./www/apache-tomcat7, Implementation of Java Servlet and JavaServer Pages technologies

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 7.0.90, Package name: apache-tomcat-7.0.90, Maintainer: pkgsrc-users

Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.

Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.

Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.

Required to run:

Required to build:

Master sites: (Expand)

SHA1: cea1a3e0492f8d6bfb33fe6b4343542c361249a3
RMD160: 0e14f72d07cbc53fb8d8a775028e5ae3a0839112
Filesize: 8881.555 KB

Version history: (Expand)

CVS history: (Expand)

   2018-09-28 00:35:14 by Tobias Nygren | Files touched by this commit (1)
Log message:
apache-tomcat7: fix PLIST
   2018-07-26 00:03:30 by Zafer Aydogan | Files touched by this commit (2) | Package updated
Log message:
Update to 7.0.90

Tomcat 7.0.90 (violetagg)
	fix	62498: Correct a regression in the fix for CVE-2017-12617 that caused \ 
request failures for some requests when using the VirtualDirContext. (markt)
	fix	Delete reference to removed class that prevented Tomcat from starting when \ 
running under a security manager. (markt)

Tomcat 7.0.89 (violetagg)	not released
	fix	JNDI resources that are defined with injection targets but no value are now \ 
treated as if the resource is not defined. (markt)
	fix	Ensure that JNDI names used for <lookup-name> entries in web.xml and \ 
for lookup elements of @Resource annotations specify a name with an explicit \ 
java: namespace. (markt)
	add	51953: Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to \ 
allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges \ 
are defined using CIDR notation. Based on a patch by Francis Galiegue. (markt)
	fix	62343: Make CORS filter defaults more secure. This is the fix for \ 
CVE-2018-8014. (markt)
	fix	Make all loggers associated with Tomcat provided Filters non-static to \ 
ensure that log messages are not lost when a web application is reloaded. \ 
	fix	Correct the manifest for the annotations-api.jar. The JAR implements the \ 
Common Annotations API 1.1 and the manifest should reflect that. (markt)
	fix	Switch to non-static loggers where there is a possibility of a logger \ 
becoming associated with a web application class loader causing log messages to \ 
be lost if the web application is stopped. (markt)
	add	62389: Add the IPv6 loopback address to the default internalProxies regular \ 
expression. Patch by Craig Andrews. (markt)
	fix	In the RemoteIpValve and RemoteIpFilter, correctly handle the case when the \ 
request passes through one or more trustedProxies but no internalProxies. Based \ 
on a patch by zhanhb. (markt)
	fix	Correct the logic in MBeanFactory.removeConnector() to ensure that the \ 
correct Connector is removed when there are multiple Connectors using different \ 
addresses but the same port. (markt)
	fix	Make JAASRealm mis-configuration more obvious by requiring the \ 
authenticated Subject to include at least one Principal of a type specified by \ 
userClassNames. (markt)
	fix	62476: Use GMT timezone for the value of Expires header as required by HTTP \ 
specification (RFC 7231, 7234). (kkolinko)
   2018-03-23 14:00:17 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 7.0.85

Tomcat 7.0.85 (violetagg)

        fix	Prevent a stack trace being written to standard out when running on \ 
Java 10 due to changes in the LogManager implementation. (markt)
        fix	Avoid duplicate load attempts if one has been made already. (remm)
        fix	Avoid NPE in ThreadLocalLeakPreventionListener if there is no \ 
Engine. (remm)
        fix	58143: Fix calling classloading transformers broken in 7.0.70 by the \ 
fix for 59619. This was observed when using Spring weaving. (rjung)
        fix	62000: When a JNDI reference cannot be resolved, ensure that the \ 
root cause exception is reported rather than swallowed. (markt)
        fix	62036: When caching an authenticated user Principal in the session \ 
when the web application is configured with the NonLoginAuthenticator, cache the \ 
internal Principal object rather than the user facing Principal object as Tomcat \ 
requires the internal object to correctly process later authorization checks. \ 
        fix	62067: Correctly apply security constraints mapped to the context \ 
root using a URL pattern of "". (markt)
        fix	When using Tomcat embedded, only perform Authenticator configuration \ 
once during web application start. (markt)
        fix	Process all ServletSecurity annotations at web application start \ 
rather than at servlet load time to ensure constraints are applied consistently. \ 
        fix	Minor optimization when calling class tranformers. (rjung)

    Web applications
        add	48672: Add documentation for the Host Manager web application. Patch \ 
provided by Marek Czernek. (markt)

        update	Update the NSIS Installer used to build the Windows installer to \ 
version 3.03. (kkolinko)
   2018-02-01 00:27:43 by Zafer Aydogan | Files touched by this commit (3) | Package updated
Log message:
Update to 7.0.84

Notable changes:
 - Use a loop to preload anonymous inner classes when running under a \ 
SecurityManager, to be safe for future changes in the code or using a different \ 
compiler. (kkolinko)
 -  Implement a small optimisation to how JAR URLs are processed to reduce the \ 
storage of duplicate String objects in memory. Patch provided by Dmitri Blinov. \ 

Full changelog:
   2017-10-31 15:31:10 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update www/apache-tomcat7 to 7.0.82.

Notable changes:

- A fix for CVE-2017-12617.
- Update the packaged version of the Tomcat Native Library to 1.2.14

Full changelog:

   2017-09-04 15:54:39 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 7.0.81

Tomcat 7.0.81 (violetagg)


        fix	Correct regression in 7.0.80 that broke WebDAV. (markt)
   2017-09-03 13:19:16 by Thomas Klausner | Files touched by this commit (1)
Log message:
Add archive.apache.org as master site, since the pkgsrc version is outdated.
   2017-08-15 03:54:25 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 7.0.79

Tomcat 7.0.79 (violetagg)


        fix	61101: CORS filter should set Vary header in response. Submitted by \ 
Rick Riemer. (remm)
        add	61105: Add a new JULI FileHandler configuration for specifying the \ 
maximum number of days to keep the log files. (violetagg)
        fix	Improve the SSLValve so it is able to handle client certificate \ 
headers from Nginx. Based on a patch by Lucas Ventura Carro. (markt)
        fix	61154: Allow the Manager and Host Manager web applications to start \ 
by default when running under a security manager. This was accomplished by \ 
adding a custom permission, org.apache.catalina.security.DeployXmlPermission, \ 
that permits an application to use a META-INF/context.xml file and then granting \ 
that permission to the Manager and Host Manager. (markt)
        fix	61173: Polish the javadoc for o.a.catalina.startup.Tomcat. Patch \ 
provided by peterhansson_se. (violetagg)
        add	A new configuration property crawlerIps is added to the \ 
o.a.catalina.valves.CrawlerSessionManagerValve. Using this property one can \ 
specify a regular expression that will be used to identify crawlers based on \ 
their IP address. Based on a patch provided by Tetradeus. (violetagg)
        fix	61180: Log a warning message rather than an information message if \ 
it takes more than 100ms to initialised a SecureRandom instance for a web \ 
application to use to generate session identifiers. Patch provided by Piotr \ 
Chlebda. (markt)
        fix	61185: When an asynchronous request is dispatched via \ 
AsyncContext.dispatch() ensure that getRequestURI() for the dispatched request \ 
matches that of the original request. (markt)
        fix	61201: Ensure that the SCRIPT_NAME environment variable for CGI \ 
executables is populated in a consistent way regardless of how the CGI servlet \ 
is mapped to a request. (markt)
        fix	61215: Correctly define addConnectorPort and \ 
invalidAuthenticationWhenDeny in the mbean-descriptors.xml file for the \ 
org.apache.catalina.valves package so that the attributes are accessible via \ 
JMX. (markt)


        fix	61086: Explicitly signal an empty request body for HTTP 205 \ 
responses. (markt)
        fix	Revert a change introduced in the fix for bug 60718 that changed the \ 
status code recorded in the access log when the client dropped the connection \ 
from 200 to 500. (markt)
        fix	Make asynchronous error handling more robust. In particular ensure \ 
that onError() is called for any registered AsyncListeners after an I/O error on \ 
a non-container thread. (markt)


        fix	44787: Improve error message when JSP compiler configuration options \ 
are not valid. (markt)


        fix	Correct the log message when a MessageHandler for PongMessage does \ 
not implement MessageHandler.Whole. (rjung)
        fix	Improve thread-safety of Futures used to report the result of \ 
sending WebSocket messages. (markt)
        fix	61183: Correct a regression in the previous fix for 58624 that could \ 
trigger a deadlock depending on the locking strategy employed by the client \ 
code. (markt)

    Web applications

        fix	Better document the meaning of the trimSpaces option for Jasper. (markt)
        fix	61150: Configure the Manager and Host-Manager web applications to \ 
permit serialization and deserialization of CRSFPreventionFilter related session \ 
objects to avoid warning messages and/or stack traces on web application stop \ 
and/or start when running under a security manager. (markt)


        add	Add JMX support for Tribes components. (kfujino)


        add	45832: Add HTTP DIGEST authentication support to the Catalina Ant \ 
tasks used to communicate with the Manager application. (markt)
        fix	45879: Add the RELEASE-NOTES file to the root of the installation \ 
created by the Tomcat installer for Windows to make it easier for users to \ 
identify the installed Tomcat version. (markt)
        fix	61076: Document the altDDName attribute for the Context element. (markt)
        fix	61145: Add missing @Documented annotation to annotations in the \ 
annotations API. Patch provided by Katya Todorova. (markt)
        fix	61146: Add missing lookup() method to @EJB annotation in the \ 
annotations API. Patch provided by Katya Todorova. (markt)
        fix	Correct typo in Context Container Configuration Reference. Patch \ 
provided by Katya Todorova. (violetagg)