./www/apache-tomcat8, Implementation of Java Servlet and JavaServer Pages technologies

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 8.0.50, Package name: apache-tomcat-8.0.50, Maintainer: pkgsrc-users

Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.

Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.

Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.

This package tracks 8.0.x release branch.

Required to run:

Required to build:

Master sites: (Expand)

SHA1: ec66581d322a8ef58e3988fc72e2c076968f3e2e
RMD160: bbfee30149d69acf67c037177858f3ca800e50f8
Filesize: 9196.474 KB

Version history: (Expand)

CVS history: (Expand)

   2018-03-23 14:16:38 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 8.0.50

Tomcat 8.0.50 (violetagg)

    Fix: Prevent a stack trace being written to standard out when running on \ 
Java 10 due to changes in the LogManager implementation. (markt)
    Fix: Avoid duplicate load attempts if one has been made already. (remm)
    Fix: Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
    Fix: 62000: When a JNDI reference cannot be resolved, ensure that the root \ 
cause exception is reported rather than swallowed. (markt)
    Fix: 62036: When caching an authenticated user Principal in the session when \ 
the web application is configured with the NonLoginAuthenticator, cache the \ 
internal Principal object rather than the user facing Principal object as Tomcat \ 
requires the internal object to correctly process later authorization checks. \ 
    Fix: 62067: Correctly apply security constraints mapped to the context root \ 
using a URL pattern of "". (markt)
    Fix: When using Tomcat embedded, only perform Authenticator configuration \ 
once during web application start. (markt)
    Fix: Process all ServletSecurity annotations at web application start rather \ 
than at servlet load time to ensure constraints are applied consistently. \ 
    Fix: Minor optimization when calling class tranformers. (rjung)

Web applications
    Add: 48672: Add documentation for the Host Manager web application. Patch \ 
provided by Marek Czernek. (markt)

    Update: Update the NSIS Installer used to build the Windows installer to \ 
version 3.03. (kkolinko)
   2018-01-31 23:27:13 by Zafer Aydogan | Files touched by this commit (3) | Package updated
Log message:
Update www/apache-tomcat8 to 8.0.49.

Notable changes:
 - Allow a call to AsyncContext.dispatch() to terminate non-blocking I/O. (markt)

Full changelog:

   2017-10-31 15:33:23 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update www/apache-tomcat8 to 8.0.47.

Notable changes:

- A fix for CVE-2017-12617.
- Add ExtractingRoot, a new WebResourceRoot implementation that extracts
  JARs to the work directory for improved performance when deploying
  packed WAR files.
- Update the packaged version of the Tomcat Native Library to 1.2.14

Full changelog:

   2017-09-04 15:53:49 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 8.0.46

Tomcat 8.0.46 (violetagg)

    Fix: Additional permission for deleting files is granted to JULI as it is \ 
required by FileHandler when running under a Security Manager. The thread that \ 
cleans the log files is marked as daemon thread. (violetagg)
    Fix: 61229: Correct a regression in 8.0.44 that broke WebDAV handling for \ 
resources with names that included a & character. (markt)
    Fix: 61232: When log rotation is disabled only one separator will be used \ 
when generating the log file name. For example if the prefix is catalina. and \ 
the suffix is .log then the log file name will be catalina.log instead of \ 
catalina..log. Patch provided by Katya Stoycheva. (violetagg)
    Fix: Performance improvements for service loader look-ups (and look-ups of \ 
other class loader resources) when the web application is deployed in a packed \ 
WAR file. (markt)
    Fix: 61253: Add warn message when Digester.updateAttributes throws an \ 
exception instead of ignoring it. (csutherl)
    Fix: 61313: Make the read timeout configurable in the JNDIRealm and ensure \ 
that a read timeout will result in an attempt to fail over to the alternateURL. \ 
Based on patches by Peter Maloney and Felix Schumacher. (markt)
    Add: 61366: Add a new attribute, localDataSource, to the JDBCStore that \ 
allows the Store to be configured to use a DataSource defined by the web \ 
application rather than the default of using a globally defined DataSource. \ 
Patch provided by Jonathan Horowitz. (markt)


    Fix: 61086: Ensure to explicitly signal an empty request body for HTTP 205 \ 
responses. Additional fix to r1795278. Based on a patch provided by Alexandr \ 
Saperov. (violetagg)
    Fix: 61322: Correct two regressions caused by the fix for 60319 when using \ 
BIO with an external Executor. Firstly, use the maxThreads setting from the \ 
Executor as the default for maxConnections if none is specified. Secondly, use \ 
maxThreads from the Executor when calculating the point at which to disable \ 
keep-alive. (markt)
    Fix: Prevent exceptions being thrown during normal shutdown of NIO \ 
connections. This enables TLS connections to close cleanly. (markt)


    Add: 53031: Add support for the fork option when compiling JSPs with the \ 
Jasper Ant task and javac. (markt)


    Add: 57767: Add support to the WebSocket client for following redirects when \ 
attempting to establish a WebSocket connection. Patch provided by J Fernandez. \ 

Web applications

    Fix: Remove references to the Loader attribute searchExternalFirst from the \ 
documentation since the attribute is no longer supported. (markt)
    Fix: Correct the documentation for how StandardRoot is configured. (markt)


    Add: 52791: Add the ability to set the defaults used by the Windows \ 
installer from a configuration file. Patch provided by Sandra Madden. (markt)
   2017-08-15 03:56:21 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 8.0.45

Tomcat 8.0.45 (violetagg)

    Fix: 61101: CORS filter should set Vary header in response. Submitted by \ 
Rick Riemer. (remm)
    Add: 61105: Add a new JULI FileHandler configuration for specifying the \ 
maximum number of days to keep the log files. (violetagg)
    Fix: 61125: Ensure that WarURLConnection returns the correct value for calls \ 
to getLastModified() as this is required for the correct detection of JSP \ 
modifications when the JSP is packaged in a WAR file. (markt)
    Fix: Improve the SSLValve so it is able to handle client certificate headers \ 
from Nginx. Based on a patch by Lucas Ventura Carro. (markt)
    Fix: 61154: Allow the Manager and Host Manager web applications to start by \ 
default when running under a security manager. This was accomplished by adding a \ 
custom permission, org.apache.catalina.security.DeployXmlPermission, that \ 
permits an application to use a META-INF/context.xml file and then granting that \ 
permission to the Manager and Host Manager. (markt)
    Fix: 61173: Polish the javadoc for o.a.catalina.startup.Tomcat. Patch \ 
provided by peterhansson_se. (violetagg)
    Add: A new configuration property crawlerIps is added to the \ 
o.a.catalina.valves.CrawlerSessionManagerValve. Using this property one can \ 
specify a regular expression that will be used to identify crawlers based on \ 
their IP address. Based on a patch provided by Tetradeus. (violetagg)
    Fix: 61180: Log a warning message rather than an information message if it \ 
takes more than 100ms to initialised a SecureRandom instance for a web \ 
application to use to generate session identifiers. Patch provided by Piotr \ 
Chlebda. (markt)
    Fix: 61185: When an asynchronous request is dispatched via \ 
AsyncContext.dispatch() ensure that getRequestURI() for the dispatched request \ 
matches that of the original request. (markt)
    Fix: 61201: Ensure that the SCRIPT_NAME environment variable for CGI \ 
executables is populated in a consistent way regardless of how the CGI servlet \ 
is mapped to a request. (markt)
    Fix: 61215: Correctly define addConnectorPort and \ 
invalidAuthenticationWhenDeny in the mbean-descriptors.xml file for the \ 
org.apache.catalina.valves package so that the attributes are accessible via \ 
JMX. (markt)


    Fix: 61086: Explicitly signal an empty request body for HTTP 205 responses. \ 
    Fix: Revert a change introduced in the fix for bug 60718 that changed the \ 
status code recorded in the access log when the client dropped the connection \ 
from 200 to 500. (markt)
    Fix: Make asynchronous error handling more robust. In particular ensure that \ 
onError() is called for any registered AsyncListeners after an I/O error on a \ 
non-container thread. (markt)


    Fix: 44787: Improve error message when JSP compiler configuration options \ 
are not valid. (markt)
    Fix: 61137: j.s.jsp.tagext.TagLibraryInfo#uri and \ 
j.s.jsp.tagext.TagLibraryInfo#prefix fields should not be final. Patch provided \ 
by Katya Todorova. (violetagg)


    Fix: Correct the log message when a MessageHandler for PongMessage does not \ 
implement MessageHandler.Whole. (rjung)
    Fix: Improve thread-safety of Futures used to report the result of sending \ 
WebSocket messages. (markt)
    Fix: 61183: Correct a regression in the previous fix for 58624 that could \ 
trigger a deadlock depending on the locking strategy employed by the client \ 
code. (markt)

Web applications

    Fix: Better document the meaning of the trimSpaces option for Jasper. (markt)
    Fix: 61150: Configure the Manager and Host-Manager web applications to \ 
permit serialization and deserialization of CRSFPreventionFilter related session \ 
objects to avoid warning messages and/or stack traces on web application stop \ 
and/or start when running under a security manager. (markt)


    Add: 45832: Add HTTP DIGEST authentication support to the Catalina Ant tasks \ 
used to communicate with the Manager application. (markt)
    Fix: 45879: Add the RELEASE-NOTES file to the root of the installation \ 
created by the Tomcat installer for Windows to make it easier for users to \ 
identify the installed Tomcat version. (markt)
    Fix: 61055: Clarify the code comments in the rewrite valve to make clear \ 
that there are no plans to provide proxy support for this valve since Tomcat \ 
does not have proxy capbilities. (markt)
    Fix: 61076: Document the altDDName attribute for the Context element. (markt)
    Fix: Correct typo in Jar Scan Filter Configuration Reference. Issue reported \ 
via comments.apache.org. (violetagg)
    Fix: 61145: Add missing @Documented annotation to annotations in the \ 
annotations API. Patch provided by Katya Todorova. (markt)
    Fix: 61146: Add missing lookup() method to @EJB annotation in the \ 
annotations API. Patch provided by Katya Todorova. (markt)
    Fix: Correct typo in Context Container Configuration Reference. Patch \ 
provided by Katya Todorova. (violetagg)
   2017-05-21 01:43:54 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 8.0.44

Tomcat 8.0.44 (violetagg)

    Add: Allow to exclude JUnit test classes using the build property \ 
test.exclude and document the property in BUILDING.txt. (rjung)


    Fix: 60940: Improve the handling of the META-INF/ and META-INF/MANIFEST.MF \ 
entries for Jar files located in /WEB-INF/lib when running a web application \ 
from a packed WAR file. (markt)
    Fix: Pre-load the ExceptionUtils class. Since the class is used extensively \ 
in error handling, it is prudent to pre-load it to avoid any failure to load \ 
this class masking the true problem during error handling. (markt)
    Fix: Review those places where Tomcat re-encodes a URI or URI component and \ 
ensure that that correct encoding (path differs from query string) is applied \ 
and that the encoding is applied consistently. (markt)
    Fix: Use a more reliable mechanism for the DefaultServlet when determining \ 
if the current request is for custom error page or not. (markt)
    Fix: Ensure that when the Default or WebDAV servlets process an error \ 
dispatch that the error resource is processed via the doGet() method \ 
irrespective of the method used for the original request that triggered the \ 
error. (markt)
    Fix: If a static custom error page is specified that does not exist or \ 
cannot be read, ensure that the intended error status is returned rather than a \ 
404 or 403. (markt)
    Fix: When the WebDAV servlet is configured and an error dispatch is made to \ 
a custom error page located below WEB-INF, ensure that the target error page is \ 
displayed rather than a 404 response. (markt)
    Add: 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch \ 
provided by Justin Williamson. (violetagg)
    Fix: Correct the logic that selects the encoding to use to decode the query \ 
string in the SSIServletExternalResolver so that the useBodyEncodingForURI \ 
attribute of the Connector is correctly taken into account. (markt)
    Fix: 61072: Respect the documentation statements that allow using the \ 
platform default secure random for session id generation. (remm)
    Fix: Correct the javadoc for \ 
o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John \ 
Andrew (XUZHOUWANG) via Github. (violetagg)


    Fix: 60925: Improve the handling of access to properties defined by \ 
interfaces when a BeanELResolver is used under a SecurityManager. (markt)
    Update: 61057: Update to Eclipse JDT Compiler 4.6.3. (violetagg)
    Fix: 61065: Ensure that once the class is resolved by \ 
javax.el.ImportHandler#resolveClass it will be cached with the proper name. \ 


    Fix: 61003: Ensure the flags for reading/writing in \ 
o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some \ 
exceptions occurred during processing. (markt/violetagg)

Web applications

    Add: Document test.threads option in BUILDING.txt. (kkolinko, rjung)
    Add: Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)


    Code: Refactor the creating a constructor for a proxy class to reduce \ 
duplicate code. (kfujino)
    Fix: In StatementFacade, the method call on the statements that have been \ 
closed throw SQLException rather than NullPointerException. (kfujino)


    Fix: Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers \ 
via Github. (violetagg)
    Fix: 60932: Correctly escape single quotes when used in i18n messages. Based \ 
on a patch by Michael Osipov. (markt)
    Fix: Update the custom Ant task that integrates with the Symantec code \ 
signing service to use the now mandatory 2-factor authentication. (markt)
   2017-04-10 12:38:20 by Ryo ONODERA | Files touched by this commit (1)
Log message:
apache-tomcat8 is for 8.0.x
   2017-04-10 12:33:43 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 8.0.43

Tomcat 8.0.43 (violetagg)

    Add: 54618: Add support to the HttpHeaderSecurityFilter for the HSTS preload \ 
parameter. (markt)
    Fix: 60876: Ensure that Set-Cookie headers generated by the \ 
Rfc6265CookieProcessor are aligned with the specification. Patch provided by Jim \ 
Griswold. (markt)
    Fix: 60911: Ensure NPE will not be thrown when looking for SSL session ID. \ 
Based on a patch by Didier Gutacker. (violetagg)


    Fix: When using the NIO2 connector, ensure a WebSocket close frame is \ 
processed before the end of stream is processed to ensure that the end of stream \ 
is processed correctly. (markt)
    Fix: 60852: Correctly spell compressible when used in configuration \ 
attributes and internal code. Based on a patch by Michael Osipov. (markt)
    Fix: Improve sendfile handling when requests are pipelined. (markt)


    Fix: Improve the error handling for simple tags to ensure that the tag is \ 
released and destroyed once used. (remm, violetagg)
    Fix: 60844: Correctly handle the error when fewer parameter values than \ 
required by the method are used to invoke an EL method expression. Patch \ 
provided by Daniel Gray. (markt)


    Fix: 60764: Implement equals() and hashCode() in the StatementFacade in \ 
order to enable these methods to be called on the closed statements if any \ 
statement proxy is set. This behavior can be changed with useStatementFacade \ 
attribute. (kfujino)


    Fix: Refactor the build script and the NSIS installer script so that either \ 
NSIS 2.x or NSIS 3.x can be used to build the installer. This is primarily to \ 
re-enable building the installer on the Linux based CI system where the \ 
combination of NSIS 3.x and wine leads to failed installer builds. (markt)

2017-03-14 Tomcat 8.0.42 (markt)

    Update: 60596: Improve performance of DefaultServlet when sendfile feature \ 
is disabled on connector. (kkolinko)
    Fix: Reduce the contention in the default InstanceManager implementation \ 
when multiple threads are managing objects and need to reference the annotation \ 
cache. (markt)
    Add: Extend the JreMemoryLeakPreventionListener to provide protection \ 
against ForkJoinPool.commonPool() related memory leaks. (markt)
    Code: 60674: Remove final marker from CorsFilter to enable sub-classing. (markt)
    Fix: 60683: Security manager failure causing NPEs when doing IO on some \ 
JVMs. (csutherl)
    Fix: 60688: Update the internal fork of Apache Commons BCEL to r1782855 to \ 
add early access Java 9 support to the annotation scanning code. (markt)
    Fix: When HTTP TRACE requests are disabled on the Connector, ensure that the \ 
HTTP OPTIONS response from the WebDAV servlet does not include TRACE in the \ 
returned Allow header. (markt)
    Fix: 60718: Improve error handling for asynchronous processing and correct a \ 
number of cases where the requestDestroyed() event was not being fired and an \ 
entry wasn't being made in the access logs. (markt)
    Fix: 60722: Take account of the dispatchersUseEncodedPaths setting on the \ 
current Context when generating paths for dispatches triggered by \ 
AsyncContext.dispatch(). (markt)
    Fix: 60728: Make the separator Tomcat uses in the Tomcat specific \ 
war:file:... URL protocol customizable via a system property. The separator is \ 
equivalent to the use of the ! character in jar:file:... URLs. The default \ 
separator of * remains unchanged. (markt)
    Fix: 60798: Correct a bug in the handling of JARs in unpacked WARs that \ 
meant multiple attempts to read the same entry from a JAR in succession would \ 
fail for the second and subsequent attempts. (markt)
    Fix: 60808: Ensure that the Map returned by ServletRequest.getParameterMap() \ 
is fully immutable. Based on a patch provided by woosan. (markt)
    Fix: 60824: Correctly cache the Subject in the session - if there is a \ 
session - when running under a SecurityManager. Patch provided by Jan \ 
Engehausen. (markt)
    Fix: Ensure request and response facades are used when firing application \ 
listeners. (markt/remm)


    Fix: Ensure that executor thread pools used with connectors pre-start the \ 
configured minimum number of idle threads. (markt)
    Add: 60594: Allow some invalid characters that were recently restricted to \ 
be processed in requests by using the system property \ 
tomcat.util.http.parser.HttpParser.requestTargetAllow. (csutherl)
    Fix: Modify the cookie header generated by the Rfc6265CookieProcessor so it \ 
always sends an Expires attribute as well as a Max-Age attribute to avoid \ 
problems with Microsoft browsers that do not support the Max-Age attribute. \ 


    Fix: Follow up to the fix for 58178. When creating the ELContext for a tag \ 
file, ensure that any registered ELContextListeners are fired. (markt)
    Fix: Refactor code generated for JSPs to reduce the size of the code \ 
required for tags. (markt)
    Update: Update to the Eclipse JDT Compiler 4.6.1. (markt)


    Add: Make the accessTimeout configurable in ClusterSingleSignOn. The \ 
accessTimeout is used as a timeout period for PING in replication map. (kfujino)
    Fix: 60806: To avoid ClassNotFoundException, make sure that the web \ 
application class loader is passed to ReplicatedContext. (kfujino)


    Fix: 60617: Correctly create a CONNECT request when establishing a WebSocket \ 
connection via a proxy. Patch provided by Svetlin Zarev. (markt)


    Fix: Ensure that NoRpcChannelReply messages are not received on RpcCallback. \ 


    Update: Update the packaged version of the Tomcat Native Library to 1.2.12 \ 
to pick up the latest Windows binaries built with OpenSSL 1.0.2k. (violetagg)
    Add: 60784: Update all unit tests that test the HTTP status line to check \ 
for the required space after the status code. Patch provided by Michael Osipov. \ 
    Update: Update the NSIS Installer used to build the Windows installer to \ 
version 3.01. (markt)