./www/apache-tomcat7, Implementation of Java Servlet and JavaServer Pages technologies

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 7.0.93, Package name: apache-tomcat-7.0.93, Maintainer: pkgsrc-users

Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.

Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.

Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.

Required to run:

Required to build:

Master sites: (Expand)

SHA1: 5ed572783a3e06f4e9c5fa391004c4171935a4d4
RMD160: 2fa8b4b193c3ca89dab5b604bb02c206fb8a40fc
Filesize: 8924.763 KB

Version history: (Expand)

CVS history: (Expand)

   2019-03-26 21:56:23 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 7.0.93

Update the packaged version of the Tomcat Native Library to 1.2.21
to pick up the latest Windows binaries built with APR 1.6.5 and
OpenSSL 1.1.1a and to pick up the memory leak fixes when using
NIO/NIO2 with OpenSSL.
   2019-01-22 15:46:49 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 7.0.92

Tomcat 7.0.92 (violetagg)


        fix	Add documentation about the files context.xml.default and \ 
web.xml.default that can be used to customize conf/context.xml and conf/web.xml \ 
on a per host basis. (fschumacher)
        fix	Ensure that a canonical path is always used for the docBase of a \ 
Context to ensure consistent behaviour. (markt)
        fix	62788: Add explicit logging configuration to write log files using \ 
UTF-8 to align with Tomcat's use of UTF-8 by default elsewhere. (markt)
        fix	62797: Pass throwable to keep client aborts with status 200 rather \ 
than 500. Patch submitted by zikfat. (remm)
        fix	62809: Correct a regression in the implementation of DIGEST \ 
authentication support for the Deployer Ant tasks (bug 45832) that prevented the \ 
DeployTask from working when authentication was required. (markt)
        update	Update the recommended minimum Tomcat Native version to 1.2.18. \ 
        add	Ignore an attribute named source on Context elements provided by \ 
StandardContext. This is to suppress warnings generated by the Eclipse / Tomcat \ 
integration provided by Eclipse. Based on a patch by mdfst13. (markt)
        add	62830: Added JniLifeCycleListener and static methods \ 
Library.loadLibrary(libraryName) and Library.load(filename) to load a native \ 
library by a shared class loader so that more than one Webapp can use it. \ 
        fix	Correct a typo in the Spanish resource files. Patch provided by \ 
Diego Agulló. (markt)
        fix	62868: Order the Enumeration<URL> provided by \ 
WebappClassLoaderBase.getResources(String) according to the setting of the \ 
delegate flag. (markt)


        add	Add TLSv1.3 to the default protocols and to the all alias for JSSE \ 
based TLS connectors when running on a JVM that supports TLS version 1.3. One \ 
such JVM is OpenJDK version 11. (rjung)
        fix	62739: Do not reject requests with an empty HTTP Host header. Such \ 
requests are unusual but not invalid. Patch provided by Michael Orr. (markt)
        add	62748: Add TLS 1.3 support for the APR/Native connector. (schultz/markt)
        fix	62791: Remove an unnecessary check in the NIO TLS implementation \ 
that prevented from secure WebSocket connections from being established. (markt)


        fix	62674: Correct a regression in the stand-alone JSP compiler utility, \ 
JspC, caused by the fix for 53492, that caused the JSP compiler to hang. (markt)
        fix	62721: Correct generation of web.xml header when using JspC. (markt)
        fix	Fix a regression in the TLD whitespace parsing fix that broke \ 
parsing when whitespace was present between the method name and the parameters. \ 
        fix	62757: Correct a regression in the fix for 62603 that caused \ 
NullPointerExceptions when compiling tag files on first access when development \ 
mode was disabled and background compilation was enabled. Based on a patch by \ 
Jordi Llach. (markt)
        fix	62808: Fix a regression in the TLD whitespace parsing fix that broke \ 
parsing when new lines were present in the method signature. (markt)


        fix	62731: Make the URI returned by HandshakeRequest.getRequestURI() and \ 
Session.getRequestURI() absolute so that the scheme, host and port are \ 
accessible. (markt)

    Web applications

        fix	62761: Correct the advanced CORS example in the Filter documentation \ 
to use a valid configuration. (markt)
        fix	62786: Add a note to the Context documentation to explain that, by \ 
default, settings for a Context element defined in server.xml will be \ 
overwritten by settings specified in a default context file such as \ 
conf/context.xml. (markt)
        fix	Create a little visual separation between the Undeploy button and \ 
the other buttons in the Manager application. Patch provided by Łukasz Jąder. \ 


        update	Update the packaged version of the Tomcat Native Library to \ 
1.2.18 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL \ 
1.1.1. (markt)

Tomcat 7.0.91 (violetagg)	released 2018-09-19


        add	61692: Add the ability to control which HTTP methods are handled by \ 
the CGI Servlet via a new initialization parameter cgiMethods. (markt)
        fix	Ensure that the HTTP Vary header is set correctly when using the \ 
CORS filter and improve the cacheability of requests that pass through the COPRS \ 
filter. (markt)
        fix	62527: Revert restriction of JNDI to the java: namespace. (remm)
        add	Introduce a new class - MultiThrowable - to report exceptions when \ 
multiple actions are taken where each action may throw an exception but all \ 
actions are taken before any errors are reported. Use this new class when \ 
reporting multiple container (e.g. web application) failures during start. \ 
        fix	Correctly decode URL paths (+ should not be decoded to a space in \ 
the path) in the RequestDispatcher and the web application class loader. (markt)
        add	62559: Add jaxb-*.jar to the list of JARs ignored by \ 
StandardJarScanner. (markt)
        add	62560: Add oraclepki.jar to the list of JARs ignored by \ 
StandardJarScanner. (markt)
        add	62607: Return a non-zero exit code from catalina.[bat|sh] run if \ 
Tomcat fails to start. (markt)
        code	Remove ServletException from declaration of \ 
Tomcat.addWebapp(String,String) since it is never thrown. Patch provided by \ 
Tzafrir. (markt)
        fix	Use short circuit logic to prevent potential NPE in CorsFilter. \ 
        code	Simplify construction of appName from container name in JAASRealm. \ 
        fix	Improve the handling of path parameters when working with Requestt \ 
type multipart/form-data to servlets with a @MultipartConfig annotation \ 
regardless of HTTP method. (markt)
        fix	62669: When using the SSIFilter and a resource does not specify a \ 
content type, do not force the content type to application/x-octet-s a redirect \ 
to a directory in the Default Servlet, avoid generating a protocol relative \ 
redirect. (markt)


        fix	Refactor code that adds an additional header name to the Vary HTTP \ 
response header to use a common utility method that addresses several additional \ 
edge cases. (markt)
        fix	62526: Correctly handle PKCS12 format key stores when the key store \ 
password is configured to be the empty string. Note that Java 6 does not support \ 
PKCS12 key stores configured to use a store password of the empty string. \ 
        fix	62670: Adjust the memory leak protection for the DriverManager so \ 
that JDBC drivers located in $CATALINA_HOME/lib and $CATALINA_BASE/lib are \ 
loaded via the service loader mechanism when the protection is enabled. (markt)
        fix	62685: Correct an error in host name validation parsing that did not \ 
allow a fully qualified domain name to terminate with a period. Patch provided \ 
by AG. (markt)


        fix	53011: When pre-compiling with JspC, report all compilation errors \ 
rather than stopping after the first error. A new option -failFast can be used \ 
to restore the previous behaviour of stopping after the first error. Based on a \ 
patch provided by Marc Pompl. (markt)
        add	53492: Make the Java file generation process multi-threaded. By \ 
default, one thread will be used per core. Based on a patch by Dan Fabulich. \ 
        fix	62603: Fix a potential race condition when development mode is \ 
disabled and background compilation checks are enabled. It was possible that \ 
some updates would not take effect and/or ClassNotFoundExceptions would occur. \ 
        fix	Correct the JSP version in the X-PoweredBy HTTP header generated \ 
when the xpoweredBy option is enabled. (markt)
        fix	62662: Fix the corruption of web.xml output during JSP compilation \ 
caused by the fix for 53492. Patch provided by Bernhard Frauendienst. (markt)
        fix	Correct parsing of XML whitespace in TLD function signatures that \ 
incorrectly only looked for the space character. (markt)


        fix	62596: Remove the limit on the size of the initial HTTP upgrade \ 
request used to establish the web socket connection. (markt)

    Web applications

        add	62558: Add Russian translations for the Manager and Host Manager web \ 
applications. Based on a patch by Ivan Krasnov. (markt)
        add	62561: Add advanced class loader configuration information regarding \ 
the use of the Server and Shared class loaders to the documentation web \ 
application. (markt)
        add	Expand the information in the documentation web application \ 
regarding the use of CATALINA_HOME and CATALINA_BASE. Patch provided by Marek \ 
Czernek. (markt)
        fix	62652: Make it clearer that the version of DBCP that is packaged in \ 
Tomcat 7.0.x is DBCP 1. (markt)
        add	62666: Expand internationalisation support in the Manager \ 
application to include the server status page and provide Russian translations \ 
in addition to English. Patch provided by Artem Chebykin. (markt)
        fix	62676: Expand the CORS filter documentation to make it clear that \ 
explicit configuration is required to enable support for cross-origin requests. \ 


        fix	Ensures that the specified rxBufSize is correctly set to receiver \ 
buffer size. (kfujino)


        fix	Fixed spelling. Patch provided by Jimmy Casey via GitHub. (violetagg)
        fix	Correct various spelling errors throughout the source code and \ 
documentation. Patch provided by Kazuhiro Sera. (markt)
   2018-09-28 00:35:14 by Tobias Nygren | Files touched by this commit (1)
Log message:
apache-tomcat7: fix PLIST
   2018-07-26 00:03:30 by Zafer Aydogan | Files touched by this commit (2) | Package updated
Log message:
Update to 7.0.90

Tomcat 7.0.90 (violetagg)
	fix	62498: Correct a regression in the fix for CVE-2017-12617 that caused \ 
request failures for some requests when using the VirtualDirContext. (markt)
	fix	Delete reference to removed class that prevented Tomcat from starting when \ 
running under a security manager. (markt)

Tomcat 7.0.89 (violetagg)	not released
	fix	JNDI resources that are defined with injection targets but no value are now \ 
treated as if the resource is not defined. (markt)
	fix	Ensure that JNDI names used for <lookup-name> entries in web.xml and \ 
for lookup elements of @Resource annotations specify a name with an explicit \ 
java: namespace. (markt)
	add	51953: Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to \ 
allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges \ 
are defined using CIDR notation. Based on a patch by Francis Galiegue. (markt)
	fix	62343: Make CORS filter defaults more secure. This is the fix for \ 
CVE-2018-8014. (markt)
	fix	Make all loggers associated with Tomcat provided Filters non-static to \ 
ensure that log messages are not lost when a web application is reloaded. \ 
	fix	Correct the manifest for the annotations-api.jar. The JAR implements the \ 
Common Annotations API 1.1 and the manifest should reflect that. (markt)
	fix	Switch to non-static loggers where there is a possibility of a logger \ 
becoming associated with a web application class loader causing log messages to \ 
be lost if the web application is stopped. (markt)
	add	62389: Add the IPv6 loopback address to the default internalProxies regular \ 
expression. Patch by Craig Andrews. (markt)
	fix	In the RemoteIpValve and RemoteIpFilter, correctly handle the case when the \ 
request passes through one or more trustedProxies but no internalProxies. Based \ 
on a patch by zhanhb. (markt)
	fix	Correct the logic in MBeanFactory.removeConnector() to ensure that the \ 
correct Connector is removed when there are multiple Connectors using different \ 
addresses but the same port. (markt)
	fix	Make JAASRealm mis-configuration more obvious by requiring the \ 
authenticated Subject to include at least one Principal of a type specified by \ 
userClassNames. (markt)
	fix	62476: Use GMT timezone for the value of Expires header as required by HTTP \ 
specification (RFC 7231, 7234). (kkolinko)
   2018-03-23 14:00:17 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 7.0.85

Tomcat 7.0.85 (violetagg)

        fix	Prevent a stack trace being written to standard out when running on \ 
Java 10 due to changes in the LogManager implementation. (markt)
        fix	Avoid duplicate load attempts if one has been made already. (remm)
        fix	Avoid NPE in ThreadLocalLeakPreventionListener if there is no \ 
Engine. (remm)
        fix	58143: Fix calling classloading transformers broken in 7.0.70 by the \ 
fix for 59619. This was observed when using Spring weaving. (rjung)
        fix	62000: When a JNDI reference cannot be resolved, ensure that the \ 
root cause exception is reported rather than swallowed. (markt)
        fix	62036: When caching an authenticated user Principal in the session \ 
when the web application is configured with the NonLoginAuthenticator, cache the \ 
internal Principal object rather than the user facing Principal object as Tomcat \ 
requires the internal object to correctly process later authorization checks. \ 
        fix	62067: Correctly apply security constraints mapped to the context \ 
root using a URL pattern of "". (markt)
        fix	When using Tomcat embedded, only perform Authenticator configuration \ 
once during web application start. (markt)
        fix	Process all ServletSecurity annotations at web application start \ 
rather than at servlet load time to ensure constraints are applied consistently. \ 
        fix	Minor optimization when calling class tranformers. (rjung)

    Web applications
        add	48672: Add documentation for the Host Manager web application. Patch \ 
provided by Marek Czernek. (markt)

        update	Update the NSIS Installer used to build the Windows installer to \ 
version 3.03. (kkolinko)
   2018-02-01 00:27:43 by Zafer Aydogan | Files touched by this commit (3) | Package updated
Log message:
Update to 7.0.84

Notable changes:
 - Use a loop to preload anonymous inner classes when running under a \ 
SecurityManager, to be safe for future changes in the code or using a different \ 
compiler. (kkolinko)
 -  Implement a small optimisation to how JAR URLs are processed to reduce the \ 
storage of duplicate String objects in memory. Patch provided by Dmitri Blinov. \ 

Full changelog:
   2017-10-31 15:31:10 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update www/apache-tomcat7 to 7.0.82.

Notable changes:

- A fix for CVE-2017-12617.
- Update the packaged version of the Tomcat Native Library to 1.2.14

Full changelog:

   2017-09-04 15:54:39 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 7.0.81

Tomcat 7.0.81 (violetagg)


        fix	Correct regression in 7.0.80 that broke WebDAV. (markt)