix>
- Disable the memory leak correction code enabled by the Context attribute
- <code>clearReferencesObjectStreamClassCaches</code> when running on a
- JRE that includes a fix for the underlying memory leak. (markt)
- </fix>
- <fix>
- <pr>515</pr>: Avoid deadlock on startup with some utility executor
- configurations. Submitted by Han Li. (remm)
- </fix>
- <fix>
- <bug>66068</bug>: Ensure that the changes made to a request by the
- <code>RemoteIPValve</code> persist after the request is put into
- asynchronous mode. (markt)
- </fix>
- <add>
- Include the major version in the recommended version used for Tomcat
- Native with the <code>AprLifecycleListener</code>. (markt)
- </add>
- <scode>
- Remove the reporting of the unused APR feature flags. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Additional fix for <bug>65118</bug>. Fix a potential
- <code>NullPointerException</code> when pruning closed HTTP/2 streams
- from the connection. (markt)
- </fix>
- <scode>
- Refactor synchronization blocks locking on <code>SocketWrapper</code> to
- use <code>ReentrantLock</code> to support users wishing to experiment
- with project Loom. (markt)
- </scode>
- <fix>
- <bug>66076</bug>: When using TLS with non-blocking writes and the NIO
- connector, ensure that flushing the buffers attempts to empty all of the
- output buffers. (markt)
- </fix>
- <fix>
- <bug>66084</bug>: Correctly calculate bytes written to a response. Pull
- request <pr>516</pr> provided by aooohan HanLi. (markt)
- </fix>
- <add>
- Correct a regression in the support added for encrypted PKCS#1 formatted
- private keys in the previous release that broke support for unencrypted
- PKCS#1 formatted private keys. (jfclere/markt)
- </add>
- <update>
- Remove support for NPN when using the Tomcat Native Connector as NPN was
- never standardised and browser support for NPN was removed several years
- ago. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- Update XML schema used for generated web fragments to use the Servlet
- 6.0 web fragment schema. (markt)
- </fix>
- <fix>
- Update the XML schema used by the web fragment defined for the Jasper EL
- JAR to use the Servlet 6.0 web fragment schema. (markt)
- </fix>
- <fix>
- Update <code>ImportHandler</code> optimisation for new classes
- introduced in Java 19. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web Socket">
- <changelog>
- <fix>
- Update the XML schema used by the web fragment defined for the WebSocket
- JAR to use the Servlet 6.0 web fragment schema. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>66064</bug>: Update the building page in the documentation web
- application to reflect changes in required Java version and source
- repository. (markt)
- </fix>
- <fix>
- Documentation. Make the description of the HTTP/1.1 configuration
- attributes that control the maximum allowed HTTP header size more
- specific. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <fix>
- Increase the default buffer size for replication messages from 43800 to
- 65536 bytes. This is expected to improve performance for large messages
- when running on Linux based systems. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed by Shirayuking and
- tak7iji. (markt)
- </add>
- <add>
- Improvements to Chinese translations contributed by Dingzi2012. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M15 (markt)" rtext="2022-05-16">
- <subsection name="Catalina">
- <changelog>
- <scode>
- <bug>65853</bug>: Refactor the <code>CsrfPreventionFilter</code> to make
- it easier for sub-classes to modify the nonce generation and storage.
- Based on suggestions by Marvin Fröhlich. (markt)
- </scode>
- <fix>
- <bug>65991</bug>: Avoid NPE with <code>SSLAuthenticator</code> when
- <code>boundOnInit</code> is used on a connector, during the check
- for client certificate authentication availability. (remm)
- </fix>
- <fix>
- <bug>66009</bug>: Use <code>getSubjectX500Principal().toString()</code>
- rather than <code>getSubjectX500Principal().getName(...)</code> to
- retrieve a certificate DN, to match the output of the deprecated
- <code>getSubjectDN().getName()</code> that was used previously. (remm)
- </fix>
- <add>
- Revert the change in 10.1.0-M11 that added a mapping of
- <code>Shift_JIS</code> for the <code>ja</code> locale to the default
- mappings used by <code>ServletResponse.setLocale()</code> as it
- caused regressions for applications using UTF-8. (markt)
- </add>
- <add>
- Provide a property source that sources values from Kubernetes service
- bindings. Pull request <pr>512</pr> provided by Sumit Kulhadia and
- Gareth Evans. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- <pr>501</pr>: Add new <code>maxHttpRequestHeaderSize</code> and
- <code>maxHttpResponseHeaderSize</code> attributes which allow setting
- the maximum HTTP header sizes independently. If not specified, the
- value of the <code>maxHttpHeaderSize</code> connector attribute will
- be used. Submitted by Zhongming Hua. (remm)
- </add>
- <fix>
- The root cause of the Linux kernel duplicate accept bug has been
- identified along with the version of the kernel that includes the fix.
- The error message displayed when this bug occurs has been updated to
- reflect this new information and to advise users to update to a version
- of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for
- the research into this issue. (markt)
- </fix>
- <scode>
- Remove the custom UTF-8 decoder that was introduced to work around
- various UTF-8 decoding bugs in Java. These issues were fixed in early
- Java 8 releases. Now the minimum Java version is 11, we can be sure that
- Tomcat will not be running on a JRE where these issues are present.
- (markt)
- </scode>
- <fix>
- <bug>66023</bug>: Improve the fix for <bug>65726</bug> and support HTTP
- upgrade with a request body for a wider set of use cases. (markt)
- </fix>
- <fix>
- <bug>66035</bug>: Add NULL check on the SSL session reference in the
- Panama code before accessing the session id and creation time. (remm)
- </fix>
- <add>
- Add support for encrypted PKCS#1 formatted private keys when configuring
- the internal, in memory key store. Based on <pr>511</pr>.
- (jfclere/markt)
- </add>
- <fix>
- Remove the <code>prestartminSpareThreads</code> attribute of the
- <code>StandardThreadExecutor</code> since all core threads are always
- started by default making this attribute meaningless. Pull request
- <pr>510</pr> provided by Aooohan. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- To align with the JSP 3.1 specification, make the
- <code>jsp:plugin</code> action a NO-OP. No HTML will be generated as a
- result the <code>jsp:plugin</code> action being included in a JSP. This
- is be because the associated HTML elements are no longer supported by
- any major browser. (markt)
- </update>
- <fix>
- <bug>66031</bug>: Fix NPE when using a custom JspFactory. Patch by
- Jean-Louis Monteiro. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Webapps">
- <changelog>
- <fix>
- <bug>66008</bug>: In the documentation web application, clarify the
- recommendation for the use the <code>trimSpaces</code> option for Jasper
- in production environments. (markt)
- </fix>
- <fix>
- Update the documentation web application to state that the
- <code>EncryptInterceptor</code> does not provide sufficient protection
- to run Tomcat clustering over an untrusted network. This is
- CVE-2022-29885. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Improvements to Chinese translations contributed by shawn. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to German translations contributed by Thomas Hoffmann.
- (markt)
- </add>
- <add>
- Improvements to Japanese translations contributed by Shirayuking.
- (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <update>
- Update to Commons Daemon 1.3.1. This fixes a known regression in 1.3.0
- when configuring the Windows service with custom scripts as described in
- <bug>66055</bug>. (markt)
- </update>
- <update>
- Update to JSign 4.1. (markt)
- </update>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.33 to
- pick up Windows binaries built with OpenSSL 1.1.1o.(markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M14 (markt)" rtext="2022-04-01">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>65736</bug>: Disable the <code>forceString</code> option for the
- JNDI <code>BeanFactory</code> and replace it with an automatic search
- for an alternative setter with the same name that accepts a
- <code>String</code>. This is a security hardening measure. (markt)
- </fix>
- <add>
- Remove the <code>WebappClassLoaderBase.getResources()</code> method as
- it is not used and if something accidentally exposes the class loader
- this method can be used to gain access to Tomcat internals. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M13 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <scode>
- Update the JASPIC 2.0 API to Jakarta Authentication 3.0 (JASPIC was
- renamed for Jakarta EE 10) including the implementation of the new
- methods on <code>AuthConfigFactory</code>. (markt)
- </scode>
- <scode>
- Harden the CredentialHandler implementations by switching to a
- constant-time implementation for credential comparisons. (schultz/markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Use a constant for the default TLS cipher suite. This will allow
- skipping setting it in some cases (for example, it does not make
- sense for OpenSSL TLS 1.3). (remm)
- </fix>
- <fix>
- <pr>487</pr>: Improve logging of unknown settings frames. Pull request
- by Thomas Hoffmann. (remm)
- </fix>
- <add>
- <bug>65975</bug>: Add a warning if a TLS virtual host is configured with
- optional certificate authentication and the containing connector is also
- configured to support HTTP/2 as HTTP/2 does not permit optional
- certificate authentication. (markt)
- </add>
- <add>
- <bug>65975</bug>: Add a warning if a TLS virtual host is configured for
- TLS 1.3 with a JSSE implementation and a web application is configured
- for <code>CLIENT-CERT</code> authentication. <code>CLIENT-CERT</code>
- authentication requires post-handshake authentication (PHA) when used
- with TLS 1.3 but the JSSE TLS 1.3 implementation does not support PHA.
- (markt)
- </add>
- <fix>
- Improve the recycling of Processor objects to make it more robust.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>65959</bug>: Serialize Function as String[] rather Class[]. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>65947</bug>: Correct the name of HTTP/1.1 configuration property
- (<code>maxHttpHeaderSize</code>) that is inherited by the HTTP/2 upgrade
- protocol. Thanks to Thomas Hoffmann. (markt)
- </fix>
- <fix>
- <bug>65952</bug>: Align <code>--add-opens</code> configuration for jsvc
- with the current Tomcat scripts. (markt)
- </fix>
- <fix>
- Correct the AJP and HTTP/1.1 Connector configuration pages in the
- documentation web application to show which attributes are applicable to
- all Connectors and which are implementation specific. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Correct a spelling mistake in the German translations. Thanks to Thomas
- Hoffmann. (markt)
- </fix>
- <fix>
- <bug>65951</bug>: Use the <code>tomcat.output</code> property for OSGi
- bundle manifest paths. (isapir)
- </fix>
- <update>
- Update to Commons Daemon 1.3.0. (markt)
- </update>
- <update>
- Update to Checkstyle 10.0. (markt)
- </update>
- <update>
- Update to SpotBugs 4.6.0. (markt)
- </update>
- <add>
- Expand the <code>spotbugs</code> Ant task to also cover test code.
- (markt)
- </add>
- <update>
- Update to bnd 6.2.0. (markt)
- </update>
- <update>
- Remove OSGi annotations dependency as it is no longer required with bnd
- 6.2.0. (markt)
- </update>
- <update>
- Update to the Eclipse JDT compiler 4.23. (markt)
- </update>
- <scode>
- Refactor the resource files for the Apache Tomcat installer for Windows
- so that all the resource files are located in a single directory in the
- source tree. (markt)
- </scode>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.32 to
- pick up Windows binaries built with OpenSSL 1.1.1n.(markt)
- </update>
- <add>
- Improvements to Chinese translations contributed by 15625988003. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed by tak7iji. (markt)
- </add>
- <add>
- Expand coverage of translations for <code>jakarta.el</code> package.
- Based on <pr>488</pr> from Volodymyr Siedlecki. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M12 (markt)" rtext="2022-03-14">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <pr>477</pr>: Update the default list of JARs to skip to include the
- Apache Log4j JAR for Jakarta EE platforms. Pull request by Michael
- Seele. (markt)
- </fix>
- <fix>
- <bug>65921</bug>: The <code>type</code> substitution flag for the
- rewrite valve should set the content type for the response, not the
- request. (markt)
- </fix>
- <fix>
- <pr>479</pr>: Enable the rewrite valve to redirect requests when the
- original request cannot be mapped to a context. This typically happens
- when no ROOT context is defined. Pull request by elkman. (markt)
- </fix>
- <fix>
- <bug>65940</bug>: Fix <code>NullPointerException</code> if an exception
- occurs during the destruction of a Servlet. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Fix regression introduced with <bug>65757</bug> bugfix which better
- identified non request threads but which introduced a similar problem
- when user code was doing sequential operations in a single thread.
- Test case code submitted by Istvan Szekely. (remm)
- </fix>
- <fix>
- Fix potential thread-safety issue that could cause HTTP/1.1 request
- processing to wait, and potentially timeout, waiting for additional
- data when the full request has been received. (markt)
- </fix>
- <fix>
- Throw <code>IOException</code> rather than
- <code>IllegalStateException</code> when the application attempts to
- write to an HTTP/2 stream after the client has closed the stream.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- When resolving methods in EL expressions that use beans and/or static
- fields, ensure that any custom type conversion is considered when
- identifying the method to call. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Correct the name of the <code>value</code> attribute in the new
- documentation of <code>OpenSSLConfCmd</code> elements. (rjung)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- Fix typo in JPMS substitution configuration for WebSocket client module.
- (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M11 (markt)" rtext="2022-02-28">
- <subsection name="Catalina">
- <changelog>
- <add>
- Add <code>ha-api-*.jar</code> and <code>jaxws-rt-*.jar</code> to the
- list of JARs to skip when scanning for TLDs, web fragments and
- annotations. (michaelo)
- </add>
- <add>
- Expand the default mappings used by
- <code>ServletResponse.setLocale()</code> to include a mapping from the
- <code>ja</code> locale to the <code>Shift_JIS</code> encoding. (markt)
- </add>
- <fix>
- <bug>65806</bug>: Improve the handling of session ID generation when the
- default algorithm for <code>SecureRandom</code> (<code>SHA1PRNG</code>)
- is not supported by the configured providers as will be the case for a
- FIPS compliant configuration. (markt)
- </fix>
- <add>
- <pr>463</pr>: Add support for additional user attributes to
- <code>TomcatPrincipal</code> and <code>GenericPrincipal</code>.
- Patch provided by Carsten Klein. (michaelo)
- </add>
- <fix>
- <pr>464</pr>: Fall back to the class loader used to load JULI when the
- thread context class loader is not set. In a normal Tomcat
- configuration, this will be the system class loader. Based on a pull
- request by jackshirazi. (markt)
- </fix>
- <fix>
- <pr>469</pr>: Include the Jakarata Annotations API in the classes that
- Tomcat will not load from web applications. Pull request provided by
- ppkarwasz. (markt)
- </fix>
- <fix>
- Fix a potential <code>StringIndexOutOfBoundsException</code> exception
- when generating a WebDAV multi-status response after an error during a
- copy or delete. Report the paths relative to the server root for any
- resources with an error. (markt)
- </fix>
- <fix>
- Improve the format of WebDAV XML responses to make them easier for
- humans to read. The change ensures that there is always a line break
- before starting a new element. (markt)
- </fix>
- <fix>
- Improve validation of the <code>Destination</code> header for WebDAV
- <code>MOVE</code> and <code>COPY</code> requests. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Correct a regression in the fix for <bug>65454</bug> that meant that
- <code>minSpareThreads</code> and <code>maxThreads</code> settings were
- ignored when the Connector used an internal executor. (markt)
- </fix>
- <fix>
- <bug>65776</bug>: Improve the detection of the Linux duplicate accept
- bug and reduce (hopefully avoid) instances of false positives. (markt)
- </fix>
- <fix>
- <bug>65848</bug>: Revert the change that attempted to align the
- behaviour of client certificate authentication with NIO or NIO2 with
- OpenSSL for TLS between MacOS and Linux/Windows as the root cause was
- traced to configuration differences. (markt)
- </fix>
- <fix>
- <pr>467</pr>: When system time moves backwards (e.g. after clock
- correction), ensure that the cached formatted current date used for
- HTTP headers tracks this change. Pull request provided by zhenguoli.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <pr>474</pr>: Prevent a tag file from corrupting the ELContext of the
- calling page. Pull request provided by Dmitri Blinov. (markt)
- </fix>
- <fix>
- Minor optimisation of serialization for <code>FunctionMapperImpl</code>
- in response to pull request <pr>476</pr>. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Remove the applet example from the example web application as applets
- are no longer supported in any major browser. (markt)
- </fix>
- <scode>
- Refactor a small number of pages in the examples web application to
- avoid an issue with reproducible builds due to differences in file
- ordering across different operating systems with Ant's zip task. (markt)
- </scode>
- <fix>
- Better documentation for the <code>protocol</code> attribute of the
- <code>JNDIRealm</code>. (markt)
- </fix>
- <fix>
- Clarify the settings described in the documentation web application to
- configure a cluster using static membership. (markt)
- </fix>
- <add>
- Add information on the <code>OpenSSLConf</code> and
- <code>OpenSSLConfCmd</code> elements to the HTTP SSL configuration page
- in the documentation web applications. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="jdbc-pool">
- <changelog>
- <scode>
- Use LF line endings for text files in JARs to support reproducible
- builds across different operating systems. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <scode>
- Use LF line endings for text files in JARs to support reproducible
- builds across different operating systems. (markt)
- </scode>
- <fix>
- Fix dependencies for individual test targets in Ant build file. Based on
- <pr>468</pr> provided by Totoo chenyonghui. (markt)
- </fix>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.26. (remm)
- </update>
- <fix>
- Revert the cherry-pick of JavaDoc fix from DBCP applied in 10.1.0.M9
- that broke the <code>DataSourceMXBean</code> by using a type that isn't
- supported by MXBeans. (markt)
- </fix>
- <add>
- Improvements to Chinese translations contributed by cloudgyb, totoo and
- Chenyonghui1028. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to German translations contributed by Andreas Abraham.
- (markt)
- </add>
- <add>
- Improvements to Japanese translations contributed by tak7iji and
- Shirayuking. (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <add>
- Improvements to Spanish translations contributed by ceciliabarudi.
- (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M10 (markt)" rtext="2022-01-20">
- <subsection name="Coyote">
- <changelog>
- <fix>
- Correct a regression in the fix for <bug>65785</bug> that broke HTTP/2
- server push. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M9 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Add missing check in <code>SessionCookieConfig.setAttribute()</code> to
- ensure that the method fails if called after the web application has
- started. (markt)
- </fix>
- <fix>
- Add additional locking to <code>DataSourceUserDatabase</code> to provide
- improved protection for concurrent modifications. (markt)
- </fix>
- <fix>
- Add recycling check in the input and output stream isReady to try to
- give a more informative ISE when the facade has been recycled. (remm)
- </fix>
- <fix>
- Make the calculation of the session storage location more robust when
- using file based persistent storage. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>65726</bug>: Implement support for HTTP/1.1 upgrade when the
- request includes a body. The maximum permitted size of the body is
- controlled by <code>maxSavePostSize</code>. (markt)
- </fix>
- <fix>
- Restore pre-starting of <code>minSpareThreads</code> lost in the fix for
- <bug>65454</bug>. (markt)
- </fix>
- <fix>
- Revert the previous fix for <bug>65714</bug> and implement a more
- comprehensive fix. (markt)
- </fix>
- <fix>
- Allow freeing up context on JVM shutdown in the OpenSSL Panama module
- by properly using a shared scope. (remm)
- </fix>
- <fix>
- <bug>65757</bug>: Missing initial IO listener notification on Servlet
- container dispatch to another container thread. (remm)
- </fix>
- <fix>
- Expand the fix for <bug>65757</bug> so that rather than just checking if
- processing is happening on a container thread, the check is now if
- processing is happening on the container thread currently allocated to
- this request/response. (markt)
- </fix>
- <fix>
- Improve the fix for RST frame ordering added in 10.1.0-M8 to avoid a
- potential deadlock on some systems in non-default configurations.
- (markt)
- </fix>
- <add>
- <bug>65767</bug>: Add support for certificates that use keys encrypted
- using PBES2. Based on a pull request provided by xiezhaokun. (markt)
- </add>
- <scode>
- Refactor testing whether a String is a valid HTTP token. (markt)
- </scode>
- <fix>
- <bug>65785</bug>: Perform additional validation of HTTP headers when
- using HTTP/2. (markt)
- </fix>
- <fix>
- When a Connector or Endpoint is paused, ensure that only new connections
- and new requests on existing connections are stopped while allowing in
- progress requests to run to completion. (markt)
- </fix>
- <fix>
- Explicitly release ByteBuffer instances associated with pooled channels
- when stopping the NioEndpoint and Nio2Endpoint. (markt)
- </fix>
- <fix>
- Narrow the scope of the logging of invalid cookie headers to just the
- invalid cookie rather than the whole cookie header. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>65724</bug>: Fix missing messages for some
- <code>PropertyNotWritableException</code>s caused by a typo in the name
- used for a resource string. (markt)
- </fix>
- <add>
- Add support for specifying Java 18 (with the value <code>18</code>) as
- the compiler source and/or compiler target for JSP compilation. If used
- with an Eclipse JDT compiler version that does not support these values,
- a warning will be logged and the default will used.
- (markt)
- </add>
- <update>
- To align with the JSP 3.1 specification that requires Java 11 as a
- minimum, make the default JSP source version and target version Java 11.
- (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- Remove the <code>ALLOW_UNSUPPORTED_EXTENSIONS</code> system property. As
- per RFC 6455, all extensions are optional. If an endpoint declares an
- extension that isn't supported there is no need to trigger an error. The
- extension can just be excluded from the result of the negotiation.
- (markt)
- </fix>
- <fix>
- Remove the <code>DISABLE_BUILTIN_EXTENSIONS</code>. It was added to
- enable Tomcat to pass the WebSocket TCK but after updates to the TCK, it
- is no longer required. (markt)
- </fix>
- <add>
- Add support for POJO WebSocket endpoints to the programmatic upgrade
- that allows applications to opt to upgrade an HTTP connection to
- WebSocket. (markt)
- </add>
- <add>
- Add support for the WebSocket 2.1 client-side API for configuring TLS
- connection for wss client connections. (markt)
- </add>
- <fix>
- <bug>65763</bug>: Improve handling of WebSocket connection close if a
- message write times out before the message is fully written. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.25. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.5.0. (remm)
- </update>
- <add>
- Improvements to Chinese translations contributed by zhnnn. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed by Shirayuking, yoshy
- and tak7iji. (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <add>
- Improvements to Spanish translations contributed by Israel. (markt)
- </add>
- <update>
- Update SpotBugs to 4.5.2. (markt)
- </update>
- <update>
- Update to the Eclipse JDT compiler 4.22. (markt)
- </update>
- <update>
- Update the NSIS installer to 3.08. (markt)
- </update>
- <update>
- Update UnboundID to 6.0.3. (markt)
- </update>
- <update>
- Update CheckStyle to 9.2.1. (markt)
- </update>
- <update>
- Update BND to 6.1.0. (markt)
- </update>
- <update>
- Update OSGI annotations to 1.1.1. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M8 (markt)" rtext="2021-12-08">
- <subsection name="Catalina">
- <changelog>
- <update>
- Log warning if a listener is not nested inside a Server element
- although it must have been. (michaelo)
- </update>
- <fix>
- Where the getter can be called safely, remove the checks for
- <code>ServletContext</code> getters called from a
- <code>contextInitialized()</code> method of a
- <code>ServletContextListener</code> that was not defined in a
- <code>web.xml</code> file, a <code>web-fragment.xml</code> file nor
- annotated with <code>WebListener</code>. (markt)
- </fix>
- <fix>
- Make SPNEGO authentication more robust for the case where the provided
- credential has expired. (markt)
- </fix>
- <fix>
- Limit cookie support to RFC 6265 to align with recent updates to the
- Servlet specification. (markt)
- </fix>
- <fix>
- <bug>65684</bug>: Fix a potential <code>NullPointerException</code> when
- using JULI. (markt)
- </fix>
- <docs>
- Document conditions under which the <code>AprLifecycleListener</code>
- can be used to avoid JVM crashes. (michaelo)
- </docs>
- <fix>
- Refactor the <code>AsyncFileHandler</code> to reduce the possibility of
- log messages being lost on shutdown. (markt)
- </fix>
- <update>
- Refactor the <code>AsyncFileHandler</code> to remove the need for the
- <code>org.apache.juli.AsyncLoggerPollInterval</code>. If set, this
- property now has no effect. (markt)
- </update>
- <add>
- Add debug logging to the <code>RestCsrfPreventionFilter</code>. Based on
- pull request <pr>452</pr> by Polina Georgieva. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- Use implicit scopes in the OpenSSL Panama module to tie the cleanup of
- OpenSSL memory to the Java GC. (remm)
- </add>
- <add>
- Provide protection against a known <a
- href="https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1924298">OS
- bug</a> that causes the acceptor to report an incoming connection more
- than once. (markt)
- </add>
- <fix>
- Avoid unnecessary duplicate read registrations for blocking I/O with the
- NIO connector. (markt)
- </fix>
- <fix>
- <bug>65677</bug>: Improve exception handling for errors during HTTP/1.1
- reads with NIO2. (markt)
- </fix>
- <fix>
- When an error occurs that triggers a stream reset, ensure that the first
- <code>RST</code> frame sent to the client is the one associated with the
- error that triggered the reset. (markt)
- </fix>
- <fix>
- <bug>65714</bug>: Fix exceptions when the security manager is enabled
- and the first request received after starting is an HTTP request to a
- TLS enabled NIO2 connector. (markt)
- </fix>
- <add>
- Ensure that using NIO or NIO2 with OpenSSL for TLS behaves the same way
- on MacOS as it does on Linux and Windows when no trusted certificate
- authorities are configured and reject all client certificates. (markt)
- </add>
- <fix>
- Avoid a potential deadlock during the concurrent processing of incoming
- HTTP/2 frames for a stream and that stream being reset. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <add>
- Update the WebSocket API packaging to remove the copy of the client API
- from the server API and replace it with a dependency on the client API.
- This aligns Tomcat with changes in the WebSocket 2.1 specification.
- (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M7 (markt)" rtext="2021-11-15">
- <subsection name="Catalina">
- <changelog>
- <scode>
- Refactor <code>HttpServlet</code> so the default <code>doHead()</code>
- implementation now calls <code>doGet()</code> and relies on the
- container to ensure that the response body is not sent. The previous
- behaviour (wrapping the response) may be enabled per Servlet by setting
- the <code>jakarta.servlet.http.legacyDoHead</code> Servlet
- initialisation parameter to <code>true</code>. This aligns Tomcat with
- recent changes updates for Servlet 6.0 in the Jakarta Servlet
- specification project. (markt)
- </scode>
- <add>
- Add support for setting generic attributes for session cookies. This
- aligns Apache Tomcat with recent changes in the Jakarta Servlet
- specification project. (markt)
- </add>
- <fix>
- Do not add a trailing <code>/</code> to a request URI during
- canonicalization. (markt)
- </fix>
- <fix>
- Invalid byte sequences (typically in %nn form) in a request URi that are
- not valid for the given URI encoding now trigger a 400 response. (markt)
- </fix>
- <fix>
- Ensure that a request URI starts with a <code>/</code>. (markt)
- </fix>
- <add>
- Add a new Connector option, <code>rejectSuspiciousURIs</code> that will
- causes 'suspicious' (see the Servlet 6.0 specification) URIs to be
- rejected with a 400 response. (markt)
- </add>
- <fix>
- Improve robustness of JNDIRealm for exceptions occurring when getting
- the connection. Also add missing close when running into issues
- getting the passord of a user. (remm)
- </fix>
- <docs>
- Add Javadoc comment which listeners must be nested within
- <code>Server</code> elements only. (michaelo)
- </docs>
- <add>
- Add support for custom caching strategies for web application resources.
- This initial implementation allows control over whether or not a
- resource is cached. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <scode>
- Improve performance of Connector shutdown - primarily to reduce the time
- it takes to run the test suite. (markt)
- </scode>
- <add>
- <pr>457</pr>: Add a <code>toString()</code> method to
- <code>MimeHeader</code> to aid debugging. (dblevins)
- </add>
- <add>
- Add experimental OpenSSL support through the Panama API incubating in
- Java 17, with support for OpenSSL 1.1+. This no longer requires
- tomcat-native or APR. Please refer to the <code>openssl-java17</code>
- module for more details. (remm)
- </add>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- Regenerate the EL parser using JavaCC 7.0.10. (markt)
- </update>
- <fix>
- Fix a bug that prevented the EL parser correctly parsing a literal Map
- that used variables rather than literals for both keys and values.
- (markt)
- </fix>
- <update>
- Ensure that the <code>getType()</code> method of any
- <code>ELResolver</code> implementation returns <code>null</code> if
- either the <code>ELResolver</code> or the resolved property is read-only
- to align Tomcat with recent updates in the Jakarta EL specification
- project. (markt)
- </update>
- <fix>
- Implement an alternative solution to support the JSP page directive
- attribute <code>isThreadSafe</code> now that the
- <code>SingleThreadModel</code> interface has been removed from the
- Servlet API. The new approach synchronizes the <code>service()</code>
- method.
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <update>
- Add a new method<code>
- ServerEndpointConfig.Configurator.getContainerDefaultConfigurator()
- </code>to align with recent updates in the WebSocket specification
- project. (markt)
- </update>
- <update>
- Add a new method <code>ServerContainer.upgradeHttpToWebSocket()</code>
- to align with recent updates in the WebSocket specification project.
- (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <fix>
- <pr>454</pr>: Differentiate warning messages in
- <code>KubernetesMembershipProvider</code> so that the missing attribute
- is clear to the user. PR provided by Hal Deadman. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Switch from Cobertura to JaCoCo for code coverage as Cobertura does not
- support code coverage for code compiled for Java 11 onwards. It also
- removes the need to use a single thread to run the tests. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M6 (markt)" rtext="2021-10-01">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Provide the DataSource in the constructor of
- <code>DataSourceUserDatabase</code>, since it is always global. (remm)
- </fix>
- <fix>
- Fix delete then create object manipulations with
- <code>DataSourceUserDatabase</code>. (remm)
- </fix>
- <update>
- Remove all deprecated code from the Servlet API to align Tomcat with
- recent changes in the Jakarta Servlet specification project. (markt)
- </update>
- <add>
- Add the currently available Jakarta EE 10 schemas from the Jakarta EE
- schema project. (markt)
- </add>
- <add>
- Implement the new connection ID and request ID API for Servlet 6.0.
- (markt)
- </add>
- <fix>
- <bug>65553</bug>: Implement a work-around for a
- <a href="https://bugs.openjdk.java.net/browse/JDK-8273874">JRE bug</a>
- that can trigger a memory leak when using the JNDI realm. (markt)
- </fix>
- <fix>
- <bug>65586</bug>: Fix the bloom filter used to improve performance of
- archive file look ups in the web resources implementation so it works
- correctly for directory lookups whether or not the provided directory
- name includes the trailing <code>/</code>. (markt)
- </fix>
- <fix>
- <pr>451</pr>: Improve the usefulness of the thread name cache used in
- JULI. Pull request provided by t-gergely. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>65563</bug>: Correct parsing of HTTP <code>Content-Range</code>
- headers. Tomcat was incorrectly requiring an <code>=</code> character
- after <code>bytes</code>. Fix based on pull request <pr>449</pr> by
- Thierry Guérin. (markt)
- </fix>
- <fix>
- Correct a potential <code>StackOverflowException</code> with HTTP/2 and
- sendfile. (markt)
- </fix>
- <fix>
- Further improvements in the management of the connection flow control
- window. This addresses various bugs that caused streams to incorrectly
- report that they had timed out waiting for an allocation from the
- connection flow control window. (markt)
- </fix>
- <fix>
- <bug>65577</bug>: Fix a <code>AccessControlException</code> reporting
- when running an NIO2 connector with TLS enabled. (markt)
- </fix>
- <update>
- Reclassify TLS ciphers that use AESCCM8 as medium security rather than
- high security to align with recent changes in OpenSSL. (markt)
- </update>
- <fix>
- Fix an issue that caused some Servlet non-blocking API reads of the HTTP
- request body to incorrectly use blocking IO. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <scode>
- Deprecate <code>ELResolver.getFeatureDescriptors</code> to align Tomcat
- with recent updates in the Jakarta EL specification project. (markt)
- </scode>
- <add>
- Add support for default methods to <code>BeanRELResolver</code> to align
- Tomcat with recent updates in the Jakarta EL specification project.
- (markt)
- </add>
- <add>
- Add support for <code>MethodReference</code> and the associated getter
- on <code>MethodExpression</code> to align Tomcat with recent updates in
- the Jakarta EL specification project. (markt)
- </add>
- <add>
- Refactor <code>ScopedAttributeELResolver</code> to separate out the
- functionality that is unrelated to scoped attributes into two new
- resolvers: <code>ImportELResolver</code> and
- <code>NotFoundELResolver</code>. This aligns Tomcat with recent updates
- to the Jakarta Server Pages specification. (markt)
- </add>
- <fix>
- Fix the implementation of <code>MethodExpression.getMethodInfo()</code>
- so that it returns the expected value rather than failing when the
- method expression is defined with the parameter values in the expression
- rather than the types being passed explicitly to
- <code>ExpressionFactory.createMethodExpression()</code>. (markt)
- </fix>
- <add>
- Add support for a new page/tag directive <code>errorOnELNotFound</code>
- that can be used to trigger an identifier if an EL expression in a
- page/tag contains an identifier that cannot be resolved. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- The internal upgrade handler should close the associated
- <code>WebConnection</code> on destroy. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <update>
- Update the web applications that are included with Apache Tomcat to use
- the Jakarta EE 10 schema for web.xml. (markt)
- </update>
- <fix>
- Clarify the JASPIC configuration options in the documentation web
- application. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- <bug>65585</bug>: Update obsolete comments at the start of the
- <code>build.properties.default</code> file. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M5 (markt)" rtext="2021-09-10">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Enable Tomcat to start if an (old) XML parser is configured that does
- not support <code>allow-java-encodings</code>. A warning will be logged
- if such an XML parser is detected. (markt)
- </fix>
- <fix>
- Change the behaviour of custom error pages. If an error occurs after the
- response is committed, once the custom error page content has been added
- to the response the connection is now closed immediately rather than
- closed cleanly. i.e. the last chunk that marks the end of the response
- body is no longer sent. This acts as an additional signal to the client
- that the request experienced an error. (markt)
- </fix>
- <fix>
- <bug>65479</bug>: When handling requests using JASPIC authentication,
- ensure that <code>PasswordValidationCallback.getResult()</code> returns
- the result of the password validation rather than always returning
- <code>false</code>. Fixed via pull request <pr>438</pr> provided by
- Robert Rodewald. (markt)
- </fix>
- <update>
- Improve the reusability of the <code>UserDatabase</code> by adding
- intermediate concrete implementation classes and allowing to do
- partial database updates on <code>save</code>. (remm)
- </update>
- <scode>
- Refactor the authenticators to delegate the check for preemptive
- authentication to the individual authenticators where an authentication
- scheme specific check can be performed. Based on pull request
- <pr>444</pr> by Robert Rodewald. (markt)
- </scode>
- <add>
- Add a <code>UserDatabase</code> implementation as a superset of the
- <code>DataSourceRealm</code> functionality. (remm)
- </add>
- <fix>
- Make sure the dynamic Principal returned by
- <code>UserDatabaseRealm</code> stays up to date with the database
- contents, and add an option to have it be static, similar to the other
- realms. (remm)
- </fix>
- <add>
- Add <code>derby-*.jar</code> to the list of JARs to skip when scanning
- for TLDs, web fragments and annotations. (markt)
- </add>
- <fix>
- <pr>447</pr>. Correct JPMS metadata for catalina.jar. Pull request
- provided by Hui Wang. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Correct a logic error that meant setting
- <code>certificateKeystoreFile</code> to <code>NONE</code> did not have
- the expected effect. <code>NONE</code> was incorrectly treated as a file
- path. Patch provided by Mikael Sterner. (markt)
- </fix>
- <scode>
- Remove the deprecated APR/Native connector which includes the HTTP APR
- and the AJP APR connector. Also remove the Java interfaces to the
- APR/Native library that are not used by the OpenSSL integration for the
- NIO and NIO2 connectors. (markt)
- </scode>
- <scode>
- Refactor the JSSE/OpenSSL integration to avoid the use of
- <code>finalize()</code>. (markt)
- </scode>
- <fix>
- <bug>65505</bug>: When an HTTP header value is removed, ensure that the
- order of the remaining header values is unchanged. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- <bug>65506</bug>: Fix write timeout check that was using the read
- timeout value. Patch submitted by Gustavo Mahlow. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Remove unnecessary Context settings from the examples web application.
- (markt)
- </fix>
- <fix>
- Document default value for <code>unpackWARs</code> and related clean-up.
- Pull request <pr>439</pr> provided by Robert Rodewald. (markt)
- </fix>
- <fix>
- Clarify the documentation of the <code>compressionMinSize</code> and
- <code>compressibleMimeType</code> HTTP <code>Connector</code>
- attributes. Pull request <pr>442</pr> provided by crisgeek. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <scode>
- Refactor the <code>ParallelNioSender</code> to avoid the use of
- <code>finalize()</code>. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Fix failing build when building on non-English locales. Pull request
- <pr>441</pr> provided by Dachuan J. (markt)
- </fix>
- <update>
- Update to JSign version 4.0 to enable code signing without the need for
- the installation of additional client tools. (markt)
- </update>
- <update>
- Add Apache Derby 10.15.2.0 to the testsuite dependencies, for JDBC
- and DataSource testing. (remm)
- </update>
- <add>
- Update the internal fork of Apache Commons BCEL to 40d5eb4 (2021-09-01,
- 6.6.0-SNAPSHOT). Code clean-up only. (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons Codec to fd44e6b (2021-09-01,
- 1.16-SNAPSHOT). Minor refactoring. (markt)
- </add>
- <add>
- <bug>65661</bug>: Update the internal fork of Apache Commons FileUpload
- to 33d2d79 (2021-09-01, 2.0-SNAPSHOT). Refactoring and code clean-up. As
- a result of Commons File Upload now using
- <code>java.nio.file.Files</code>, applications using multi-part uploads
- need to ensure that the JVM is configured with sufficient direct memory
- to store all in progress multi-part uploads. (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons Pool to 2.11.1 (2021-08-17).
- Improvements, code clean-up and refactoring. (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons DBCP to 2.9.0 (2021-08-03).
- Improvements, code clean-up and refactoring. (markt)
- </add>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.31 to
- pick up Windows binaries built with OpenSSL 1.1.1l.(markt)
- </update>
- <update>
- Switch to the CDN as the primary download location for ASF dependencies.
- (markt)
- </update>
- <add>
- Improvements to Chinese translations contributed by syseal, wolibo,
- ZhangJieWen and DigitalFatCat. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed by tak7iji. (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M4 (markt)" rtext="2021-08-06">
- <subsection name="WebSocket">
- <changelog>
- <fix>
- Correct a regression in the Java 8 to Java 11 changes made in 10.1.0-M3
- that caused all WebSocket end points to fail to register. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M3 (markt)" rtext="not released">
- <subsection name="General">
- <changelog>
- <update>
- Update the minimum required Java version to Java 11. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Catalina">
- <changelog>
- <scode>
- Incremented the supported Jakarta Servlet version to 6.0 to align with
- the current development branch of the Jakarta Servlet specification.
- Plans have changed and the next iteration of the Servlet specification
- will be 6.0 rather than 5.1. (markt)
- </scode>
- <fix>
- <bug>65411</bug>: Always close the connection when an uncaught
- <code>NamingException</code> occurs to avoid connection locking.
- Submitted by Ole Ostergaard. (remm)
- </fix>
- <fix>
- <bug>65433</bug>: Correct a regression in the fix for <bug>65397</bug>
- where a <code>StringIndexOutOfBoundsException</code> could be triggered
- if the canonical path of the target of a symlink was shorter than the
- canonical path of the directory in which the symlink had been created.
- Patch provided by Cedomir Igaly. (markt)
- </fix>
- <add>
- <bug>65443</bug>: Refactor the <code>CorsFilter</code> to make it easier
- to extend. (markt)
- </add>
- <fix>
- To avoid unnecessary cache revalidation, do not add an HTTP
- <code>Expires</code> header when setting adding an HTTP header of
- <code>CacheControl: private</code>. (markt)
- </fix>
- <scode>
- Refactor JULI's custom <code>LogManager</code>, the
- web application class loader implementation, the web resources
- implementation, the <code>JreLeakPreventionListener</code>
- implementation and the <code>StandardJarScanner</code> implementation to
- remove Java 8 specific code now that the minimum Java version has been
- increased to 11. (markt)
- </scode>
- <scode>
- Remove all references to the endorsed standards override feature and the
- specifying of optional packages (extensions) in the manifest as these
- are not supported in Java 11. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- When writing an HTTP/2 response via sendfile (only enabled when
- <code>useAsyncIO</code> is true) the connection flow control window was
- sometimes ignored leading to various error conditions. sendfile now
- checks both the stream and connection flow control windows before
- writing. (markt)
- </fix>
- <add>
- Add debug logging for writing an HTTP/2 response via sendfile. (markt)
- </add>
- <fix>
- Correct bugs in the HTTP/2 connection flow control management that meant
- it was possible for a connection to stall waiting for a connection flow
- control window update that had already arrived. Any streams on that
- connection that were trying to write when this happened would time out.
- (markt)
- </fix>
- <fix>
- <bug>65448</bug>: When using TLS with NIO, it was possible for a
- blocking response write to hang just before the final TLS packet
- associated with the response until the connection timed out at which
- point the final packet would be sent and the connection closed. (markt)
- </fix>
- <fix>
- <bug>65454</bug>: Fix a race condition that could result in a delay to
- a new request. The new request could be queued to wait for an existing
- request to finish processing rather than the thread pool creating a new
- thread to process the new request. (markt)
- </fix>
- <fix>
- <bug>65460</bug>: Correct a regression introduced in the previous
- release in the change to reduce the number of small HTTP/2 window
- updates sent for streams. A logic error meant that small window updates
- for the connection were dropped. This meant that the connection flow
- window slowly reduced over time until nothing could be sent. (markt)
- </fix>
- <fix>
- Remove NIO workarounds and code that is no longer needed with Java 11.
- (remm)
- </fix>
- <scode>
- Refactor the endpoints to remove Java 8 specific code now that the
- minimum Java version has been increased to 11. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <scode>
- Add additional generics to the EL API to align with the latest changes
- in the EL specification project. (markt)
- </scode>
- <add>
- Enable EL lambda expressions to be coerced to functional interfaces.
- This is an implementation of a proposed extension to the Jakarta
- Expression Language specification. (markt)
- </add>
- <scode>
- Refactor the EL API and implementation to remove Java 8 specific code
- now that the minimum Java version has been increased to 11. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <scode>
- Refactor the WebSocket implementation to remove Java 8 specific code now
- that the minimum Java version has been increased to 11. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>65404</bug>: Correct a regression in the fix for <bug>63362</bug>
- that caused the server status page in the Manager web application to be
- truncated if HTTP upgrade was used such as when starting a WebSocket
- connection. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Improvements to Chinese translations contributed by ZhangJieWen and
- chengzheyan. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed by tak7iji. (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <fix>
- Use of GraalVM native images no longer automatically disables JMX
- support. JMX support may still be disabled by calling
- <code>org.apache.tomcat.util.modeler.Registry.disableRegistry()</code>.
- (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M2 (markt)" rtext="2021-07-02">
- <subsection name="Catalina">
- <changelog>
- <scode>
- Refactor the <code>RemoteIpValve</code> to use the common utility method
- for list to comma separated string conversion. (markt)
- </scode>
- <scode>
- Refactor <code>JNDIRealm$JNDIConnection</code> so its fields are
- accessible to sub-classes of <code>JNDIRealm</code>. (markt)
- </scode>
- <fix>
- Fix serialization warnings in <code>UserDatabasePrincipal</code>
- reported by SpotBugs. (markt)
- </fix>
- <fix>
- <bug>65397</bug>: Calls to
- <code>ServletContext.getResourcePaths()</code> no longer include
- symbolic links in the results unless <code>allowLinking</code> has been
- set to <code>true</code>. If a resource is skipped because of this
- change, a warning will be logged as this typically indicates a
- configuration issue. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>65368</bug>: Improve handling of clean closes of inbound TLS
- connections. Treat them the same way as clean closes of non-TLS
- connections rather than as unknown errors. (markt)
- </fix>
- <fix>
- Modify the HTTP/2 connector not to sent small updates for stream flow
- control windows to the user agent as, depending on how the user agent is
- written, this may trigger small writes from the user agent that in turn
- trigger the overhead protection. Small updates for stream flow control
- windows are now combined with subsequent flow control window updates for
- that stream to ensure that all stream flow control window updates sent
- from Tomcat are larger than <code>overheadWindowUpdateThreshold</code>.
- (markt)
- </fix>
- <add>
- Add additional debug logging to track the current state of the HTTP/2
- overhead count that Tomcat uses to detect and close potentially
- malicious connections. (markt)
- </add>
- <update>
- Many HTTP/2 requests from browsers will trigger one overhead frame and
- one non-overhead frame. Change the overhead calculation so that a
- non-overhead frame reduces the current overhead count by 2 rather than
- 1. This means that, over time, the overhead count for a well-behaved
- connection will trend downwards. (markt)
- </update>
- <update>
- Change the initial HTTP/2 overhead count from <code>-10</code> to
- <code>-10 * overheadCountFactor</code>. This means that, regardless of
- the value chosen for <code>overheadCountFactor</code>, when a connection
- opens 10 overhead frames in a row will be required to trigger the
- overhead protection. (markt)
- </update>
- <update>
- Increase the default <code>overheadCountFactor</code> from
- <code>1</code> to <code>10</code> and change the reduction in overhead
- count for a non-overhead frame from <code>-2</code> to <code>-20</code>.
- This allows for a larger range (0-20) to be used for
- <code>overheadCountFactor</code> providing for finer-grained control.
- (markt)
- </update>
- <fix>
- Modify the parsing of HTTP header values that use the
- <code>1#token</code> to ignore empty elements as per RFC 7230 section 7
- instead of treating the presence of empty elements as an error. (markt)
- </fix>
- <fix>
- Expand the unit tests for <code>HttpServlet.doHead()</code> and correct
- the flushing of the response buffer. The buffer used to behave as if it
- was one byte smaller than the configured size. The buffer was flushed
- (and the response committed if required) when the buffer was full. The
- buffer is now flushed (and the response committed if required) if the
- buffer is full and there is more data to write. (markt)
- </fix>
- <fix>
- Fix an issue where concurrent HTTP/2 writes (or concurrent reads) to the
- same connection could hang and eventually timeout when async IO was
- enabled (it is enabled by default). (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>65387</bug>: Correct a regression in the fix for <bug>65124</bug>
- and restore the local definition of <code>out</code> for tags that
- implement <code>TryCatchFinally</code>. (markt)
- </fix>
- <fix>
- <bug>65390</bug>: Correct a regression in the fix for <bug>65124</bug>
- and restore code that was removed in error leading to JSP compilation
- failures in some circumstances. (markt)
- </fix>
- <update>
- Update to the Eclipse JDT compiler 4.20. (markt)
- </update>
- <add>
- Add support for specifying Java 17 (with the value <code>17</code>) as
- the compiler source and/or compiler target for JSP compilation. If used
- with an Eclipse JDT compiler version that does not support these values,
- a warning will be logged and the latest supported version will used.
- (markt)
- </add>
- <fix>
- <bug>65377</bug>: Update the Java code generation for JSPs not to use
- the boxed primitive constructors as they have been deprecated in Java 9
- and marked for future removal in Java 16. <code>valueOf()</code> is now
- used instead. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <scode>
- Refactor the <code>DigestAuthenticator</code> to reuse a shared
- <code>SecureRandom</code> instance rather than create a new one to
- generate the <code>cnonce</code> if required. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>65385</bug>: Correct the link in the documentation web application
- the Maven Central repository. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Use JSign to integrate the build script with the code signing service to
- enable release builds to be created on Linux as well as Windows. (markt)
- </add>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.23. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.4.4. (remm)
- </update>
- <fix>
- <bug>65369</bug> / <pr>422</pr>: Add the additional
- <code>--add-opens=...</code> options required for running Tomcat on Java
- 16 onwards to the <code>service.bat</code> script to align it with the
- other start-up scripts. PR provided by MCMicS. (markt)
- </fix>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <update>
- Update JUnit to version 4.13.2. (markt)
- </update>
- <update>
- Update EasyMock to 4.3. (markt)
- </update>
- <update>
- Update Objenesis to 3.2. (markt)
- </update>
- <update>
- Update UnboundID to 6.0.0. (markt)
- </update>
- <update>
- Update CheckStyle to 8.43. (markt)
- </update>
- <update>
- Update SpotBugs to 4.2.3. (markt)
- </update>
- <update>
- Update OSGi annotations to 1.1.0. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M1 (markt)" rtext="2021-06-15">
+<section name="Tomcat 11.0.0-M1 (markt)" rtext="in development">
<subsection name="General">
<changelog>
<scode>
This release contains all of the changes up to and including those in
Apache Tomcat 10.0.6 plus the additional changes listed below. (markt)
</scode>
- <scode>
- Remove code previously marked for removal in Tomcat 10.1.x. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Catalina">
- <changelog>
- <scode>
- Incremented the supported Jakarta Servlet version to 5.1 to align with
- the current development branch of the Jakarta Servlet specification.
- (markt)
- </scode>
- <fix>
- <bug>65301</bug>: <code>RemoteIpValve</code> will now avoid getting
- the local host name when it is not needed. (remm)
- </fix>
- <fix>
- <bug>65308</bug>: NPE in JNDIRealm when no <code>userRoleAttribute</code>
- is given. (fschumacher)
- </fix>
- <add>
- <pr>412</pr>: Add commented out, sample users for the Tomcat Manager app
- to the default <code>tomcat-users.xml</code> file. Based on a PR by
- Arnaud Dagnelies. (markt)
- </add>
- <add>
- <pr>418</pr>: Add a new option, <code>pass-through</code>, to the
- default servlet's <code>useBomIfPresent</code> initialization parameter
- that causes the default servlet to leave any BOM in place when
- processing a static file and not to use the BOM to determine the
- encoding of the file. Based on a pull request by Jean-Louis Monteiro.
- (markt)
- </add>
- <fix>
- <pr>419</pr>: When processing POST requests of type
- <code>multipart/form-data</code> for parts without a filename that are
- added to the parameter map in String form, check the size of the part
- before attempting conversion to String. Pull request provided by
- tianshuang. (markt)
- </fix>
- <add>
- Implement the new <code>Cookie</code> methods
- <code>setAttribute()</code>, <code>getAttribute()</code> and
- <code>getAttributes()</code> introduced in Servlet 6.0. (markt)
- </add>
- <fix>
- AprLifecycleListener does not show dev version suffix for libtcnative
- and libapr. (michaelo)
- </fix>
- <update>
- Refactor principal handling in <code>UserDatabaseRealm</code> using
- an inner class that extends <code>GenericPrincipal</code>. (remm)
- </update>
- <fix>
- Enable the default <code>doHead()</code> implementation in
- <code>HttpServlet</code> to correctly handle responses where the content
- length needs to be represented as a long since it is larger than the
- maximum value that can be represented by an int. (markt)
- </fix>
- <fix>
- Avoid synchronization on roles verification for the memory
- <code>UserDatabase</code>. (remm)
- </fix>
- <fix>
- Fix the default <code>doHead()</code> implementation in
- <code>HttpServlet</code> to correctly handle responses where the Servlet
- calls <code>ServletResponse.reset()</code> and/or
- <code>ServletResponse.resetBuffer()</code>. (markt)
- </fix>
- <fix>
- Fix the default <code>doHead()</code> implementation in
- <code>HttpServlet</code> to correctly handle responses generated using
- the Servlet non-blocking API. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>65303</bug>: Fix a possible <code>NullPointerException</code> if
- an error occurs on an HTTP/1.1 connection being upgraded to HTTP/2 or on
- a pushed HTTP/2 stream. (markt)
- </fix>
- <update>
- Simplify AprEndpoint socket bind for all platforms. (michaelo)
- </update>
- <fix>
- <bug>65340</bug>: Add missing check for a negative return value for
- <code>Hpack.decodeInteger</code> in the <code>HpackDecoder</code>,
- which could cause a <code>NegativeArraySizeException</code> exception.
- Submitted by Thomas, and verified the fix is present in the donated
- hpack code in a further update. (remm)
- </fix>
- <add>
- Add debug logging for HTTP/2 HPACK header decoding. (markt)
- </add>
- <fix>
- Correct parsing of HTTP headers consisting of a list of tokens so that a
- header with an empty token is treated consistently regardless of whether
- the empty token is at the start, middle or end of the list of tokens.
- (markt)
- </fix>
- <fix>
- Remove support for the <code>identity</code> transfer encoding. The
- inclusion of this encoding in RFC 2616 was an error that was corrected
- in 2001. Requests using this transfer encoding will now receive a 501
- response. (markt)
- </fix>
- <fix>
- Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1
- clients. (markt)
- </fix>
- <fix>
- Ensure that if the transfer encoding header contains the
- <code>chunked</code>, that the <code>chunked</code> encoding is the
- final encoding listed. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <scode>
- Incremented the supported Jakarta Expression Language version to 5.0 to
- align with the current development branch of the Jakarta Expression
- Language specification. (markt)
- </scode>
- <scode>
- Review code used to generate Java source from JSPs and tags and remove
- code found to be unnecessary. (markt)
- </scode>
- <scode>
- Refactor use of internal <code>ChildInfo</code> class to use compile
- time type checking rather than run time type checking. (markt)
- </scode>
- <fix>
- <bug>65124</bug>: Partial fix. When generating Java source code to call
- a tag handler, only define the local variable <code>JspWriter out</code>
- when it is going to be used. (markt)
- </fix>
- <scode>
- Add generics to the EL 5.0 API to align with the current EL 5.0
- development branch. (markt)
- </scode>
- <update>
- Update the <code>web-fragment.xml</code> included in
- <code>jasper.jar</code> and <code>jasper-el.jar</code> to use the
- Servlet 5.0 schema. (markt)
- </update>
- <fix>
- Update JspC to generate <code>web.xml</code> and
- <code>web-fragment.xml</code> files using Servlet 5.0 schemas. (markt)
- </fix>
- <scode>
- Remove the deprecated method
- <code>MethodExpression.isParmetersProvided()</code> from the EL API to
- align with the current EL 5.0 development branch. (markt)
- </scode>
- <fix>
- <bug>65358</bug>: Improve expression language method matching for
- methods with varargs. Where multiple methods may match the provided
- parameters, the method that requires the fewest varargs is preferred.
- (markt)
- </fix>
- <add>
- <bug>65332</bug>: Add a commented out section in
- <code>catalina.policy</code> that provides the necessary permissions to
- compile JSPs with javac when running on Java 9 onwards with a security
- manager. It is commented out as it will cause errors if used with
- earlier Java versions. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- <bug>65317</bug>: When using <code>permessage-deflate</code>, the
- WebSocket connection was incorrectly closed if the uncompressed payload
- size was an exact multiple of 8192. Based on a patch provided by Saksham
- Verma. (markt)
- </fix>
- <update>
- Update the <code>web-fragment.xml</code> included in
- <code>tomcat-websocket.jar</code> to use the Servlet 5.0 schema. (markt)
- </update>
- <fix>
- <bug>65342</bug>: Correct a regression introduced with the fix for
- <bug>65262</bug> that meant Tomcat's WebSocket implementation would only
- work with Tomcat's implementation of the Jakarta WebSocket API. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Improve the description of the <code>maxConnections</code> and
- <code>acceptCount</code> attributes in the Connector section of the
- documentation web application. (markt)
- </fix>
</changelog>
</subsection>
<subsection name="Other">
<changelog>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <fix>
- <bug>65362</bug>: Correct a regression in the previous release. The
- change to create OSGi <code>Require-Capability</code> sections in
- manifests for Jakarta API JARs manually rather than with bnd annotations
- did not add the necessary manual entries to the embedded JARs. (markt)
- </fix>
<update>
- Update the packaged version of the Tomcat Native Library to 1.2.30. Also
- update the minimum recommended version to 1.2.30. (markt)
+ Update to Commons Daemon 1.3.2. (markt)
</update>
</changelog>
</subsection>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 8b6ace9a42..61413829cb 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1162,7 +1162,7 @@
<p>In addition to the standard TLS related request attributes defined in
section 3.10 of the Servlet specification, Tomcat supports a number of
additional TLS related attributes. The full list may be found in the <a
- href="http://tomcat.apache.org/tomcat-10.1-doc/api/index.html">SSLSupport
+ href="http://tomcat.apache.org/tomcat-11.0-doc/api/index.html">SSLSupport
Javadoc</a>.</p>
<p>For more information, see the
diff --git a/webapps/docs/tomcat-docs.xsl b/webapps/docs/tomcat-docs.xsl
index 557788b7d6..0af22d75b4 100644
--- a/webapps/docs/tomcat-docs.xsl
+++ b/webapps/docs/tomcat-docs.xsl
@@ -36,9 +36,9 @@
<xsl:param name="subdir" select="''"/>
<xsl:param name="relative-path" select="'.'"/>
<!-- Keep versions in sync with build.xml -->
- <xsl:param name="version" select="'10.1.x'"/>
- <xsl:param name="majorversion" select="'10'"/>
- <xsl:param name="majorminorversion" select="'10.1'"/>
+ <xsl:param name="version" select="'11.0.x'"/>
+ <xsl:param name="majorversion" select="'11'"/>
+ <xsl:param name="majorminorversion" select="'11.0'"/>
<xsl:param name="minjavaversion" select="'11'"/>
<xsl:param name="buildjavaversion" select="'11'"/>
<xsl:param name="antversionrequired" select="'1.10.2'"/>
@@ -48,7 +48,7 @@
<xsl:param name="buglink" select="'https://bz.apache.org/bugzilla/show_bug.cgi?id='"/>
<xsl:param name="prlink" select="'https://github.com/apache/tomcat/pull/'"/>
<xsl:param name="revlink" select="'https://svn.apache.org/viewvc?view=rev&rev='"/>
- <xsl:param name="doclink" select="'https://tomcat.apache.org/tomcat-10.1-doc'"/>
+ <xsl:param name="doclink" select="'https://tomcat.apache.org/tomcat-11.0-doc'"/>
<xsl:param name="sylink" select="'https://tomcat.apache.org/security-10.html'"/>
<xsl:param name="dllink" select="'https://tomcat.apache.org/download-10.cgi'"/>
<xsl:param name="sitedir" select="''"/>
diff --git a/webapps/docs/web-socket-howto.xml b/webapps/docs/web-socket-howto.xml
index 20cf2caf38..49d155bd25 100644
--- a/webapps/docs/web-socket-howto.xml
+++ b/webapps/docs/web-socket-howto.xml
@@ -103,37 +103,6 @@
timeout as a <code>String</code> in milliseconds. The default is 5000 (5
seconds).</p>
-<p>When using the WebSocket client to connect to secure server endpoints, the
- client SSL configuration should be configured via
- <code>jakarta.websocket.ClientEndpointConfig.getSSLContext()</code>. Tomcat
- 10.1.x still supports the pre-WebSocket 2.1 configuration method where TLS
- configuration was via the <code>userProperties</code> of the provided
- <code>jakarta.websocket.ClientEndpointConfig</code>. However, this approach
- is deprecated and will be removed in Tomcat 11. The following user properties
- are supported:</p>
- <ul>
- <li><code>org.apache.tomcat.websocket.SSL_CONTEXT</code></li>
- <li><code>org.apache.tomcat.websocket.SSL_PROTOCOLS</code></li>
- <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code></li>
- <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code></li>
- </ul>
- <p>The default truststore password is <code>changeit</code>.</p>
-
-<p>If the <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> property is
- set then the <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code> and
- <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code> properties
- will be ignored.</p>
-
-<p>For secure server end points, host name verification is enabled by default.
- To bypass this verification (not recommended), it is necessary to provide a
- custom <code>SSLContext</code> via the
- <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> user property. The
- custom <code>SSLContext</code> must be configured with a custom
- <code>TrustManager</code> that extends
- <code>javax.net.ssl.X509ExtendedTrustManager</code>. The desired verification
- (or lack of verification) can then be controlled by appropriate
- implementations of the individual abstract methods.</p>
-
<p>When using the WebSocket client to connect to server endpoints, the number of
HTTP redirects that the client will follow is controlled by the
<code>userProperties</code> of the provided
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org