You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/10/11 19:00:15 UTC
[tomcat] branch main updated (61c05a1275 -> b4f8441f4b)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from 61c05a1275 Add release date for 10.1.1
new f04018e7ce First pass at 10.1 to 11.0 updates
new b4f8441f4b Remove trailing spaces
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
README.md | 2 +-
TOMCAT-NEXT.txt | 6 +-
build.properties.default | 8 +-
build.xml | 4 +-
java/org/apache/catalina/ant/jmx/package.html | 4 +-
java/org/apache/catalina/ant/package.html | 4 +-
java/org/apache/catalina/util/ServerInfo.java | 4 +-
java/org/apache/tomcat/util/compat/JreCompat.java | 2 +-
modules/jdbc-pool/pom.xml | 4 +-
modules/openssl-foreign/pom.xml | 2 +-
modules/owb/pom.xml | 2 +-
res/ide-support/eclipse/eclipse.project | 2 +-
res/ide-support/eclipse/start-tomcat.launch | 6 +-
res/ide-support/eclipse/stop-tomcat.launch | 6 +-
res/maven/mvn-pub.xml | 2 +-
res/maven/mvn.properties.default | 2 +-
res/rat/rat-excludes.txt | 2 +-
webapps/docs/changelog.xml | 2498 +--------------------
webapps/docs/config/http.xml | 2 +-
webapps/docs/tomcat-docs.xsl | 8 +-
webapps/docs/web-socket-howto.xml | 31 -
21 files changed, 38 insertions(+), 2563 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/02: First pass at 10.1 to 11.0 updates
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f04018e7ce8b3865bcebe68d5c8489a4fea81acb
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Oct 11 19:55:09 2022 +0100
First pass at 10.1 to 11.0 updates
---
README.md | 2 +-
build.properties.default | 8 +-
build.xml | 4 +-
java/org/apache/catalina/ant/jmx/package.html | 4 +-
java/org/apache/catalina/ant/package.html | 4 +-
java/org/apache/catalina/util/ServerInfo.java | 4 +-
java/org/apache/tomcat/util/compat/JreCompat.java | 2 +-
modules/jdbc-pool/pom.xml | 4 +-
modules/openssl-foreign/pom.xml | 2 +-
modules/owb/pom.xml | 2 +-
res/ide-support/eclipse/eclipse.project | 2 +-
res/ide-support/eclipse/start-tomcat.launch | 6 +-
res/ide-support/eclipse/stop-tomcat.launch | 6 +-
res/maven/mvn-pub.xml | 2 +-
res/maven/mvn.properties.default | 2 +-
res/rat/rat-excludes.txt | 2 +-
webapps/docs/changelog.xml | 2498 +--------------------
webapps/docs/config/http.xml | 2 +-
webapps/docs/tomcat-docs.xsl | 8 +-
webapps/docs/web-socket-howto.xml | 31 -
20 files changed, 35 insertions(+), 2560 deletions(-)
diff --git a/README.md b/README.md
index 839a36719c..e1abc71e7b 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@ The documentation available as of the date of this release is
included in the docs webapp which ships with tomcat. You can access that webapp
by starting tomcat and visiting <http://localhost:8080/docs/> in your browser.
The most up-to-date documentation for each version can be found at:
-- [Tomcat 10.1](https://tomcat.apache.org/tomcat-10.1-doc/)
+- [Tomcat 11.0](https://tomcat.apache.org/tomcat-11.0-doc/)
- [Tomcat 10.0](https://tomcat.apache.org/tomcat-10.0-doc/)
- [Tomcat 9](https://tomcat.apache.org/tomcat-9.0-doc/)
- [Tomcat 8](https://tomcat.apache.org/tomcat-8.5-doc/)
diff --git a/build.properties.default b/build.properties.default
index 4b6859cf61..82fb31bc3e 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -29,11 +29,11 @@
# -----------------------------------------------------------------------------
# ----- Version Control Flags -----
-version.major=10
-version.minor=1
-version.build=2
+version.major=11
+version.minor=0
+version.build=0
version.patch=0
-version.suffix=
+version.suffix=-M1
version.dev=-dev
# ----- Build tools -----
diff --git a/build.xml b/build.xml
index b76fbcd3bf..e49889674e 100644
--- a/build.xml
+++ b/build.xml
@@ -15,7 +15,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<project name="Tomcat 10.1" default="deploy" basedir="."
+<project name="Tomcat 11.0" default="deploy" basedir="."
xmlns:if="ant:if"
xmlns:unless="ant:unless"
xmlns:jacoco="antlib:org.jacoco.ant"
@@ -2068,7 +2068,7 @@
<executiondata>
<file file="${coverage.datafile}"/>
</executiondata>
- <structure name="Tomcat 10.1.x Code Coverage">
+ <structure name="Tomcat 11.0.x Code Coverage">
<classfiles>
<fileset dir="${tomcat.classes}"/>
</classfiles>
diff --git a/java/org/apache/catalina/ant/jmx/package.html b/java/org/apache/catalina/ant/jmx/package.html
index e05ece3a3b..f7867a2759 100644
--- a/java/org/apache/catalina/ant/jmx/package.html
+++ b/java/org/apache/catalina/ant/jmx/package.html
@@ -20,8 +20,8 @@
<em>Ant (version 1.6 or later)</em> that can be used to interact with the
Remote JMX JSR 160 RMI Adaptor to get/set attributes, invoke MBean operations
and query for Mbeans inside a running instance of Tomcat. For more information, see
-<a href="https://tomcat.apache.org/tomcat-10.1-doc/monitoring.html">
-https://tomcat.apache.org/tomcat-10.1-doc/monitoring.html</a>.</p>
+<a href="https://tomcat.apache.org/tomcat-11.0-doc/monitoring.html">
+https://tomcat.apache.org/tomcat-11.0-doc/monitoring.html</a>.</p>
<p>Each task element can open a new jmx connection or reference an
existing one. The following attribute are exists in every tasks:</p>
diff --git a/java/org/apache/catalina/ant/package.html b/java/org/apache/catalina/ant/package.html
index 830afc801e..e4067ad25a 100644
--- a/java/org/apache/catalina/ant/package.html
+++ b/java/org/apache/catalina/ant/package.html
@@ -20,8 +20,8 @@
<em>Ant (version 1.6.x or later)</em> that can be used to interact with the
Manager application to deploy, undeploy, list, reload, start and stop web applications
from a running instance of Tomcat. For more information, see
-<a href="https://tomcat.apache.org/tomcat-10.1-doc/manager-howto.html">
-https://tomcat.apache.org/tomcat-10.1-doc/manager-howto.html</a>.</p>
+<a href="https://tomcat.apache.org/tomcat-11.0-doc/manager-howto.html">
+https://tomcat.apache.org/tomcat-11.0-doc/manager-howto.html</a>.</p>
<p>The attributes of each task element correspond
exactly to the request parameters that are included with an HTTP request
diff --git a/java/org/apache/catalina/util/ServerInfo.java b/java/org/apache/catalina/util/ServerInfo.java
index 4f45b29663..7f8f1748ce 100644
--- a/java/org/apache/catalina/util/ServerInfo.java
+++ b/java/org/apache/catalina/util/ServerInfo.java
@@ -67,13 +67,13 @@ public class ServerInfo {
ExceptionUtils.handleThrowable(t);
}
if (info == null || info.equals("Apache Tomcat/@VERSION@")) {
- info = "Apache Tomcat/10.1.x-dev";
+ info = "Apache Tomcat/11.0.x-dev";
}
if (built == null || built.equals("@VERSION_BUILT@")) {
built = "unknown";
}
if (number == null || number.equals("@VERSION_NUMBER@")) {
- number = "10.1.x";
+ number = "11.0.x";
}
serverInfo = info;
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java b/java/org/apache/tomcat/util/compat/JreCompat.java
index 3e90bed588..993096617a 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -48,7 +48,7 @@ public class JreCompat {
}
graalAvailable = result || System.getProperty("org.graalvm.nativeimage.imagecode") != null;
- // This is Tomcat 10.1.x with a minimum Java version of Java 11.
+ // This is Tomcat 11.0.x with a minimum Java version of Java 11.
// Look for the highest supported JVM first
if (Jre19Compat.isSupported()) {
instance = new Jre19Compat();
diff --git a/modules/jdbc-pool/pom.xml b/modules/jdbc-pool/pom.xml
index 30895250dc..40e7f286f9 100644
--- a/modules/jdbc-pool/pom.xml
+++ b/modules/jdbc-pool/pom.xml
@@ -65,7 +65,7 @@
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-juli</artifactId>
- <version>10.1.0-M8</version>
+ <version>11.0.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>junit</groupId>
@@ -76,7 +76,7 @@
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-dbcp</artifactId>
- <version>10.1.0-M8</version>
+ <version>11.0.0-SNAPSHOT</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/modules/openssl-foreign/pom.xml b/modules/openssl-foreign/pom.xml
index aac7d891c9..8811bcc22c 100644
--- a/modules/openssl-foreign/pom.xml
+++ b/modules/openssl-foreign/pom.xml
@@ -31,7 +31,7 @@
<version>0.1-SNAPSHOT</version>
<properties>
- <tomcat.version>10.1.0</tomcat.version>
+ <tomcat.version>11.0.0-SNAPSHOT</tomcat.version>
<project.build.outputTimestamp>2021-12-02T12:00:00Z</project.build.outputTimestamp>
</properties>
diff --git a/modules/owb/pom.xml b/modules/owb/pom.xml
index 303f9d2982..539ec7f5ff 100644
--- a/modules/owb/pom.xml
+++ b/modules/owb/pom.xml
@@ -36,7 +36,7 @@
<geronimo-atinject.version>1.2</geronimo-atinject.version>
<geronimo-interceptor.version>1.2</geronimo-interceptor.version>
<geronimo-jcdi.version>1.3</geronimo-jcdi.version>
- <tomcat.version>10.1.0</tomcat.version>
+ <tomcat.version>11.0.0-SNAPSHOT</tomcat.version>
</properties>
<dependencies>
diff --git a/res/ide-support/eclipse/eclipse.project b/res/ide-support/eclipse/eclipse.project
index 8139e415ed..10027f6de0 100644
--- a/res/ide-support/eclipse/eclipse.project
+++ b/res/ide-support/eclipse/eclipse.project
@@ -16,7 +16,7 @@
limitations under the License.
-->
<projectDescription>
- <name>tomcat-10.1.x</name>
+ <name>tomcat-11.0.x</name>
<comment></comment>
<projects>
</projects>
diff --git a/res/ide-support/eclipse/start-tomcat.launch b/res/ide-support/eclipse/start-tomcat.launch
index b0f3eb56f3..0dc362f659 100644
--- a/res/ide-support/eclipse/start-tomcat.launch
+++ b/res/ide-support/eclipse/start-tomcat.launch
@@ -17,13 +17,13 @@
-->
<launchConfiguration type="org.eclipse.jdt.launching.localJavaApplication">
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS">
-<listEntry value="/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java"/>
+<listEntry value="/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java"/>
</listAttribute>
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES">
<listEntry value="1"/>
</listAttribute>
<stringAttribute key="org.eclipse.jdt.launching.MAIN_TYPE" value="org.apache.catalina.startup.Bootstrap"/>
<stringAttribute key="org.eclipse.jdt.launching.PROGRAM_ARGUMENTS" value="start"/>
-<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-10.1.x"/>
-<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
+<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-11.0.x"/>
+<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
</launchConfiguration>
diff --git a/res/ide-support/eclipse/stop-tomcat.launch b/res/ide-support/eclipse/stop-tomcat.launch
index 1c7bcd35cb..91db8adf6f 100644
--- a/res/ide-support/eclipse/stop-tomcat.launch
+++ b/res/ide-support/eclipse/stop-tomcat.launch
@@ -17,13 +17,13 @@
-->
<launchConfiguration type="org.eclipse.jdt.launching.localJavaApplication">
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS">
-<listEntry value="/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java"/>
+<listEntry value="/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java"/>
</listAttribute>
<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES">
<listEntry value="1"/>
</listAttribute>
<stringAttribute key="org.eclipse.jdt.launching.MAIN_TYPE" value="org.apache.catalina.startup.Bootstrap"/>
<stringAttribute key="org.eclipse.jdt.launching.PROGRAM_ARGUMENTS" value="stop"/>
-<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-10.1.x"/>
-<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-10.1.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
+<stringAttribute key="org.eclipse.jdt.launching.PROJECT_ATTR" value="tomcat-11.0.x"/>
+<stringAttribute key="org.eclipse.jdt.launching.VM_ARGUMENTS" value="-Dcatalina.home=${project_loc:/tomcat-11.0.x/java/org/apache/catalina/startup/Bootstrap.java}/output/build"/>
</launchConfiguration>
diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml
index 9781949fa5..e24188a968 100644
--- a/res/maven/mvn-pub.xml
+++ b/res/maven/mvn-pub.xml
@@ -15,7 +15,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<project name="Tomcat 10.1 Maven Deployment" default="" basedir="."
+<project name="Tomcat 11.0 Maven Deployment" default="" basedir="."
xmlns:resolver="antlib:org.apache.maven.resolver.ant"
xmlns:if="ant:if"
xmlns:unless="ant:unless">
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 6e72713f8a..de28419e1e 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
maven.asf.release.repo.repositoryId=apache.releases.https
# Release version info
-maven.asf.release.deploy.version=10.1.2
+maven.asf.release.deploy.version=11.0.0-M1
#Where do we load the libraries from
tomcat.lib.path=../../output/build/lib
diff --git a/res/rat/rat-excludes.txt b/res/rat/rat-excludes.txt
index 4b69f950ca..dffcc1bcef 100644
--- a/res/rat/rat-excludes.txt
+++ b/res/rat/rat-excludes.txt
@@ -234,4 +234,4 @@ output/dist/temp/safeToDelete.tmp
output/res/checkstyle/*
-tomcat-10.1.x/**
+tomcat-11.0.x/**
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7f4dc123d8..63de62acd5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,2513 +104,19 @@
They eventually become mixed with the numbered issues (i.e., numbered
issues do not "pop up" wrt. others).
-->
-<section name="Tomcat 10.1.2 (markt)" rtext="in development">
- <subsection name="Other">
- <changelog>
- <update>
- Update to Commons Daemon 1.3.2. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.1 (markt)" rtext="2022-10-11">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Update the <code>RewriteValve</code> to perform pattern matching using
- dotall mode to avoid unexpected behaviour if the URL includes encoded
- line terminators. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>66276</bug>: Fix incorrect class cast when adding
- a descendant of HTTP/2 streams. (lihan)
- </fix>
- <fix>
- <bug>66281</bug>: Fix unexpected timeouts that may appear as client
- disconnections when using HTTP/2 and NIO2. (markt)
- </fix>
- <fix>
- Enforce the requirement of RFC 7230 onwards that a request with a
- malformed <code>content-length</code> header should always be rejected
- with a 400 response. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>66277</bug>: Fix regressions in refactoring from <code>Stack</code>
- <code>ArrayDeque</code>.
- </fix>
- <add>
- Add support for specifying Java 20 (with the value <code>20</code>) as
- the compiler source and/or compiler target for JSP compilation. If used
- with an Eclipse JDT compiler version that does not support these values,
- a warning will be logged and the default will used.
- (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Documentation. Document the <code>nonceRequestParameterName</code>
- attribute for the <code>CsrfPreventionFilter</code>. Based on
- <pr>553</pr> by Mert Ülkgün. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update to the Eclipse JDT compiler 4.23. (markt)
- </update>
- <update>
- Update Objenesis to 3.2. (markt)
- </update>
- <update>
- Update UnboundID to 6.0.6. (markt)
- </update>
- <update>
- Update Checkstyle to 10.3.4. (markt)
- </update>
- <update>
- Update JaCoCo to 0.8.8. (markt)
- </update>
- <update>
- Update SpotBugs to 4.7.2. (markt)
- </update>
- <update>
- Update JSign to 4.2. (markt)
- </update>
- <update>
- Update Derby to 10.16.1.1. (markt)
- </update>
- <add>
- Improvements to Chinese translations. (markt)
- </add>
- <add>
- Improvements to Czech translations. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations. Contributed by tak7iji and
- Shirayuking. (markt)
- </add>
- <add>
- Improvements to Korean translations. (markt)
- </add>
- <add>
- Improvements to Spanish translations. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0 (markt)" rtext="2022-09-26">
- <subsection name="Coyote">
- <changelog>
- <update>
- Update Panama OpenSSL code for the extensive Java 20 changes. (remm)
- </update>
- <fix>
- Fix a regression in refactoring for Hashtables which caused mbeans to
- lose many of their attributes. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <add>
- <bug>66203</bug>: Log an error message when the JSP compiler is unable
- to create the output directory for the generated code. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Further automation to the build process to reduce the number of manual
- steps that release managers must perform. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M20 (markt)" rtext="not released">
- <subsection name="Coyote">
- <changelog>
- <fix>
- Prepare OpenSSL Panama module for Java 20 API changes. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update the Apache Tomcat migration tool for Jakarta EE library to 1.0.4.
- (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M19 (markt)" rtext="not released">
- <subsection name="Coyote">
- <changelog>
- <fix>
- Correct a regression in the previous fix for <bug>66236</bug>. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M18 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Correct handling of HTTP TRACE requests where there are multiple
- instances of an HTTP header with the same name. (markt)
- </fix>
- <fix>
- Implement the requirements of RFC 7231 and do not include sensitive
- headers in responses to HTTP TRACE requests. (markt)
- </fix>
- <fix>
- Implement the clarification in RFC 9110 that the units in HTTP range
- specifiers are case insensitive. (markt)
- </fix>
- <fix>
- Properly-escape role and group information when writing
- MemoryUserDatabase to an XML file. (schultz)
- </fix>
- <fix>
- Move control of XML-export logic from individual support classes into
- MemoryUserDatabase.save(). Deprecate and discontinue use of MemoryUser,
- MemoryRole, and MemoryGroup classes. (schultz)
- </fix>
- <fix>
- <bug>66183</bug>: When logging cookie values in an access log valve and
- there are multiple cookies with the same name, log all cookie values
- rather than just the first. Based on pull request <pr>541</pr> by Han
- Li. (markt)
- </fix>
- <fix>
- <bug>66184</bug>: Ensure that JULI root loggers have a default level of
- <code>INFO</code>. Pull request <pr>533</pr> provided by Piotr P.
- Karwasz. (markt)
- </fix>
- <fix>
- Improve handling of stack overflow errors when parsing SSI expressions.
- (markt)
- </fix>
- <fix>
- <bug>66120</bug>: Enable FORM authentication to work correctly if
- session persistence and restoration occurs during the authentication
- process. (markt)
- </fix>
- <fix>
- <bug>66233</bug>: Include an error message when sending a 400 response
- because a request has too many cookies. (markt)
- </fix>
- <fix>
- When web application deployment fails due to JARs with duplicate
- fragment names, improve the error message by listing the JARs that
- contain the duplicates. Based on pull request <pr>535</pr> by Mads
- Rolsdorph. (markt)
- </fix>
- <fix>
- Replace logging thread for JULI's <code>AsyncFileHandler</code> with an
- executor to protect against failure of the logging thread. Based on pull
- request <pr>545</pr> by Piotr P. Karwasz. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Avoid potential NPE by skipping duplicate accept check when using a Unix
- Domain Socket. Based on <pr>532</pr> by Han Li. (markt)
- </fix>
- <fix>
- Address an edge case in HTTP header parsing that allowed CRCRLF to be
- used as a valid line terminator. (markt)
- </fix>
- <fix>
- Ensure HTTP/2 requests that include connection specific headers are
- rejected. (markt)
- </fix>
- <fix>
- When processing HTTP/2 requests, allow a <code>host</code> header to be
- used in place of an <code>:authority</code> header. (markt)
- </fix>
- <fix>
- When processing HTTP/2 requests, allow a <code>host</code> header and an
- <code>:authority</code> header to be present providing they are
- consistent. (markt)
- </fix>
- <fix>
- When processing HTTP/2 requests, reject requests containing multiple
- <code>host</code> headers. (markt)
- </fix>
- <fix>
- Make parsing of invalid filename directives in
- <code>Content-Disposition</code> headers more robust. Invalid filename
- directives will now be ignored rather than triggering a 500 response.
- (markt)
- </fix>
- <fix>
- <bug>66194</bug>: Log HTTP/2 stream closures (usually caused by client
- errors) via a <code>UserDataHelper</code> to broadly align it with the
- behaviour of HTTP/1.1 for parsing issues and exceeding limits. (markt)
- </fix>
- <fix>
- <bug>66196</bug>: Align HTTP/1.1 with HTTP/2 and throw an exception when
- attempting to commit a response with an header value that includes one
- or more characters with a code point above 255. (markt)
- </fix>
- <fix>
- <bug>66236</bug>: Implement support for the special values zero and
- minus one when configuring <code>maxSavePostSize</code> for a Connector
- when used in conjunction with TLS renegotiation. (markt)
- </fix>
- <fix>
- <bug>66240</bug>: Avoid int overflow when parsing octets by limiting
- the maximum value to 255. Based on a PR <pr>548</pr> by Stefan Mayr.
- (lihan)
- </fix>
- <fix>
- <pr>550</pr>: Correctly handle case where a Servlet responds to a
- request with an expectation with a 2xx response without reading the
- request body. Pull request provided by Malay Shah. (markt)
- </fix>
- <fix>
- <pr>551</pr>: Avoid potential IndexOutOfBoundsException by fixing
- incorrect check when matching HTTP/2 preface. Submitted by 刘文章.
- (lihan)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- Improve handling of stack overflow errors when parsing EL expressions.
- (markt)
- </fix>
- <fix>
- Correct parsing of integer and floating point literals in EL expressions
- so that larger values are correctly parsed to <code>BigInteger</code>
- and <code>BigDecimal</code> respectively. (markt)
- </fix>
- <fix>
- <bug>66235</bug>: Fix various issues with the bean resolver used for
- Graal. (remm)
- </fix>
- <fix>
- Improve the performance of the <code>ImportHandler</code> in the
- Expression Language implementation. This removes a previous optimisation
- that is now detrimental rather than helpful. Pull request <pr>547</pr>
- provided by rmannibucau. (markt)
- </fix>
- <fix>
- Improve handling of EL error messages so instances of Number are not
- formatted in unexpected ways. (markt/kkolinko)
- </fix>
- <fix>
- Switch to using ELException rather than IllegalArgumentException when a
- type conversion fails during an EL arithmetic operation. This is an EL
- error so ELException seems more appropriate. (markt)
- </fix>
- <fix>
- Fix a bug in <code>MethodExpression</code> handling that triggered an
- error when invoking a static method on an instance of the class rather
- than directly on the class. (markt)
- </fix>
- <fix>
- Use <code>BigInteger.remainder()</code> rather than
- <code>BigInteger.mod()</code> when performing the modulus operation for
- instances of <code>BigInteger</code> as part of an EL expression.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Cluster">
- <changelog>
- <fix>
- To aid future additions of new functionality, rather than throw an
- <code>IllegalArgumentException</code> if a <code>DeltaRequest</code> is
- passed an unrecognised action type, a warning message will now be
- logged. (markt)
- </fix>
- <fix>
- <bug>66120</bug>: Enable FORM authentication to work correctly if
- session failover occurs during the authentication process. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <add>
- <bug>62312</bug>: Add support for authenticating WebSocket clients with
- an HTTP forward proxy when establishing a connection to a WebSocket
- endpoint via a forward proxy that requires authentication. Based on a
- patch provided by Joe Mokos. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Ensure that zip archives use UTC for file modification times to ensure
- repeatable builds across time zones. (markt)
- </fix>
- <add>
- Improvements to Chinese translations. (lihan)
- </add>
- <add>
- Improvements to Czech translations. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to German translations. (markt)
- </add>
- <add>
- Improvements to Japanese translations. Contributed by tak7iji and
- Shirayuking. (markt)
- </add>
- <add>
- Improvements to Korean translations. Contributed by 수현. (markt)
- </add>
- <add>
- Improvements to Brazilian Portuguese translations. (markt)
- </add>
- <add>
- Improvements to Russian translations. (markt)
- </add>
- <add>
- Improvements to Spanish translations. (markt)
- </add>
- <update>
- Update the Apache Tomcat migration tool for Jakarta EE library to 1.0.3.
- (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M17 (markt)" rtext="2022-07-20">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>66104</bug>: Avoid error message by not trying to clean up old
- files from the logging directory before the directory has been created.
- Based on <pr>521</pr> by HanLi. (markt)
- </fix>
- <update>
- Update the Jakarta Common Annotations API to 2.1.1. This deprecates the
- <code>ManagedBean</code> annotation which will be removed in a future
- release. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- Provide dedicated loggers
- (<code>org.apache.tomcat.util.net.NioEndpoint.handshake</code> /
- <code>org.apache.tomcat.util.net.Nio2Endpoint.handshake</code>) for TLS
- handshake failures. (markt)
- </add>
- <add>
- Enable the use of the FIPS provider for TLS enabled Connectors when
- using Tomcat Native 1.2.34 onwards built with OpenSSL 3.0.x onwards.
- (markt)
- </add>
- <scode>
- Remove the <code>jvmRoute</code> system property used to configure a
- default value for the <code>jvmRoute</code> attribute of an Engine.
- (markt)
- </scode>
- <update>
- Update experimental Panama modules with support for OpenSSL 3.0+.
- OpenSSL 1.1 remains supported. (remm)
- </update>
- <fix>
- Correct a regression in the refactoring to support experimentation with
- project Loom that broke HTTP/2 support if async IO was disabled. (markt)
- </fix>
- <fix>
- Fix duplicate Poller registration with HTTP/2, NIO and async IO that
- could cause HTTP/2 connections to unexpectedly fail. (markt)
- </fix>
- <update>
- Refactor Panama module to better take advantage of the Panama preview
- API updates and fixes. Improves memory session usage and avoids some
- allocations. Review from Maurizio Cimadamore. (remm)
- </update>
- <update>
- Update the minimum recommended version of the Tomcat Native Library to
- 2.0.1. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <add>
- Add support for specifying Java 19 (with the value <code>19</code>) as
- the compiler source and/or compiler target for JSP compilation. If used
- with an Eclipse JDT compiler version that does not support these values,
- a warning will be logged and the default will used.
- (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <update>
- Remove configuration settings related to the restriction on WebSocket
- endpoint deployment that was removed in version 2.1 of the
- specification. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Documentation. <bug>62245</bug>: Include <code>contextXsltFile</code>
- when discussing options for configuring directory listings. (markt)
- </fix>
- <fix>
- Examples. Fix CVE-2022-34305, a low severity XSS vulnerability in the
- Form authentication example. (markt)
- </fix>
- <fix>
- Documentation. Expand the description of the <code>useSendfile</code>
- attribute for HTTP/2 and reference the possibility of file locking when
- using this feature on Windows operating systems. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update to bnd 6.3.1. (markt)
- </update>
- <update>
- The minimum Ant version required to build Tomcat 10.1.x is now 1.10.2.
- (markt)
- </update>
- <add>
- Add additional automation to the build process to reduce the number of
- manual steps that release managers must perform. (schultz)
- </add>
- <add>
- Implement support for reproducible builds. Reproducible builds are
- independent of operating system but require the same Ant version and
- same JDK (vendor and version) to be used as associated version
- information is embedded in a number of build outputs such as JAR file
- manifests. (markt)
- </add>
- <update>
- Update the minimum supported version of Tomcat Native to 1.2.34 to allow
- the removal of the deprecated Java API associated with features that
- will be removed in Tomcat Native 2.0.x. (markt)
- </update>
- <fix>
- Remove and/or update references to the removed
- <code>org.apache.tomcat.util.threads.res</code> package. The
- <code>LocalStrings*.properties</code> files in that package were moved
- to <code>org.apache.tomcat.util.threads</code> package for consistency
- with the rest of the Tomcat code base. (markt)
- </fix>
- <fix>
- <bug>66134</bug>: The NSIS based Tomcat installer for Windows now
- correctly handles the combination of <code>TomcatAdminRoles</code>
- defined in a configuration file and selecting the Manager and/or
- Host Manager web applications in the installer's GUI. (markt)
- </fix>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.27. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.5.3. (remm)
- </update>
- <update>
- Update the Apache Tomcat migration tool for Jakarta EE library to 1.0.1.
- (markt)
- </update>
- <update>
- Update the packaged version of the Tomcat Native Library to 2.0.1 to
- pick up the Windows binaries built with with OpenSSL 3.0.5. (markt)
- </update>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed tak7iji. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M16 (markt)" rtext="2022-06-09">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Update the memory leak protection code to support stopping application
- created executor threads when running on Java 19 and later. (markt)
- </fix>
- <fix>
- Improve the error message if a required <code>--add-opens</code> option
- is missing. (markt)
- </fix>
- <fix>
- Disable the memory leak correction code enabled by the Context attribute
- <code>clearReferencesObjectStreamClassCaches</code> when running on a
- JRE that includes a fix for the underlying memory leak. (markt)
- </fix>
- <fix>
- <pr>515</pr>: Avoid deadlock on startup with some utility executor
- configurations. Submitted by Han Li. (remm)
- </fix>
- <fix>
- <bug>66068</bug>: Ensure that the changes made to a request by the
- <code>RemoteIPValve</code> persist after the request is put into
- asynchronous mode. (markt)
- </fix>
- <add>
- Include the major version in the recommended version used for Tomcat
- Native with the <code>AprLifecycleListener</code>. (markt)
- </add>
- <scode>
- Remove the reporting of the unused APR feature flags. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Additional fix for <bug>65118</bug>. Fix a potential
- <code>NullPointerException</code> when pruning closed HTTP/2 streams
- from the connection. (markt)
- </fix>
- <scode>
- Refactor synchronization blocks locking on <code>SocketWrapper</code> to
- use <code>ReentrantLock</code> to support users wishing to experiment
- with project Loom. (markt)
- </scode>
- <fix>
- <bug>66076</bug>: When using TLS with non-blocking writes and the NIO
- connector, ensure that flushing the buffers attempts to empty all of the
- output buffers. (markt)
- </fix>
- <fix>
- <bug>66084</bug>: Correctly calculate bytes written to a response. Pull
- request <pr>516</pr> provided by aooohan HanLi. (markt)
- </fix>
- <add>
- Correct a regression in the support added for encrypted PKCS#1 formatted
- private keys in the previous release that broke support for unencrypted
- PKCS#1 formatted private keys. (jfclere/markt)
- </add>
- <update>
- Remove support for NPN when using the Tomcat Native Connector as NPN was
- never standardised and browser support for NPN was removed several years
- ago. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- Update XML schema used for generated web fragments to use the Servlet
- 6.0 web fragment schema. (markt)
- </fix>
- <fix>
- Update the XML schema used by the web fragment defined for the Jasper EL
- JAR to use the Servlet 6.0 web fragment schema. (markt)
- </fix>
- <fix>
- Update <code>ImportHandler</code> optimisation for new classes
- introduced in Java 19. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web Socket">
- <changelog>
- <fix>
- Update the XML schema used by the web fragment defined for the WebSocket
- JAR to use the Servlet 6.0 web fragment schema. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>66064</bug>: Update the building page in the documentation web
- application to reflect changes in required Java version and source
- repository. (markt)
- </fix>
- <fix>
- Documentation. Make the description of the HTTP/1.1 configuration
- attributes that control the maximum allowed HTTP header size more
- specific. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <fix>
- Increase the default buffer size for replication messages from 43800 to
- 65536 bytes. This is expected to improve performance for large messages
- when running on Linux based systems. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed by Shirayuking and
- tak7iji. (markt)
- </add>
- <add>
- Improvements to Chinese translations contributed by Dingzi2012. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M15 (markt)" rtext="2022-05-16">
- <subsection name="Catalina">
- <changelog>
- <scode>
- <bug>65853</bug>: Refactor the <code>CsrfPreventionFilter</code> to make
- it easier for sub-classes to modify the nonce generation and storage.
- Based on suggestions by Marvin Fröhlich. (markt)
- </scode>
- <fix>
- <bug>65991</bug>: Avoid NPE with <code>SSLAuthenticator</code> when
- <code>boundOnInit</code> is used on a connector, during the check
- for client certificate authentication availability. (remm)
- </fix>
- <fix>
- <bug>66009</bug>: Use <code>getSubjectX500Principal().toString()</code>
- rather than <code>getSubjectX500Principal().getName(...)</code> to
- retrieve a certificate DN, to match the output of the deprecated
- <code>getSubjectDN().getName()</code> that was used previously. (remm)
- </fix>
- <add>
- Revert the change in 10.1.0-M11 that added a mapping of
- <code>Shift_JIS</code> for the <code>ja</code> locale to the default
- mappings used by <code>ServletResponse.setLocale()</code> as it
- caused regressions for applications using UTF-8. (markt)
- </add>
- <add>
- Provide a property source that sources values from Kubernetes service
- bindings. Pull request <pr>512</pr> provided by Sumit Kulhadia and
- Gareth Evans. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- <pr>501</pr>: Add new <code>maxHttpRequestHeaderSize</code> and
- <code>maxHttpResponseHeaderSize</code> attributes which allow setting
- the maximum HTTP header sizes independently. If not specified, the
- value of the <code>maxHttpHeaderSize</code> connector attribute will
- be used. Submitted by Zhongming Hua. (remm)
- </add>
- <fix>
- The root cause of the Linux kernel duplicate accept bug has been
- identified along with the version of the kernel that includes the fix.
- The error message displayed when this bug occurs has been updated to
- reflect this new information and to advise users to update to a version
- of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for
- the research into this issue. (markt)
- </fix>
- <scode>
- Remove the custom UTF-8 decoder that was introduced to work around
- various UTF-8 decoding bugs in Java. These issues were fixed in early
- Java 8 releases. Now the minimum Java version is 11, we can be sure that
- Tomcat will not be running on a JRE where these issues are present.
- (markt)
- </scode>
- <fix>
- <bug>66023</bug>: Improve the fix for <bug>65726</bug> and support HTTP
- upgrade with a request body for a wider set of use cases. (markt)
- </fix>
- <fix>
- <bug>66035</bug>: Add NULL check on the SSL session reference in the
- Panama code before accessing the session id and creation time. (remm)
- </fix>
- <add>
- Add support for encrypted PKCS#1 formatted private keys when configuring
- the internal, in memory key store. Based on <pr>511</pr>.
- (jfclere/markt)
- </add>
- <fix>
- Remove the <code>prestartminSpareThreads</code> attribute of the
- <code>StandardThreadExecutor</code> since all core threads are always
- started by default making this attribute meaningless. Pull request
- <pr>510</pr> provided by Aooohan. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- To align with the JSP 3.1 specification, make the
- <code>jsp:plugin</code> action a NO-OP. No HTML will be generated as a
- result the <code>jsp:plugin</code> action being included in a JSP. This
- is be because the associated HTML elements are no longer supported by
- any major browser. (markt)
- </update>
- <fix>
- <bug>66031</bug>: Fix NPE when using a custom JspFactory. Patch by
- Jean-Louis Monteiro. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Webapps">
- <changelog>
- <fix>
- <bug>66008</bug>: In the documentation web application, clarify the
- recommendation for the use the <code>trimSpaces</code> option for Jasper
- in production environments. (markt)
- </fix>
- <fix>
- Update the documentation web application to state that the
- <code>EncryptInterceptor</code> does not provide sufficient protection
- to run Tomcat clustering over an untrusted network. This is
- CVE-2022-29885. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Improvements to Chinese translations contributed by shawn. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to German translations contributed by Thomas Hoffmann.
- (markt)
- </add>
- <add>
- Improvements to Japanese translations contributed by Shirayuking.
- (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <update>
- Update to Commons Daemon 1.3.1. This fixes a known regression in 1.3.0
- when configuring the Windows service with custom scripts as described in
- <bug>66055</bug>. (markt)
- </update>
- <update>
- Update to JSign 4.1. (markt)
- </update>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.33 to
- pick up Windows binaries built with OpenSSL 1.1.1o.(markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M14 (markt)" rtext="2022-04-01">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <bug>65736</bug>: Disable the <code>forceString</code> option for the
- JNDI <code>BeanFactory</code> and replace it with an automatic search
- for an alternative setter with the same name that accepts a
- <code>String</code>. This is a security hardening measure. (markt)
- </fix>
- <add>
- Remove the <code>WebappClassLoaderBase.getResources()</code> method as
- it is not used and if something accidentally exposes the class loader
- this method can be used to gain access to Tomcat internals. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M13 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <scode>
- Update the JASPIC 2.0 API to Jakarta Authentication 3.0 (JASPIC was
- renamed for Jakarta EE 10) including the implementation of the new
- methods on <code>AuthConfigFactory</code>. (markt)
- </scode>
- <scode>
- Harden the CredentialHandler implementations by switching to a
- constant-time implementation for credential comparisons. (schultz/markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Use a constant for the default TLS cipher suite. This will allow
- skipping setting it in some cases (for example, it does not make
- sense for OpenSSL TLS 1.3). (remm)
- </fix>
- <fix>
- <pr>487</pr>: Improve logging of unknown settings frames. Pull request
- by Thomas Hoffmann. (remm)
- </fix>
- <add>
- <bug>65975</bug>: Add a warning if a TLS virtual host is configured with
- optional certificate authentication and the containing connector is also
- configured to support HTTP/2 as HTTP/2 does not permit optional
- certificate authentication. (markt)
- </add>
- <add>
- <bug>65975</bug>: Add a warning if a TLS virtual host is configured for
- TLS 1.3 with a JSSE implementation and a web application is configured
- for <code>CLIENT-CERT</code> authentication. <code>CLIENT-CERT</code>
- authentication requires post-handshake authentication (PHA) when used
- with TLS 1.3 but the JSSE TLS 1.3 implementation does not support PHA.
- (markt)
- </add>
- <fix>
- Improve the recycling of Processor objects to make it more robust.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>65959</bug>: Serialize Function as String[] rather Class[]. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>65947</bug>: Correct the name of HTTP/1.1 configuration property
- (<code>maxHttpHeaderSize</code>) that is inherited by the HTTP/2 upgrade
- protocol. Thanks to Thomas Hoffmann. (markt)
- </fix>
- <fix>
- <bug>65952</bug>: Align <code>--add-opens</code> configuration for jsvc
- with the current Tomcat scripts. (markt)
- </fix>
- <fix>
- Correct the AJP and HTTP/1.1 Connector configuration pages in the
- documentation web application to show which attributes are applicable to
- all Connectors and which are implementation specific. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Correct a spelling mistake in the German translations. Thanks to Thomas
- Hoffmann. (markt)
- </fix>
- <fix>
- <bug>65951</bug>: Use the <code>tomcat.output</code> property for OSGi
- bundle manifest paths. (isapir)
- </fix>
- <update>
- Update to Commons Daemon 1.3.0. (markt)
- </update>
- <update>
- Update to Checkstyle 10.0. (markt)
- </update>
- <update>
- Update to SpotBugs 4.6.0. (markt)
- </update>
- <add>
- Expand the <code>spotbugs</code> Ant task to also cover test code.
- (markt)
- </add>
- <update>
- Update to bnd 6.2.0. (markt)
- </update>
- <update>
- Remove OSGi annotations dependency as it is no longer required with bnd
- 6.2.0. (markt)
- </update>
- <update>
- Update to the Eclipse JDT compiler 4.23. (markt)
- </update>
- <scode>
- Refactor the resource files for the Apache Tomcat installer for Windows
- so that all the resource files are located in a single directory in the
- source tree. (markt)
- </scode>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.32 to
- pick up Windows binaries built with OpenSSL 1.1.1n.(markt)
- </update>
- <add>
- Improvements to Chinese translations contributed by 15625988003. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed by tak7iji. (markt)
- </add>
- <add>
- Expand coverage of translations for <code>jakarta.el</code> package.
- Based on <pr>488</pr> from Volodymyr Siedlecki. (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M12 (markt)" rtext="2022-03-14">
- <subsection name="Catalina">
- <changelog>
- <fix>
- <pr>477</pr>: Update the default list of JARs to skip to include the
- Apache Log4j JAR for Jakarta EE platforms. Pull request by Michael
- Seele. (markt)
- </fix>
- <fix>
- <bug>65921</bug>: The <code>type</code> substitution flag for the
- rewrite valve should set the content type for the response, not the
- request. (markt)
- </fix>
- <fix>
- <pr>479</pr>: Enable the rewrite valve to redirect requests when the
- original request cannot be mapped to a context. This typically happens
- when no ROOT context is defined. Pull request by elkman. (markt)
- </fix>
- <fix>
- <bug>65940</bug>: Fix <code>NullPointerException</code> if an exception
- occurs during the destruction of a Servlet. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Fix regression introduced with <bug>65757</bug> bugfix which better
- identified non request threads but which introduced a similar problem
- when user code was doing sequential operations in a single thread.
- Test case code submitted by Istvan Szekely. (remm)
- </fix>
- <fix>
- Fix potential thread-safety issue that could cause HTTP/1.1 request
- processing to wait, and potentially timeout, waiting for additional
- data when the full request has been received. (markt)
- </fix>
- <fix>
- Throw <code>IOException</code> rather than
- <code>IllegalStateException</code> when the application attempts to
- write to an HTTP/2 stream after the client has closed the stream.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- When resolving methods in EL expressions that use beans and/or static
- fields, ensure that any custom type conversion is considered when
- identifying the method to call. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Correct the name of the <code>value</code> attribute in the new
- documentation of <code>OpenSSLConfCmd</code> elements. (rjung)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- Fix typo in JPMS substitution configuration for WebSocket client module.
- (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M11 (markt)" rtext="2022-02-28">
- <subsection name="Catalina">
- <changelog>
- <add>
- Add <code>ha-api-*.jar</code> and <code>jaxws-rt-*.jar</code> to the
- list of JARs to skip when scanning for TLDs, web fragments and
- annotations. (michaelo)
- </add>
- <add>
- Expand the default mappings used by
- <code>ServletResponse.setLocale()</code> to include a mapping from the
- <code>ja</code> locale to the <code>Shift_JIS</code> encoding. (markt)
- </add>
- <fix>
- <bug>65806</bug>: Improve the handling of session ID generation when the
- default algorithm for <code>SecureRandom</code> (<code>SHA1PRNG</code>)
- is not supported by the configured providers as will be the case for a
- FIPS compliant configuration. (markt)
- </fix>
- <add>
- <pr>463</pr>: Add support for additional user attributes to
- <code>TomcatPrincipal</code> and <code>GenericPrincipal</code>.
- Patch provided by Carsten Klein. (michaelo)
- </add>
- <fix>
- <pr>464</pr>: Fall back to the class loader used to load JULI when the
- thread context class loader is not set. In a normal Tomcat
- configuration, this will be the system class loader. Based on a pull
- request by jackshirazi. (markt)
- </fix>
- <fix>
- <pr>469</pr>: Include the Jakarata Annotations API in the classes that
- Tomcat will not load from web applications. Pull request provided by
- ppkarwasz. (markt)
- </fix>
- <fix>
- Fix a potential <code>StringIndexOutOfBoundsException</code> exception
- when generating a WebDAV multi-status response after an error during a
- copy or delete. Report the paths relative to the server root for any
- resources with an error. (markt)
- </fix>
- <fix>
- Improve the format of WebDAV XML responses to make them easier for
- humans to read. The change ensures that there is always a line break
- before starting a new element. (markt)
- </fix>
- <fix>
- Improve validation of the <code>Destination</code> header for WebDAV
- <code>MOVE</code> and <code>COPY</code> requests. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Correct a regression in the fix for <bug>65454</bug> that meant that
- <code>minSpareThreads</code> and <code>maxThreads</code> settings were
- ignored when the Connector used an internal executor. (markt)
- </fix>
- <fix>
- <bug>65776</bug>: Improve the detection of the Linux duplicate accept
- bug and reduce (hopefully avoid) instances of false positives. (markt)
- </fix>
- <fix>
- <bug>65848</bug>: Revert the change that attempted to align the
- behaviour of client certificate authentication with NIO or NIO2 with
- OpenSSL for TLS between MacOS and Linux/Windows as the root cause was
- traced to configuration differences. (markt)
- </fix>
- <fix>
- <pr>467</pr>: When system time moves backwards (e.g. after clock
- correction), ensure that the cached formatted current date used for
- HTTP headers tracks this change. Pull request provided by zhenguoli.
- (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <pr>474</pr>: Prevent a tag file from corrupting the ELContext of the
- calling page. Pull request provided by Dmitri Blinov. (markt)
- </fix>
- <fix>
- Minor optimisation of serialization for <code>FunctionMapperImpl</code>
- in response to pull request <pr>476</pr>. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Remove the applet example from the example web application as applets
- are no longer supported in any major browser. (markt)
- </fix>
- <scode>
- Refactor a small number of pages in the examples web application to
- avoid an issue with reproducible builds due to differences in file
- ordering across different operating systems with Ant's zip task. (markt)
- </scode>
- <fix>
- Better documentation for the <code>protocol</code> attribute of the
- <code>JNDIRealm</code>. (markt)
- </fix>
- <fix>
- Clarify the settings described in the documentation web application to
- configure a cluster using static membership. (markt)
- </fix>
- <add>
- Add information on the <code>OpenSSLConf</code> and
- <code>OpenSSLConfCmd</code> elements to the HTTP SSL configuration page
- in the documentation web applications. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="jdbc-pool">
- <changelog>
- <scode>
- Use LF line endings for text files in JARs to support reproducible
- builds across different operating systems. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <scode>
- Use LF line endings for text files in JARs to support reproducible
- builds across different operating systems. (markt)
- </scode>
- <fix>
- Fix dependencies for individual test targets in Ant build file. Based on
- <pr>468</pr> provided by Totoo chenyonghui. (markt)
- </fix>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.26. (remm)
- </update>
- <fix>
- Revert the cherry-pick of JavaDoc fix from DBCP applied in 10.1.0.M9
- that broke the <code>DataSourceMXBean</code> by using a type that isn't
- supported by MXBeans. (markt)
- </fix>
- <add>
- Improvements to Chinese translations contributed by cloudgyb, totoo and
- Chenyonghui1028. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to German translations contributed by Andreas Abraham.
- (markt)
- </add>
- <add>
- Improvements to Japanese translations contributed by tak7iji and
- Shirayuking. (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <add>
- Improvements to Spanish translations contributed by ceciliabarudi.
- (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M10 (markt)" rtext="2022-01-20">
- <subsection name="Coyote">
- <changelog>
- <fix>
- Correct a regression in the fix for <bug>65785</bug> that broke HTTP/2
- server push. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M9 (markt)" rtext="not released">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Add missing check in <code>SessionCookieConfig.setAttribute()</code> to
- ensure that the method fails if called after the web application has
- started. (markt)
- </fix>
- <fix>
- Add additional locking to <code>DataSourceUserDatabase</code> to provide
- improved protection for concurrent modifications. (markt)
- </fix>
- <fix>
- Add recycling check in the input and output stream isReady to try to
- give a more informative ISE when the facade has been recycled. (remm)
- </fix>
- <fix>
- Make the calculation of the session storage location more robust when
- using file based persistent storage. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>65726</bug>: Implement support for HTTP/1.1 upgrade when the
- request includes a body. The maximum permitted size of the body is
- controlled by <code>maxSavePostSize</code>. (markt)
- </fix>
- <fix>
- Restore pre-starting of <code>minSpareThreads</code> lost in the fix for
- <bug>65454</bug>. (markt)
- </fix>
- <fix>
- Revert the previous fix for <bug>65714</bug> and implement a more
- comprehensive fix. (markt)
- </fix>
- <fix>
- Allow freeing up context on JVM shutdown in the OpenSSL Panama module
- by properly using a shared scope. (remm)
- </fix>
- <fix>
- <bug>65757</bug>: Missing initial IO listener notification on Servlet
- container dispatch to another container thread. (remm)
- </fix>
- <fix>
- Expand the fix for <bug>65757</bug> so that rather than just checking if
- processing is happening on a container thread, the check is now if
- processing is happening on the container thread currently allocated to
- this request/response. (markt)
- </fix>
- <fix>
- Improve the fix for RST frame ordering added in 10.1.0-M8 to avoid a
- potential deadlock on some systems in non-default configurations.
- (markt)
- </fix>
- <add>
- <bug>65767</bug>: Add support for certificates that use keys encrypted
- using PBES2. Based on a pull request provided by xiezhaokun. (markt)
- </add>
- <scode>
- Refactor testing whether a String is a valid HTTP token. (markt)
- </scode>
- <fix>
- <bug>65785</bug>: Perform additional validation of HTTP headers when
- using HTTP/2. (markt)
- </fix>
- <fix>
- When a Connector or Endpoint is paused, ensure that only new connections
- and new requests on existing connections are stopped while allowing in
- progress requests to run to completion. (markt)
- </fix>
- <fix>
- Explicitly release ByteBuffer instances associated with pooled channels
- when stopping the NioEndpoint and Nio2Endpoint. (markt)
- </fix>
- <fix>
- Narrow the scope of the logging of invalid cookie headers to just the
- invalid cookie rather than the whole cookie header. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>65724</bug>: Fix missing messages for some
- <code>PropertyNotWritableException</code>s caused by a typo in the name
- used for a resource string. (markt)
- </fix>
- <add>
- Add support for specifying Java 18 (with the value <code>18</code>) as
- the compiler source and/or compiler target for JSP compilation. If used
- with an Eclipse JDT compiler version that does not support these values,
- a warning will be logged and the default will used.
- (markt)
- </add>
- <update>
- To align with the JSP 3.1 specification that requires Java 11 as a
- minimum, make the default JSP source version and target version Java 11.
- (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- Remove the <code>ALLOW_UNSUPPORTED_EXTENSIONS</code> system property. As
- per RFC 6455, all extensions are optional. If an endpoint declares an
- extension that isn't supported there is no need to trigger an error. The
- extension can just be excluded from the result of the negotiation.
- (markt)
- </fix>
- <fix>
- Remove the <code>DISABLE_BUILTIN_EXTENSIONS</code>. It was added to
- enable Tomcat to pass the WebSocket TCK but after updates to the TCK, it
- is no longer required. (markt)
- </fix>
- <add>
- Add support for POJO WebSocket endpoints to the programmatic upgrade
- that allows applications to opt to upgrade an HTTP connection to
- WebSocket. (markt)
- </add>
- <add>
- Add support for the WebSocket 2.1 client-side API for configuring TLS
- connection for wss client connections. (markt)
- </add>
- <fix>
- <bug>65763</bug>: Improve handling of WebSocket connection close if a
- message write times out before the message is fully written. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.25. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.5.0. (remm)
- </update>
- <add>
- Improvements to Chinese translations contributed by zhnnn. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed by Shirayuking, yoshy
- and tak7iji. (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <add>
- Improvements to Spanish translations contributed by Israel. (markt)
- </add>
- <update>
- Update SpotBugs to 4.5.2. (markt)
- </update>
- <update>
- Update to the Eclipse JDT compiler 4.22. (markt)
- </update>
- <update>
- Update the NSIS installer to 3.08. (markt)
- </update>
- <update>
- Update UnboundID to 6.0.3. (markt)
- </update>
- <update>
- Update CheckStyle to 9.2.1. (markt)
- </update>
- <update>
- Update BND to 6.1.0. (markt)
- </update>
- <update>
- Update OSGI annotations to 1.1.1. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M8 (markt)" rtext="2021-12-08">
- <subsection name="Catalina">
- <changelog>
- <update>
- Log warning if a listener is not nested inside a Server element
- although it must have been. (michaelo)
- </update>
- <fix>
- Where the getter can be called safely, remove the checks for
- <code>ServletContext</code> getters called from a
- <code>contextInitialized()</code> method of a
- <code>ServletContextListener</code> that was not defined in a
- <code>web.xml</code> file, a <code>web-fragment.xml</code> file nor
- annotated with <code>WebListener</code>. (markt)
- </fix>
- <fix>
- Make SPNEGO authentication more robust for the case where the provided
- credential has expired. (markt)
- </fix>
- <fix>
- Limit cookie support to RFC 6265 to align with recent updates to the
- Servlet specification. (markt)
- </fix>
- <fix>
- <bug>65684</bug>: Fix a potential <code>NullPointerException</code> when
- using JULI. (markt)
- </fix>
- <docs>
- Document conditions under which the <code>AprLifecycleListener</code>
- can be used to avoid JVM crashes. (michaelo)
- </docs>
- <fix>
- Refactor the <code>AsyncFileHandler</code> to reduce the possibility of
- log messages being lost on shutdown. (markt)
- </fix>
- <update>
- Refactor the <code>AsyncFileHandler</code> to remove the need for the
- <code>org.apache.juli.AsyncLoggerPollInterval</code>. If set, this
- property now has no effect. (markt)
- </update>
- <add>
- Add debug logging to the <code>RestCsrfPreventionFilter</code>. Based on
- pull request <pr>452</pr> by Polina Georgieva. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <add>
- Use implicit scopes in the OpenSSL Panama module to tie the cleanup of
- OpenSSL memory to the Java GC. (remm)
- </add>
- <add>
- Provide protection against a known <a
- href="https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1924298">OS
- bug</a> that causes the acceptor to report an incoming connection more
- than once. (markt)
- </add>
- <fix>
- Avoid unnecessary duplicate read registrations for blocking I/O with the
- NIO connector. (markt)
- </fix>
- <fix>
- <bug>65677</bug>: Improve exception handling for errors during HTTP/1.1
- reads with NIO2. (markt)
- </fix>
- <fix>
- When an error occurs that triggers a stream reset, ensure that the first
- <code>RST</code> frame sent to the client is the one associated with the
- error that triggered the reset. (markt)
- </fix>
- <fix>
- <bug>65714</bug>: Fix exceptions when the security manager is enabled
- and the first request received after starting is an HTTP request to a
- TLS enabled NIO2 connector. (markt)
- </fix>
- <add>
- Ensure that using NIO or NIO2 with OpenSSL for TLS behaves the same way
- on MacOS as it does on Linux and Windows when no trusted certificate
- authorities are configured and reject all client certificates. (markt)
- </add>
- <fix>
- Avoid a potential deadlock during the concurrent processing of incoming
- HTTP/2 frames for a stream and that stream being reset. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <add>
- Update the WebSocket API packaging to remove the copy of the client API
- from the server API and replace it with a dependency on the client API.
- This aligns Tomcat with changes in the WebSocket 2.1 specification.
- (markt)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M7 (markt)" rtext="2021-11-15">
- <subsection name="Catalina">
- <changelog>
- <scode>
- Refactor <code>HttpServlet</code> so the default <code>doHead()</code>
- implementation now calls <code>doGet()</code> and relies on the
- container to ensure that the response body is not sent. The previous
- behaviour (wrapping the response) may be enabled per Servlet by setting
- the <code>jakarta.servlet.http.legacyDoHead</code> Servlet
- initialisation parameter to <code>true</code>. This aligns Tomcat with
- recent changes updates for Servlet 6.0 in the Jakarta Servlet
- specification project. (markt)
- </scode>
- <add>
- Add support for setting generic attributes for session cookies. This
- aligns Apache Tomcat with recent changes in the Jakarta Servlet
- specification project. (markt)
- </add>
- <fix>
- Do not add a trailing <code>/</code> to a request URI during
- canonicalization. (markt)
- </fix>
- <fix>
- Invalid byte sequences (typically in %nn form) in a request URi that are
- not valid for the given URI encoding now trigger a 400 response. (markt)
- </fix>
- <fix>
- Ensure that a request URI starts with a <code>/</code>. (markt)
- </fix>
- <add>
- Add a new Connector option, <code>rejectSuspiciousURIs</code> that will
- causes 'suspicious' (see the Servlet 6.0 specification) URIs to be
- rejected with a 400 response. (markt)
- </add>
- <fix>
- Improve robustness of JNDIRealm for exceptions occurring when getting
- the connection. Also add missing close when running into issues
- getting the passord of a user. (remm)
- </fix>
- <docs>
- Add Javadoc comment which listeners must be nested within
- <code>Server</code> elements only. (michaelo)
- </docs>
- <add>
- Add support for custom caching strategies for web application resources.
- This initial implementation allows control over whether or not a
- resource is cached. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <scode>
- Improve performance of Connector shutdown - primarily to reduce the time
- it takes to run the test suite. (markt)
- </scode>
- <add>
- <pr>457</pr>: Add a <code>toString()</code> method to
- <code>MimeHeader</code> to aid debugging. (dblevins)
- </add>
- <add>
- Add experimental OpenSSL support through the Panama API incubating in
- Java 17, with support for OpenSSL 1.1+. This no longer requires
- tomcat-native or APR. Please refer to the <code>openssl-java17</code>
- module for more details. (remm)
- </add>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <update>
- Regenerate the EL parser using JavaCC 7.0.10. (markt)
- </update>
- <fix>
- Fix a bug that prevented the EL parser correctly parsing a literal Map
- that used variables rather than literals for both keys and values.
- (markt)
- </fix>
- <update>
- Ensure that the <code>getType()</code> method of any
- <code>ELResolver</code> implementation returns <code>null</code> if
- either the <code>ELResolver</code> or the resolved property is read-only
- to align Tomcat with recent updates in the Jakarta EL specification
- project. (markt)
- </update>
- <fix>
- Implement an alternative solution to support the JSP page directive
- attribute <code>isThreadSafe</code> now that the
- <code>SingleThreadModel</code> interface has been removed from the
- Servlet API. The new approach synchronizes the <code>service()</code>
- method.
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <update>
- Add a new method<code>
- ServerEndpointConfig.Configurator.getContainerDefaultConfigurator()
- </code>to align with recent updates in the WebSocket specification
- project. (markt)
- </update>
- <update>
- Add a new method <code>ServerContainer.upgradeHttpToWebSocket()</code>
- to align with recent updates in the WebSocket specification project.
- (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <fix>
- <pr>454</pr>: Differentiate warning messages in
- <code>KubernetesMembershipProvider</code> so that the missing attribute
- is clear to the user. PR provided by Hal Deadman. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Switch from Cobertura to JaCoCo for code coverage as Cobertura does not
- support code coverage for code compiled for Java 11 onwards. It also
- removes the need to use a single thread to run the tests. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M6 (markt)" rtext="2021-10-01">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Provide the DataSource in the constructor of
- <code>DataSourceUserDatabase</code>, since it is always global. (remm)
- </fix>
- <fix>
- Fix delete then create object manipulations with
- <code>DataSourceUserDatabase</code>. (remm)
- </fix>
- <update>
- Remove all deprecated code from the Servlet API to align Tomcat with
- recent changes in the Jakarta Servlet specification project. (markt)
- </update>
- <add>
- Add the currently available Jakarta EE 10 schemas from the Jakarta EE
- schema project. (markt)
- </add>
- <add>
- Implement the new connection ID and request ID API for Servlet 6.0.
- (markt)
- </add>
- <fix>
- <bug>65553</bug>: Implement a work-around for a
- <a href="https://bugs.openjdk.java.net/browse/JDK-8273874">JRE bug</a>
- that can trigger a memory leak when using the JNDI realm. (markt)
- </fix>
- <fix>
- <bug>65586</bug>: Fix the bloom filter used to improve performance of
- archive file look ups in the web resources implementation so it works
- correctly for directory lookups whether or not the provided directory
- name includes the trailing <code>/</code>. (markt)
- </fix>
- <fix>
- <pr>451</pr>: Improve the usefulness of the thread name cache used in
- JULI. Pull request provided by t-gergely. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>65563</bug>: Correct parsing of HTTP <code>Content-Range</code>
- headers. Tomcat was incorrectly requiring an <code>=</code> character
- after <code>bytes</code>. Fix based on pull request <pr>449</pr> by
- Thierry Guérin. (markt)
- </fix>
- <fix>
- Correct a potential <code>StackOverflowException</code> with HTTP/2 and
- sendfile. (markt)
- </fix>
- <fix>
- Further improvements in the management of the connection flow control
- window. This addresses various bugs that caused streams to incorrectly
- report that they had timed out waiting for an allocation from the
- connection flow control window. (markt)
- </fix>
- <fix>
- <bug>65577</bug>: Fix a <code>AccessControlException</code> reporting
- when running an NIO2 connector with TLS enabled. (markt)
- </fix>
- <update>
- Reclassify TLS ciphers that use AESCCM8 as medium security rather than
- high security to align with recent changes in OpenSSL. (markt)
- </update>
- <fix>
- Fix an issue that caused some Servlet non-blocking API reads of the HTTP
- request body to incorrectly use blocking IO. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <scode>
- Deprecate <code>ELResolver.getFeatureDescriptors</code> to align Tomcat
- with recent updates in the Jakarta EL specification project. (markt)
- </scode>
- <add>
- Add support for default methods to <code>BeanRELResolver</code> to align
- Tomcat with recent updates in the Jakarta EL specification project.
- (markt)
- </add>
- <add>
- Add support for <code>MethodReference</code> and the associated getter
- on <code>MethodExpression</code> to align Tomcat with recent updates in
- the Jakarta EL specification project. (markt)
- </add>
- <add>
- Refactor <code>ScopedAttributeELResolver</code> to separate out the
- functionality that is unrelated to scoped attributes into two new
- resolvers: <code>ImportELResolver</code> and
- <code>NotFoundELResolver</code>. This aligns Tomcat with recent updates
- to the Jakarta Server Pages specification. (markt)
- </add>
- <fix>
- Fix the implementation of <code>MethodExpression.getMethodInfo()</code>
- so that it returns the expected value rather than failing when the
- method expression is defined with the parameter values in the expression
- rather than the types being passed explicitly to
- <code>ExpressionFactory.createMethodExpression()</code>. (markt)
- </fix>
- <add>
- Add support for a new page/tag directive <code>errorOnELNotFound</code>
- that can be used to trigger an identifier if an EL expression in a
- page/tag contains an identifier that cannot be resolved. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- The internal upgrade handler should close the associated
- <code>WebConnection</code> on destroy. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <update>
- Update the web applications that are included with Apache Tomcat to use
- the Jakarta EE 10 schema for web.xml. (markt)
- </update>
- <fix>
- Clarify the JASPIC configuration options in the documentation web
- application. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- <bug>65585</bug>: Update obsolete comments at the start of the
- <code>build.properties.default</code> file. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M5 (markt)" rtext="2021-09-10">
- <subsection name="Catalina">
- <changelog>
- <fix>
- Enable Tomcat to start if an (old) XML parser is configured that does
- not support <code>allow-java-encodings</code>. A warning will be logged
- if such an XML parser is detected. (markt)
- </fix>
- <fix>
- Change the behaviour of custom error pages. If an error occurs after the
- response is committed, once the custom error page content has been added
- to the response the connection is now closed immediately rather than
- closed cleanly. i.e. the last chunk that marks the end of the response
- body is no longer sent. This acts as an additional signal to the client
- that the request experienced an error. (markt)
- </fix>
- <fix>
- <bug>65479</bug>: When handling requests using JASPIC authentication,
- ensure that <code>PasswordValidationCallback.getResult()</code> returns
- the result of the password validation rather than always returning
- <code>false</code>. Fixed via pull request <pr>438</pr> provided by
- Robert Rodewald. (markt)
- </fix>
- <update>
- Improve the reusability of the <code>UserDatabase</code> by adding
- intermediate concrete implementation classes and allowing to do
- partial database updates on <code>save</code>. (remm)
- </update>
- <scode>
- Refactor the authenticators to delegate the check for preemptive
- authentication to the individual authenticators where an authentication
- scheme specific check can be performed. Based on pull request
- <pr>444</pr> by Robert Rodewald. (markt)
- </scode>
- <add>
- Add a <code>UserDatabase</code> implementation as a superset of the
- <code>DataSourceRealm</code> functionality. (remm)
- </add>
- <fix>
- Make sure the dynamic Principal returned by
- <code>UserDatabaseRealm</code> stays up to date with the database
- contents, and add an option to have it be static, similar to the other
- realms. (remm)
- </fix>
- <add>
- Add <code>derby-*.jar</code> to the list of JARs to skip when scanning
- for TLDs, web fragments and annotations. (markt)
- </add>
- <fix>
- <pr>447</pr>. Correct JPMS metadata for catalina.jar. Pull request
- provided by Hui Wang. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- Correct a logic error that meant setting
- <code>certificateKeystoreFile</code> to <code>NONE</code> did not have
- the expected effect. <code>NONE</code> was incorrectly treated as a file
- path. Patch provided by Mikael Sterner. (markt)
- </fix>
- <scode>
- Remove the deprecated APR/Native connector which includes the HTTP APR
- and the AJP APR connector. Also remove the Java interfaces to the
- APR/Native library that are not used by the OpenSSL integration for the
- NIO and NIO2 connectors. (markt)
- </scode>
- <scode>
- Refactor the JSSE/OpenSSL integration to avoid the use of
- <code>finalize()</code>. (markt)
- </scode>
- <fix>
- <bug>65505</bug>: When an HTTP header value is removed, ensure that the
- order of the remaining header values is unchanged. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- <bug>65506</bug>: Fix write timeout check that was using the read
- timeout value. Patch submitted by Gustavo Mahlow. (remm)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Remove unnecessary Context settings from the examples web application.
- (markt)
- </fix>
- <fix>
- Document default value for <code>unpackWARs</code> and related clean-up.
- Pull request <pr>439</pr> provided by Robert Rodewald. (markt)
- </fix>
- <fix>
- Clarify the documentation of the <code>compressionMinSize</code> and
- <code>compressibleMimeType</code> HTTP <code>Connector</code>
- attributes. Pull request <pr>442</pr> provided by crisgeek. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Tribes">
- <changelog>
- <scode>
- Refactor the <code>ParallelNioSender</code> to avoid the use of
- <code>finalize()</code>. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <fix>
- Fix failing build when building on non-English locales. Pull request
- <pr>441</pr> provided by Dachuan J. (markt)
- </fix>
- <update>
- Update to JSign version 4.0 to enable code signing without the need for
- the installation of additional client tools. (markt)
- </update>
- <update>
- Add Apache Derby 10.15.2.0 to the testsuite dependencies, for JDBC
- and DataSource testing. (remm)
- </update>
- <add>
- Update the internal fork of Apache Commons BCEL to 40d5eb4 (2021-09-01,
- 6.6.0-SNAPSHOT). Code clean-up only. (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons Codec to fd44e6b (2021-09-01,
- 1.16-SNAPSHOT). Minor refactoring. (markt)
- </add>
- <add>
- <bug>65661</bug>: Update the internal fork of Apache Commons FileUpload
- to 33d2d79 (2021-09-01, 2.0-SNAPSHOT). Refactoring and code clean-up. As
- a result of Commons File Upload now using
- <code>java.nio.file.Files</code>, applications using multi-part uploads
- need to ensure that the JVM is configured with sufficient direct memory
- to store all in progress multi-part uploads. (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons Pool to 2.11.1 (2021-08-17).
- Improvements, code clean-up and refactoring. (markt)
- </add>
- <add>
- Update the internal fork of Apache Commons DBCP to 2.9.0 (2021-08-03).
- Improvements, code clean-up and refactoring. (markt)
- </add>
- <update>
- Update the packaged version of the Tomcat Native Library to 1.2.31 to
- pick up Windows binaries built with OpenSSL 1.1.1l.(markt)
- </update>
- <update>
- Switch to the CDN as the primary download location for ASF dependencies.
- (markt)
- </update>
- <add>
- Improvements to Chinese translations contributed by syseal, wolibo,
- ZhangJieWen and DigitalFatCat. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed by tak7iji. (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M4 (markt)" rtext="2021-08-06">
- <subsection name="WebSocket">
- <changelog>
- <fix>
- Correct a regression in the Java 8 to Java 11 changes made in 10.1.0-M3
- that caused all WebSocket end points to fail to register. (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M3 (markt)" rtext="not released">
- <subsection name="General">
- <changelog>
- <update>
- Update the minimum required Java version to Java 11. (markt)
- </update>
- </changelog>
- </subsection>
- <subsection name="Catalina">
- <changelog>
- <scode>
- Incremented the supported Jakarta Servlet version to 6.0 to align with
- the current development branch of the Jakarta Servlet specification.
- Plans have changed and the next iteration of the Servlet specification
- will be 6.0 rather than 5.1. (markt)
- </scode>
- <fix>
- <bug>65411</bug>: Always close the connection when an uncaught
- <code>NamingException</code> occurs to avoid connection locking.
- Submitted by Ole Ostergaard. (remm)
- </fix>
- <fix>
- <bug>65433</bug>: Correct a regression in the fix for <bug>65397</bug>
- where a <code>StringIndexOutOfBoundsException</code> could be triggered
- if the canonical path of the target of a symlink was shorter than the
- canonical path of the directory in which the symlink had been created.
- Patch provided by Cedomir Igaly. (markt)
- </fix>
- <add>
- <bug>65443</bug>: Refactor the <code>CorsFilter</code> to make it easier
- to extend. (markt)
- </add>
- <fix>
- To avoid unnecessary cache revalidation, do not add an HTTP
- <code>Expires</code> header when setting adding an HTTP header of
- <code>CacheControl: private</code>. (markt)
- </fix>
- <scode>
- Refactor JULI's custom <code>LogManager</code>, the
- web application class loader implementation, the web resources
- implementation, the <code>JreLeakPreventionListener</code>
- implementation and the <code>StandardJarScanner</code> implementation to
- remove Java 8 specific code now that the minimum Java version has been
- increased to 11. (markt)
- </scode>
- <scode>
- Remove all references to the endorsed standards override feature and the
- specifying of optional packages (extensions) in the manifest as these
- are not supported in Java 11. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- When writing an HTTP/2 response via sendfile (only enabled when
- <code>useAsyncIO</code> is true) the connection flow control window was
- sometimes ignored leading to various error conditions. sendfile now
- checks both the stream and connection flow control windows before
- writing. (markt)
- </fix>
- <add>
- Add debug logging for writing an HTTP/2 response via sendfile. (markt)
- </add>
- <fix>
- Correct bugs in the HTTP/2 connection flow control management that meant
- it was possible for a connection to stall waiting for a connection flow
- control window update that had already arrived. Any streams on that
- connection that were trying to write when this happened would time out.
- (markt)
- </fix>
- <fix>
- <bug>65448</bug>: When using TLS with NIO, it was possible for a
- blocking response write to hang just before the final TLS packet
- associated with the response until the connection timed out at which
- point the final packet would be sent and the connection closed. (markt)
- </fix>
- <fix>
- <bug>65454</bug>: Fix a race condition that could result in a delay to
- a new request. The new request could be queued to wait for an existing
- request to finish processing rather than the thread pool creating a new
- thread to process the new request. (markt)
- </fix>
- <fix>
- <bug>65460</bug>: Correct a regression introduced in the previous
- release in the change to reduce the number of small HTTP/2 window
- updates sent for streams. A logic error meant that small window updates
- for the connection were dropped. This meant that the connection flow
- window slowly reduced over time until nothing could be sent. (markt)
- </fix>
- <fix>
- Remove NIO workarounds and code that is no longer needed with Java 11.
- (remm)
- </fix>
- <scode>
- Refactor the endpoints to remove Java 8 specific code now that the
- minimum Java version has been increased to 11. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <scode>
- Add additional generics to the EL API to align with the latest changes
- in the EL specification project. (markt)
- </scode>
- <add>
- Enable EL lambda expressions to be coerced to functional interfaces.
- This is an implementation of a proposed extension to the Jakarta
- Expression Language specification. (markt)
- </add>
- <scode>
- Refactor the EL API and implementation to remove Java 8 specific code
- now that the minimum Java version has been increased to 11. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <scode>
- Refactor the WebSocket implementation to remove Java 8 specific code now
- that the minimum Java version has been increased to 11. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>65404</bug>: Correct a regression in the fix for <bug>63362</bug>
- that caused the server status page in the Manager web application to be
- truncated if HTTP upgrade was used such as when starting a WebSocket
- connection. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Improvements to Chinese translations contributed by ZhangJieWen and
- chengzheyan. (markt)
- </add>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Japanese translations contributed by tak7iji. (markt)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <fix>
- Use of GraalVM native images no longer automatically disables JMX
- support. JMX support may still be disabled by calling
- <code>org.apache.tomcat.util.modeler.Registry.disableRegistry()</code>.
- (markt)
- </fix>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M2 (markt)" rtext="2021-07-02">
- <subsection name="Catalina">
- <changelog>
- <scode>
- Refactor the <code>RemoteIpValve</code> to use the common utility method
- for list to comma separated string conversion. (markt)
- </scode>
- <scode>
- Refactor <code>JNDIRealm$JNDIConnection</code> so its fields are
- accessible to sub-classes of <code>JNDIRealm</code>. (markt)
- </scode>
- <fix>
- Fix serialization warnings in <code>UserDatabasePrincipal</code>
- reported by SpotBugs. (markt)
- </fix>
- <fix>
- <bug>65397</bug>: Calls to
- <code>ServletContext.getResourcePaths()</code> no longer include
- symbolic links in the results unless <code>allowLinking</code> has been
- set to <code>true</code>. If a resource is skipped because of this
- change, a warning will be logged as this typically indicates a
- configuration issue. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>65368</bug>: Improve handling of clean closes of inbound TLS
- connections. Treat them the same way as clean closes of non-TLS
- connections rather than as unknown errors. (markt)
- </fix>
- <fix>
- Modify the HTTP/2 connector not to sent small updates for stream flow
- control windows to the user agent as, depending on how the user agent is
- written, this may trigger small writes from the user agent that in turn
- trigger the overhead protection. Small updates for stream flow control
- windows are now combined with subsequent flow control window updates for
- that stream to ensure that all stream flow control window updates sent
- from Tomcat are larger than <code>overheadWindowUpdateThreshold</code>.
- (markt)
- </fix>
- <add>
- Add additional debug logging to track the current state of the HTTP/2
- overhead count that Tomcat uses to detect and close potentially
- malicious connections. (markt)
- </add>
- <update>
- Many HTTP/2 requests from browsers will trigger one overhead frame and
- one non-overhead frame. Change the overhead calculation so that a
- non-overhead frame reduces the current overhead count by 2 rather than
- 1. This means that, over time, the overhead count for a well-behaved
- connection will trend downwards. (markt)
- </update>
- <update>
- Change the initial HTTP/2 overhead count from <code>-10</code> to
- <code>-10 * overheadCountFactor</code>. This means that, regardless of
- the value chosen for <code>overheadCountFactor</code>, when a connection
- opens 10 overhead frames in a row will be required to trigger the
- overhead protection. (markt)
- </update>
- <update>
- Increase the default <code>overheadCountFactor</code> from
- <code>1</code> to <code>10</code> and change the reduction in overhead
- count for a non-overhead frame from <code>-2</code> to <code>-20</code>.
- This allows for a larger range (0-20) to be used for
- <code>overheadCountFactor</code> providing for finer-grained control.
- (markt)
- </update>
- <fix>
- Modify the parsing of HTTP header values that use the
- <code>1#token</code> to ignore empty elements as per RFC 7230 section 7
- instead of treating the presence of empty elements as an error. (markt)
- </fix>
- <fix>
- Expand the unit tests for <code>HttpServlet.doHead()</code> and correct
- the flushing of the response buffer. The buffer used to behave as if it
- was one byte smaller than the configured size. The buffer was flushed
- (and the response committed if required) when the buffer was full. The
- buffer is now flushed (and the response committed if required) if the
- buffer is full and there is more data to write. (markt)
- </fix>
- <fix>
- Fix an issue where concurrent HTTP/2 writes (or concurrent reads) to the
- same connection could hang and eventually timeout when async IO was
- enabled (it is enabled by default). (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <fix>
- <bug>65387</bug>: Correct a regression in the fix for <bug>65124</bug>
- and restore the local definition of <code>out</code> for tags that
- implement <code>TryCatchFinally</code>. (markt)
- </fix>
- <fix>
- <bug>65390</bug>: Correct a regression in the fix for <bug>65124</bug>
- and restore code that was removed in error leading to JSP compilation
- failures in some circumstances. (markt)
- </fix>
- <update>
- Update to the Eclipse JDT compiler 4.20. (markt)
- </update>
- <add>
- Add support for specifying Java 17 (with the value <code>17</code>) as
- the compiler source and/or compiler target for JSP compilation. If used
- with an Eclipse JDT compiler version that does not support these values,
- a warning will be logged and the latest supported version will used.
- (markt)
- </add>
- <fix>
- <bug>65377</bug>: Update the Java code generation for JSPs not to use
- the boxed primitive constructors as they have been deprecated in Java 9
- and marked for future removal in Java 16. <code>valueOf()</code> is now
- used instead. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <scode>
- Refactor the <code>DigestAuthenticator</code> to reuse a shared
- <code>SecureRandom</code> instance rather than create a new one to
- generate the <code>cnonce</code> if required. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- <bug>65385</bug>: Correct the link in the documentation web application
- the Maven Central repository. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Other">
- <changelog>
- <add>
- Use JSign to integrate the build script with the code signing service to
- enable release builds to be created on Linux as well as Windows. (markt)
- </add>
- <update>
- Update the OWB module to Apache OpenWebBeans 2.0.23. (remm)
- </update>
- <update>
- Update the CXF module to Apache CXF 3.4.4. (remm)
- </update>
- <fix>
- <bug>65369</bug> / <pr>422</pr>: Add the additional
- <code>--add-opens=...</code> options required for running Tomcat on Java
- 16 onwards to the <code>service.bat</code> script to align it with the
- other start-up scripts. PR provided by MCMicS. (markt)
- </fix>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <update>
- Update JUnit to version 4.13.2. (markt)
- </update>
- <update>
- Update EasyMock to 4.3. (markt)
- </update>
- <update>
- Update Objenesis to 3.2. (markt)
- </update>
- <update>
- Update UnboundID to 6.0.0. (markt)
- </update>
- <update>
- Update CheckStyle to 8.43. (markt)
- </update>
- <update>
- Update SpotBugs to 4.2.3. (markt)
- </update>
- <update>
- Update OSGi annotations to 1.1.0. (markt)
- </update>
- </changelog>
- </subsection>
-</section>
-<section name="Tomcat 10.1.0-M1 (markt)" rtext="2021-06-15">
+<section name="Tomcat 11.0.0-M1 (markt)" rtext="in development">
<subsection name="General">
<changelog>
<scode>
This release contains all of the changes up to and including those in
Apache Tomcat 10.0.6 plus the additional changes listed below. (markt)
</scode>
- <scode>
- Remove code previously marked for removal in Tomcat 10.1.x. (markt)
- </scode>
- </changelog>
- </subsection>
- <subsection name="Catalina">
- <changelog>
- <scode>
- Incremented the supported Jakarta Servlet version to 5.1 to align with
- the current development branch of the Jakarta Servlet specification.
- (markt)
- </scode>
- <fix>
- <bug>65301</bug>: <code>RemoteIpValve</code> will now avoid getting
- the local host name when it is not needed. (remm)
- </fix>
- <fix>
- <bug>65308</bug>: NPE in JNDIRealm when no <code>userRoleAttribute</code>
- is given. (fschumacher)
- </fix>
- <add>
- <pr>412</pr>: Add commented out, sample users for the Tomcat Manager app
- to the default <code>tomcat-users.xml</code> file. Based on a PR by
- Arnaud Dagnelies. (markt)
- </add>
- <add>
- <pr>418</pr>: Add a new option, <code>pass-through</code>, to the
- default servlet's <code>useBomIfPresent</code> initialization parameter
- that causes the default servlet to leave any BOM in place when
- processing a static file and not to use the BOM to determine the
- encoding of the file. Based on a pull request by Jean-Louis Monteiro.
- (markt)
- </add>
- <fix>
- <pr>419</pr>: When processing POST requests of type
- <code>multipart/form-data</code> for parts without a filename that are
- added to the parameter map in String form, check the size of the part
- before attempting conversion to String. Pull request provided by
- tianshuang. (markt)
- </fix>
- <add>
- Implement the new <code>Cookie</code> methods
- <code>setAttribute()</code>, <code>getAttribute()</code> and
- <code>getAttributes()</code> introduced in Servlet 6.0. (markt)
- </add>
- <fix>
- AprLifecycleListener does not show dev version suffix for libtcnative
- and libapr. (michaelo)
- </fix>
- <update>
- Refactor principal handling in <code>UserDatabaseRealm</code> using
- an inner class that extends <code>GenericPrincipal</code>. (remm)
- </update>
- <fix>
- Enable the default <code>doHead()</code> implementation in
- <code>HttpServlet</code> to correctly handle responses where the content
- length needs to be represented as a long since it is larger than the
- maximum value that can be represented by an int. (markt)
- </fix>
- <fix>
- Avoid synchronization on roles verification for the memory
- <code>UserDatabase</code>. (remm)
- </fix>
- <fix>
- Fix the default <code>doHead()</code> implementation in
- <code>HttpServlet</code> to correctly handle responses where the Servlet
- calls <code>ServletResponse.reset()</code> and/or
- <code>ServletResponse.resetBuffer()</code>. (markt)
- </fix>
- <fix>
- Fix the default <code>doHead()</code> implementation in
- <code>HttpServlet</code> to correctly handle responses generated using
- the Servlet non-blocking API. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Coyote">
- <changelog>
- <fix>
- <bug>65303</bug>: Fix a possible <code>NullPointerException</code> if
- an error occurs on an HTTP/1.1 connection being upgraded to HTTP/2 or on
- a pushed HTTP/2 stream. (markt)
- </fix>
- <update>
- Simplify AprEndpoint socket bind for all platforms. (michaelo)
- </update>
- <fix>
- <bug>65340</bug>: Add missing check for a negative return value for
- <code>Hpack.decodeInteger</code> in the <code>HpackDecoder</code>,
- which could cause a <code>NegativeArraySizeException</code> exception.
- Submitted by Thomas, and verified the fix is present in the donated
- hpack code in a further update. (remm)
- </fix>
- <add>
- Add debug logging for HTTP/2 HPACK header decoding. (markt)
- </add>
- <fix>
- Correct parsing of HTTP headers consisting of a list of tokens so that a
- header with an empty token is treated consistently regardless of whether
- the empty token is at the start, middle or end of the list of tokens.
- (markt)
- </fix>
- <fix>
- Remove support for the <code>identity</code> transfer encoding. The
- inclusion of this encoding in RFC 2616 was an error that was corrected
- in 2001. Requests using this transfer encoding will now receive a 501
- response. (markt)
- </fix>
- <fix>
- Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1
- clients. (markt)
- </fix>
- <fix>
- Ensure that if the transfer encoding header contains the
- <code>chunked</code>, that the <code>chunked</code> encoding is the
- final encoding listed. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Jasper">
- <changelog>
- <scode>
- Incremented the supported Jakarta Expression Language version to 5.0 to
- align with the current development branch of the Jakarta Expression
- Language specification. (markt)
- </scode>
- <scode>
- Review code used to generate Java source from JSPs and tags and remove
- code found to be unnecessary. (markt)
- </scode>
- <scode>
- Refactor use of internal <code>ChildInfo</code> class to use compile
- time type checking rather than run time type checking. (markt)
- </scode>
- <fix>
- <bug>65124</bug>: Partial fix. When generating Java source code to call
- a tag handler, only define the local variable <code>JspWriter out</code>
- when it is going to be used. (markt)
- </fix>
- <scode>
- Add generics to the EL 5.0 API to align with the current EL 5.0
- development branch. (markt)
- </scode>
- <update>
- Update the <code>web-fragment.xml</code> included in
- <code>jasper.jar</code> and <code>jasper-el.jar</code> to use the
- Servlet 5.0 schema. (markt)
- </update>
- <fix>
- Update JspC to generate <code>web.xml</code> and
- <code>web-fragment.xml</code> files using Servlet 5.0 schemas. (markt)
- </fix>
- <scode>
- Remove the deprecated method
- <code>MethodExpression.isParmetersProvided()</code> from the EL API to
- align with the current EL 5.0 development branch. (markt)
- </scode>
- <fix>
- <bug>65358</bug>: Improve expression language method matching for
- methods with varargs. Where multiple methods may match the provided
- parameters, the method that requires the fewest varargs is preferred.
- (markt)
- </fix>
- <add>
- <bug>65332</bug>: Add a commented out section in
- <code>catalina.policy</code> that provides the necessary permissions to
- compile JSPs with javac when running on Java 9 onwards with a security
- manager. It is commented out as it will cause errors if used with
- earlier Java versions. (markt)
- </add>
- </changelog>
- </subsection>
- <subsection name="WebSocket">
- <changelog>
- <fix>
- <bug>65317</bug>: When using <code>permessage-deflate</code>, the
- WebSocket connection was incorrectly closed if the uncompressed payload
- size was an exact multiple of 8192. Based on a patch provided by Saksham
- Verma. (markt)
- </fix>
- <update>
- Update the <code>web-fragment.xml</code> included in
- <code>tomcat-websocket.jar</code> to use the Servlet 5.0 schema. (markt)
- </update>
- <fix>
- <bug>65342</bug>: Correct a regression introduced with the fix for
- <bug>65262</bug> that meant Tomcat's WebSocket implementation would only
- work with Tomcat's implementation of the Jakarta WebSocket API. (markt)
- </fix>
- </changelog>
- </subsection>
- <subsection name="Web applications">
- <changelog>
- <fix>
- Improve the description of the <code>maxConnections</code> and
- <code>acceptCount</code> attributes in the Connector section of the
- documentation web application. (markt)
- </fix>
</changelog>
</subsection>
<subsection name="Other">
<changelog>
- <add>
- Improvements to French translations. (remm)
- </add>
- <add>
- Improvements to Korean translations. (woonsan)
- </add>
- <fix>
- <bug>65362</bug>: Correct a regression in the previous release. The
- change to create OSGi <code>Require-Capability</code> sections in
- manifests for Jakarta API JARs manually rather than with bnd annotations
- did not add the necessary manual entries to the embedded JARs. (markt)
- </fix>
<update>
- Update the packaged version of the Tomcat Native Library to 1.2.30. Also
- update the minimum recommended version to 1.2.30. (markt)
+ Update to Commons Daemon 1.3.2. (markt)
</update>
</changelog>
</subsection>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 8b6ace9a42..61413829cb 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1162,7 +1162,7 @@
<p>In addition to the standard TLS related request attributes defined in
section 3.10 of the Servlet specification, Tomcat supports a number of
additional TLS related attributes. The full list may be found in the <a
- href="http://tomcat.apache.org/tomcat-10.1-doc/api/index.html">SSLSupport
+ href="http://tomcat.apache.org/tomcat-11.0-doc/api/index.html">SSLSupport
Javadoc</a>.</p>
<p>For more information, see the
diff --git a/webapps/docs/tomcat-docs.xsl b/webapps/docs/tomcat-docs.xsl
index 557788b7d6..0af22d75b4 100644
--- a/webapps/docs/tomcat-docs.xsl
+++ b/webapps/docs/tomcat-docs.xsl
@@ -36,9 +36,9 @@
<xsl:param name="subdir" select="''"/>
<xsl:param name="relative-path" select="'.'"/>
<!-- Keep versions in sync with build.xml -->
- <xsl:param name="version" select="'10.1.x'"/>
- <xsl:param name="majorversion" select="'10'"/>
- <xsl:param name="majorminorversion" select="'10.1'"/>
+ <xsl:param name="version" select="'11.0.x'"/>
+ <xsl:param name="majorversion" select="'11'"/>
+ <xsl:param name="majorminorversion" select="'11.0'"/>
<xsl:param name="minjavaversion" select="'11'"/>
<xsl:param name="buildjavaversion" select="'11'"/>
<xsl:param name="antversionrequired" select="'1.10.2'"/>
@@ -48,7 +48,7 @@
<xsl:param name="buglink" select="'https://bz.apache.org/bugzilla/show_bug.cgi?id='"/>
<xsl:param name="prlink" select="'https://github.com/apache/tomcat/pull/'"/>
<xsl:param name="revlink" select="'https://svn.apache.org/viewvc?view=rev&rev='"/>
- <xsl:param name="doclink" select="'https://tomcat.apache.org/tomcat-10.1-doc'"/>
+ <xsl:param name="doclink" select="'https://tomcat.apache.org/tomcat-11.0-doc'"/>
<xsl:param name="sylink" select="'https://tomcat.apache.org/security-10.html'"/>
<xsl:param name="dllink" select="'https://tomcat.apache.org/download-10.cgi'"/>
<xsl:param name="sitedir" select="''"/>
diff --git a/webapps/docs/web-socket-howto.xml b/webapps/docs/web-socket-howto.xml
index 20cf2caf38..49d155bd25 100644
--- a/webapps/docs/web-socket-howto.xml
+++ b/webapps/docs/web-socket-howto.xml
@@ -103,37 +103,6 @@
timeout as a <code>String</code> in milliseconds. The default is 5000 (5
seconds).</p>
-<p>When using the WebSocket client to connect to secure server endpoints, the
- client SSL configuration should be configured via
- <code>jakarta.websocket.ClientEndpointConfig.getSSLContext()</code>. Tomcat
- 10.1.x still supports the pre-WebSocket 2.1 configuration method where TLS
- configuration was via the <code>userProperties</code> of the provided
- <code>jakarta.websocket.ClientEndpointConfig</code>. However, this approach
- is deprecated and will be removed in Tomcat 11. The following user properties
- are supported:</p>
- <ul>
- <li><code>org.apache.tomcat.websocket.SSL_CONTEXT</code></li>
- <li><code>org.apache.tomcat.websocket.SSL_PROTOCOLS</code></li>
- <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code></li>
- <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code></li>
- </ul>
- <p>The default truststore password is <code>changeit</code>.</p>
-
-<p>If the <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> property is
- set then the <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code> and
- <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code> properties
- will be ignored.</p>
-
-<p>For secure server end points, host name verification is enabled by default.
- To bypass this verification (not recommended), it is necessary to provide a
- custom <code>SSLContext</code> via the
- <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> user property. The
- custom <code>SSLContext</code> must be configured with a custom
- <code>TrustManager</code> that extends
- <code>javax.net.ssl.X509ExtendedTrustManager</code>. The desired verification
- (or lack of verification) can then be controlled by appropriate
- implementations of the individual abstract methods.</p>
-
<p>When using the WebSocket client to connect to server endpoints, the number of
HTTP redirects that the client will follow is controlled by the
<code>userProperties</code> of the provided
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/02: Remove trailing spaces
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit b4f8441f4bd6af4476a1f88cb713e779698f5903
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Oct 11 19:55:21 2022 +0100
Remove trailing spaces
---
TOMCAT-NEXT.txt | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/TOMCAT-NEXT.txt b/TOMCAT-NEXT.txt
index 3cf744e81b..007c80995d 100644
--- a/TOMCAT-NEXT.txt
+++ b/TOMCAT-NEXT.txt
@@ -25,10 +25,10 @@ Notes of things to consider for the next major Tomcat release (11.x)
releases would then require at least Java 21.
3. Add QUIC support using OpenSSL and Panama.
-
+
4. Remove SecurityManager (assuming Jakarta EE 11 does so).
-
+
5. Update minimum Java version to 17 (assuming Jakarta EE 11 does so).
-
+
6. Implement an optional Loom module that provides
o.a.c.http11.Http11BioLoomProtocol
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org