[ANNOUNCE] Tomcat 4.0 Beta 2

["Craig R. McClanahan" <Cr...@eng.sun.com>]

I'm pleased to announce the availability of the Beta 2 release of the
next generation of the Tomcat servlet container, at:

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0-b2/

Tomcat 4.0 beta 2 has many new features, including:

* Tomcat 4.0 can now run web applications out of an unpacked
  directory or directly from a WAR file.

* Web applications are now run under the control of a Java
  SecurityManager that can support fine-grained control over each    
web-app's access to system resources.

* You can now specify a <DefaultContext> element in the server
  configuration file (server.xml) that defines default configuration  
information for contexts that are automatically configured.

* An example Filter implementation that supports on-the-fly GZIP
  compression for clients that support it.

* A servlet that implements all of the NCSA documented
  functionality for server side includes (*.shtml) except for   the
"exec" capability.

* Standard resource factories for JavaMail related resources
  accessible via a JNDI InitialContext, compatible with J2EE
  Specification requirements.

* Reflects the most up-to-date changes in the Servlet 2.3 and
  JSP 1.2 APIs that have been approved by the JSR-053 expert
  group, and will appear in the next published version of the
  corresponding specifications.

In addition, the following major bug fixes are included:

* Fixes for two reported security vulnerabilities (a "cross site
  scripting vulnerability" plus a "URL decoding vulnerability")

* The JSP servlet (Jasper) that compiles and executes JSP pages
  now uses its own classloader its associated XML parser, which
  avoids potential conflicts with parsers included with a web
  application.

* Bug fix updates for directory listings, the WebDAV support,
  binding to a single IP address (if requested), incorrectly
  named access log files, URL decoding improvements, form-based
  authentication, HTTP/1.1 chunking, isUserInRole(), JSP page
  parsing problems, and many other patches.

See the Tomcat 4.0 Beta 2 Release Notes (RELEASE-NOTES-4.0-B2.txt)
that are included in the top-level directory of the release for more
detailed information.

Craig McClanahan

RE: [ANNOUNCE] Tomcat 4.0 Beta 2

[Kevin Jones <ke...@develop.com>]

Bonza job guys,

thank you :-)

Kevin Jones
DevelopMentor
www.develop.com

> -----Original Message-----
> From: Craig R. McClanahan [mailto:Craig.McClanahan@eng.sun.com]
> Sent: 31 March 2001 08:27
> To: announcements@jakarta.apache.org
> Cc: general@jakarta.apache.org; tomcat-dev@jakarta.apache.org;
> tomcat-user@jakarta.apache.org
> Subject: [ANNOUNCE] Tomcat 4.0 Beta 2
> 
> 
> I'm pleased to announce the availability of the Beta 2 release of the
> next generation of the Tomcat servlet container, at:
> 
> http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0-b2/
> 
> Tomcat 4.0 beta 2 has many new features, including:
> 
> * Tomcat 4.0 can now run web applications out of an unpacked
>   directory or directly from a WAR file.
> 
> * Web applications are now run under the control of a Java
>   SecurityManager that can support fine-grained control over each    
> web-app's access to system resources.
> 
> * You can now specify a <DefaultContext> element in the server
>   configuration file (server.xml) that defines default configuration  
> information for contexts that are automatically configured.
> 
> * An example Filter implementation that supports on-the-fly GZIP
>   compression for clients that support it.
> 
> * A servlet that implements all of the NCSA documented
>   functionality for server side includes (*.shtml) except for   the
> "exec" capability.
> 
> * Standard resource factories for JavaMail related resources
>   accessible via a JNDI InitialContext, compatible with J2EE
>   Specification requirements.
> 
> * Reflects the most up-to-date changes in the Servlet 2.3 and
>   JSP 1.2 APIs that have been approved by the JSR-053 expert
>   group, and will appear in the next published version of the
>   corresponding specifications.
> 
> In addition, the following major bug fixes are included:
> 
> * Fixes for two reported security vulnerabilities (a "cross site
>   scripting vulnerability" plus a "URL decoding vulnerability")
> 
> * The JSP servlet (Jasper) that compiles and executes JSP pages
>   now uses its own classloader its associated XML parser, which
>   avoids potential conflicts with parsers included with a web
>   application.
> 
> * Bug fix updates for directory listings, the WebDAV support,
>   binding to a single IP address (if requested), incorrectly
>   named access log files, URL decoding improvements, form-based
>   authentication, HTTP/1.1 chunking, isUserInRole(), JSP page
>   parsing problems, and many other patches.
> 
> See the Tomcat 4.0 Beta 2 Release Notes (RELEASE-NOTES-4.0-B2.txt)
> that are included in the top-level directory of the release for more
> detailed information.
> 
> Craig McClanahan

Re: [ANNOUNCE] Tomcat 4.0 Beta 2

["Craig R. McClanahan" <cr...@apache.org>]

On Sat, 31 Mar 2001, Kief Morris wrote:

> Craig R. McClanahan typed the following on 11:26 PM 3/30/2001 -0800
> >I'm pleased to announce the availability of the Beta 2 release of the
> >next generation of the Tomcat servlet container, 
> 
> Rockin'! So can we consider the code unfrozen, or do we want to wait
> until the sealing problems are fixed and cut another release before making 
> major changes?
> 

Go for it :-)

IMHO, the current workaround to the sealing violation problem, plus the
fact that you can now use Xerces 1.3.1 as your XML parser for Jasper,
means we don't have to wait any longer to do the next round of feature
additions.

What I'd ask, though, is that we discuss any refactoring of the core
interfaces (org.apache.catalina.Xxx) on TOMCAT-DEV first.  These changes
will affect people who embed Tomcat 4.0 in other environments, so we want
to consider minimizing the disrputions this can cause.

> Kief
> 
Craig


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org

Re: [ANNOUNCE] Tomcat 4.0 Beta 2

["Craig R. McClanahan" <cr...@apache.org>]

On Sat, 31 Mar 2001, Willie Wheeler wrote:

> On Sat, 31 Mar 2001, Kief Morris wrote:
> 
> > Craig R. McClanahan typed the following on 11:26 PM 3/30/2001 -0800
> > >I'm pleased to announce the availability of the Beta 2 release of the
> > >next generation of the Tomcat servlet container, 
> > 
> > Rockin'! So can we consider the code unfrozen, or do we want to wait
> > until the sealing problems are fixed and cut another release before making 
> > major changes?
> 
> I thought that the JSP classloader fix *is* the sealing problem fix, no?  
> Sealing violations related to Tomcat's XML parser prevented the use of,
> say, JDOM as a parser for webapps, and prevented Cocoon from running in
> Tomcat 4.0.  This was all from months ago so I forget exactly what the
> issues were.  But Craig, if I understood your announcement correctly,
> this is what's now fixed...
> 

There are changes to the way Jasper loads its XML parser that apparently
solved all of the sealing violation issues under JDK 1.2, but did not fix
them all under 1.3.  However, Tomcat 4.0 beta 2 includes a workaround to
this problem by virtue of the fact that it includes unsealed versions of
the jaxp.jar and crimson.jar files (pending discussions with the Crimson
group on unsealing their next release).

In addition, it was recently verified that Xerces 1.3.1 includes the
JAXP/1.1 functionality that Jasper requires, so you can now use Xerces
instead of Crimson if you wish.

See the release notes (RELEASE-NOTES-4.0-B2.txt in the top level
directory) for more details.

> 	Willie
> 
> 

Craig 

> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org

Re: [ANNOUNCE] Tomcat 4.0 Beta 2

[Willie Wheeler <ww...@andrew.cmu.edu>]

On Sat, 31 Mar 2001, Kief Morris wrote:

> Craig R. McClanahan typed the following on 11:26 PM 3/30/2001 -0800
> >I'm pleased to announce the availability of the Beta 2 release of the
> >next generation of the Tomcat servlet container, 
> 
> Rockin'! So can we consider the code unfrozen, or do we want to wait
> until the sealing problems are fixed and cut another release before making 
> major changes?

I thought that the JSP classloader fix *is* the sealing problem fix, no?  
Sealing violations related to Tomcat's XML parser prevented the use of,
say, JDOM as a parser for webapps, and prevented Cocoon from running in
Tomcat 4.0.  This was all from months ago so I forget exactly what the
issues were.  But Craig, if I understood your announcement correctly,
this is what's now fixed...

	Willie




---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org

Re: [ANNOUNCE] Tomcat 4.0 Beta 2

[Kief Morris <ki...@bitbull.com>]

Craig R. McClanahan typed the following on 11:26 PM 3/30/2001 -0800
>I'm pleased to announce the availability of the Beta 2 release of the
>next generation of the Tomcat servlet container, 

Rockin'! So can we consider the code unfrozen, or do we want to wait
until the sealing problems are fixed and cut another release before making 
major changes?

Kief


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org