2020-01-13 08:48:10 by Ryo ONODERA | Files touched by this commit (3) | |
Log message:
apache-tomcat9: Update to 9.0.30
Changelog:
Tomcat 9.0.30 (markt)
Catalina
Add: 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and \
friends. (michaelo)
Fix: 63964: Correct a regression in the static resource caching changes \
introduced in 9.0.28. URLs constructed from URLs obtained from the cache could \
not be used to access resources. (markt)
Fix: 63970: Correct a regression in the static resource caching changes \
introduced in 9.0.28. Connections to URLs obtained for JAR resources could not \
be cast to JarURLConnection. (markt)
Add: 63937: Add a new attribute to the standard Authenticator \
implementations, allowCorsPreflight, that allows the Authenticators to be \
configured to allow CORS preflight requests to bypass authentication as required \
by the CORS specification. (markt)
Fix: 63939: Correct the same origin check in the CORS filter. An origin with \
an explicit default port is now considered to be the same as an origin without a \
deafult port and origins are now compared in a case-sensitive manner as required \
by the CORS specification. (markt)
Fix: 63981: Allow multiple calls to Registry.disableRegistry() without the \
second and subsequent calls triggering the logging of a warning. Based on a \
patch by Andy Wilkinson. (markt)
Fix: 63982: CombinedRealm makes assumptions about principal implementation \
(michaelo)
Fix: 63983: Correct a regression in the static resource caching changes \
introduced in 9.0.28. A large number of file descriptors were opened that could \
reach the OS limit before being released by GC. (markt)
Update: 63987: Deprecate Realm.getRoles(Principal). (michaelo)
Code: Add a unit test for the session FileStore implementation and refactor \
loops in FileStore to use the ForEach style. Pull request provided by Govinda \
Sakhare. (markt)
Update: Moved server-side include (SSI) module into a separate JAR library. \
(schultz)
Fix: Refactor FORM authentication to reduce duplicate code and to ensure \
that the authenticated Principal is not cached in the session when caching is \
disabled. (markt)
Coyote
Fix: Fix endpoint closeSocket and destroySocket discrepancies, in particular \
in the APR connector. (remm)
Fix: Harmonize maxConnections default value to 8192 across all connectors. (remm)
Fix: 63931: Improve timeout handling for asyncIO to ensure that blocking \
operations see a SocketTimeoutException if one occurs. (remm/markt)
Fix: 63932: By default, do not compress content that has a strong ETag. This \
behaviour is configuration for the HTTP/1.1 and HTTP/2 connectors via the new \
Connector attribute noCompressionStrongETag. (markt)
Fix: 63949: Fix non blocking write problems with NIO due to the need for a \
write loop. (remm)
Fix: Simplify regular endpoint writes by removing write(Non)BlockingDirect. \
All regular writes will now be buffered for a more predictable behavior. (remm)
Fix: Send an exception directly to the completion handler when a timeout \
exception occurs for the operation, and add a boolean to make sure the \
completion handler is called only once. (remm/markt)
WebSocket
Fix: Ensure a couple of very unlikely concurrency issues are avoided when \
writing WebSocket messages. (markt)
Web applications
Fix: Fix the broken re-try link on the error page for the FORM \
authentication example in the JSP section of the examples web application. \
(markt)
Add: Improvements to CsrfPreventionFilter: additional logging, allow the \
CSRF nonce request parameter name to be customized. (schultz)
Fix: Correct the documentation for the maxConnections attribute of the \
Connector in the documentation web application. (markt)
Add: Add the ability to set and display session attributes in the JSP FORM \
authentication example to demonstrate session persistence across restarts for \
authenticated sessions. (markt)
Other
Fix: Correct the fix for 63815 (quoting the use of CATALINA_OPTS and \
JAVA_OPTS when used in shell scripts to avoid the expansion of *) as it caused \
various regressions, particularly with daemon.sh. (markt)
Update: Update the OWB module to Apache OpenWebBeans 2.0.13. (remm)
Update: Support Java 11 in Graal Native Images with Graal 19.3+. (remm)
Add: Expand the search made by the Windows installer for a suitable Java \
installation to include the 64-bit JDK registry entries and the JAVA_HOME \
environment variable. Pull request provided by Alexander Norz. (markt)
Add: Expand the coverage of the Korean translations provided with Apache \
Tomcat. (woonsan)
Add: Expand the coverage of the French translations provided with Apache \
Tomcat. (remm)
Add: Expand the coverage of the Chinese translations provided with Apache \
Tomcat. Contributions provided by lins and 磊. (markt)
Add: Update the internal fork of Apache Commons BCEL to ff6941e (2019-12-06, \
6.4.2-dev). Code clean-up only. (markt)
Add: Update the internal fork of Apache Commons Codec to 9637dd4 \
(2019-12-06, 1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt)
Add: Update the internal fork of Apache Commons FileUpload to 2317552 \
(2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt)
Add: Update the internal fork of Apache Commons Pool 2 to 6092f92 \
(2019-12-06, 2.8.0-SNAPSHOT). Clean-up and minor refactoring. (markt)
Add: Update the internal fork of Apache Commons DBCP 2 to a36390 \
(2019-12-06, 2.7.1-SNAPSHOT). Minor refactoringremote RMI registry creation. \
(remm)
Add: Improvement to CsrfPreventionFilter: expose the latest available nonce \
as a request attribute; expose the expected nonce request parameter name as a \
context attribute. (schultz)
Coyote
Add: 63835: Add suormance of the HTTP and AJP connectors if socket.txBufSize \
is configured with an explicit value rather than using the JVM default. (markt)
Other
Fix: Improve OWB module based using custom shade appender. (remm)
Fix: Add security filter in OWB mo error occurs on stop. (remm)
Add: Add more details on the usage of RewriteMap functionality in the \
RewriteValve. (fschumacher)
Fix: 63836 Ensure that references to the Host object are cleared once the \
Host instance is destroyed. (markt)
Fix: static files (including JSP files) goes via the cache so that a \
consistent view of the static files is seen. Prior to this change it was \
possible to see an updated last modified time but the content would be that \
prior to the modification. (markt)
Update: 63905 Clean up Tomcat CSS. (michaelo)
Fix: 63909: When the ExpiresFilter is used without a default and the \
response is served by the Default Servlet, ensure that the filter processes the \
response if the Default Servlet sets a 304 (Not Found) status code. (markt)
Coyote
Fix: Ensure that ServletRequest.isAsyncStarted() returns false once \
AsyncContext.complete() or AsyncContext.dispatch() has been called during \
AsyncListener.onTimeout() or AsyncListener.onError(). (markt)
Fix: 63816 and 63817: Correctly handle I/O errors after asynchronous \
processing has been started but before the container thread that started \
asynchronous processing has completed processing the current request/response. \
(markt)
Fix: 63825: When processing the Expect and Connection HTTP headers looking \
for a specific token, be stricter in ensuring that the exact token is present. \
(markt)
Fix: 63829: Improve the check of the Content-Encoding header when looking to \
see if Tomcat is serving pre-compressed content. Ensure that only a full token \
is matched and that the match is case insensitive. (markt)
Fix: 63864: Refactor parsing of the transfer-encoding request header to use \
the shared parsing code and reduce duplication. (markt)
Fix: 63865: Add Unset option to same-site cookies and pass through None \
value if set by user. Patch provided by John Kelly. (markt)
Fix: 63879: Remove stack trace from debug logging on socket wrapper close. (remm)
Update: Add connection tracking on the connector endpoint to remove \
excessive concurrency in the protocol handler when maintaining an association \
between the socket wrapper and its current processor. (remm)
Fix: 63894: Ensure that the configured values for certificateVerification \
and certificateVerificationDepth are correctly passed to the OpenSSL based \
SSLEngine implementation. (remm/markt)
Fix: Improve cleanup after errors when setting socket options. (remm)
Fix: Do not perform a blocking read after a CPING message is received by the \
AJP connector because, if the JK Connector is configured with \
ping_mode="I", the CPING message will not always be followed by the \
start of a request. (markt)
Fix: Properly calculate all dynamic parts of the ErrorReportValve response \
on the fly in org.apache.coyote.http2.TestHttp2InitialConnection. (michaelo)
Jasper
Fix: 63897: Capture the timestamp of a JSP for the purposes of modification \
tracking before the JSP is compiled to prevent a race condition if the JSP is \
modified during compilation. Patch provided by Karl von Randow. (markt)
Fix: Fix a race condition that could mean changes to a modified JSP were not \
visible to end users. (markt)
WebSocket
Fix: 63913: Wrap any NullPointerExceptions throw by the Inflater or Deflater \
used by the PerMessageDeflate extension in an IOException so that the error can \
be caught and handled by the WebSocket error handling mechanism. (markt)
Web applications
Fix: Correct the description of the default value for the server attribute \
in the security How-To. (markt)
Other
Fix: 63815: Quote the use of CATALINA_OPTS and JAVA_OPTS when used in shell \
scripts to avoid the expansion of *. Note that any newlines present in \
CATALINA_OPTS and/or JAVA_OPTS will no longer removed. (markt)
Fix: 63826: Remove commons-daemon-native.tar.gz and tomcat-native.tar.gz \
from the binary zip distributions for Windows since compiled versions of those \
components are already included within the zip distributions. (markt)
Fix: 63838: Suppress reflexive access warnings when running the unit tests \
on the command line. (markt)
Fix: Add missing charsets from the HPE JVM on HP-UX to pass unit tests in \
org.apache.tomcat.util.buf.TestCharsetCache. (michaelo)
Update: Update the CXF module to Apache CXF 3.3.4. (remm)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Japanese translations provided \
with Apache Tomcat. Patch provided by motohashi.yuki. (markt)
Add: Expand the coverage and quality of the Simplified Chinese translations \
provided with Apache Tomcat. Contributions provided by rpo130, Mason Shen, \
leeyazhou, winsonzhao, qingshi huang, Lay, Shucheng Hou and Yanming Zhou. \
(markt)
Add: Expand the coverage and quality of the Brazilian Portuguese \
translations provided with Apache Tomcat. Patch provided by Danielamorais. \
(markt)
2019-10-11 Tomcat 9.0.27 (markt)
Catalina
Fix: Correct a regression introduced in 9.0.25 that prevented configuration \
files from being loaded from the class path. (markt)
Coyote
Fix: Use URL safe base 64 encoding rather than standard base 64 encoding \
when generating or parsing the HTTP2-Settings header as part of an HTTP upgrade \
to h2c as required by RFC 7540. (markt)
Fix: 63765: NIO2 should try to unwrap after TLS handshake to avoid edge \
cases. (remm)
Fix: 63766: Ensure Processor objects are recycled when processing an HTTP \
upgrade connection that terminates before processing switches to the Processor \
for the upgraded protocol. (markt)
Fix: Fix a memory leak introduced by the HTTP/2 timeout refactoring in \
9.0.23 that could occur when HTTP/2 or WebSocket was used. (markt)
Jasper
Update: Update to the Eclipse JDT compiler 4.13. (markt)
Fix: Add GraalVM specific ELResolver to avoid BeanInfo use in BeanElResolver \
if possible, as it needs manual reflection configuration. (remm)
Fix: 63781: When performing various checks related to the visibility of \
classes, fields an methods in the EL implementation, also check that the \
containing module has been exported. (markt)
Web Socket
Fix: 63753: Ensure that the Host header in a Web Socket HTTP upgrade request \
only contains a port if a non-default port is being used. (markt)
Fix: When running on Java 9 and above, don't attempt to instantiate \
WebSocket Endpoints found in modules that are not exported. (markt)
Web Applications
Add: Add base GraalVM documentation. (remm)
Add: Add Javadoc for the Common Annotations API implementation. (markt)
Fix: Correct various typos in the comments, error messages and Javadoc. \
Patch provided by 康智冬. (markt)
jdbc-pool
Fix: When connections are validated without an explicit validation query, \
ensure that any transactions opened by the validation process are committed. \
Patch provided by Pascal Davoust. (markt)
Other
Code: Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was \
only used for unit tests in org.apache.tomcat.util.net.TesterSupport and has \
been moved there. (rjung)
Fix: 63759: When installing Tomcat with the Windows installer, grant \
sufficient privileges to enable the uninstaller to execute when user account \
control is active. (markt)
Add: Use a build property to define the minimum supported Java version and \
use that build property to reduce the number of edits required to update the \
minimum supported Java version. (markt)
Update: Update the OWB module to Apache OpenWebBeans 2.0.12. (remm)
Update: Update the CXF module to Apache CXF 3.3.3. (remm)
Update: 63767: Update to Commons Daemon 1.2.2. This corrects a regression in \
Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on start \
when running on an operating system that had not been fully updated. (markt)
|
2019-10-04 15:54:43 by Ryo ONODERA | Files touched by this commit (3) |
Log message:
Update to 9.0.26
Changelog:
Tomcat 9.0.26 (markt)
Oher
Fix: Re-tagged to ensure that the source file for the changelog did not \
contain an XML byte order mark. (markt)
not released Tomcat 9.0.25 (markt)
Catalina
Fix: Avoid a possible InvalidPathException when obtaining a URI for a \
configuration file. (markt)
Fix: 63684: Wrapper never passed to RealmBase.hasRole() for given security \
constraints. (michaelo)
Fix: 63740: Ensure configuration files are loaded correctly when a Host is \
configured with an xmlBase. Patch provided by uk4sx. (markt)
Fix: Avoid a potential NullPointerException on Service stop if a Service is \
embedded directly (i.e. with no Server) in an applciation and JNDI is enabled. \
Patch provided by S. Ali Tokmen. (markt)
Add: Add a new PropertySource implementation, EnvironmentPropertySource, \
that can be used to do property replacement in configuration files with \
environment variables. Based on a pull request provided by Thomas Meyer. (markt)
Coyote
Fix: 63682: Fix a potential hang when using the asynchronous Servlet API to \
write the response body and the stream and/or connection window reaches 0 bytes \
in size. (markt)
Fix: 63690: Use the average of the current and previous sizes when \
calculating overhead for HTTP/2 DATA and WINDOW_UPDATE frames to avoid false \
positives as a result of client side buffering behaviour that causes a small \
percentage of non-final DATA frames to be smaller than expected. (markt)
Fix: 63706: Avoid NPE accessing https port with plaintext. (remm)
Fix: Correct typos in the names of the configuration attributes \
overheadDataThreshold and overheadWindowUpdateThreshold. (markt)
Fix: If the HTTP/2 connection requires an initial window size larger than \
the default, send a WINDOW_UPDATE to increase the flow control window for the \
connection so that the initial size of the flow control window for the \
connection is consistent with the increased value. (markt)
Fix: 63710: When using HTTP/2, ensure that a content-length header is not \
set for those responses with status codes that do not permit one. (markt)
Fix: 63737: Correct various issues when parsing the accept-encoding header \
to determine if gzip encoding is supported including only parsing the first \
header found. (markt)
Jasper
Fix: 63724: Correct a regression introduced in 9.0.21 that broke compilation \
of JSPs in some configurations. (markt)
Web applications
Fix: Correct the source code links on the index page for the ROOT web \
application to point to Git rather than Subversion. (markt)
Fix: Fix various issues with the Javadoc generated for the documentation web \
application to enable release builds to be built with Java 10 onwards. (markt)
Fix: 63733: Remove the documentation for the "Additional \
Components" since they have been remove / merged into the core Tomcat \
distribution for 9.0.5 onwards. (markt)
Fix: 63739: Correct the invalid Automatic-Module-Name manifest entries for \
the Tomcat provided JARs included in the Tomcat embedded distribution. (markt)
Fix: Fix a large number of Javadoc and documentation typos. Patch provided \
by KangZhiDong. (markt)
Fix: Spelling and formatting corrections for the cluster how-to. Pull \
request provided by Bill Mitchell. (markt)
Other
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Simplified Chinese translations \
provided with Apache Tomcat. Includes contributions by leeyazhou and 康智冬. \
(markt)
Fix: 62140: Additional usage documentation in comments for \
catalina.[bat|sh]. (markt)
Fix: Fix JSSE_OPTS quoting in catalina.bat. Contributed by Peter Uhnak. \
(fschumacher)
Update: 63625: Update to Commons Daemon 1.2.1. This corrects several \
regressions in Commons Daemon 1.2.1, most notably the Windows Service crashing \
on start when using 32-bit JVMs. (markt)
Fix: 63689: Correct a regression in the fix for 63285 that meant that when \
installing a service, the service display name was not set. (markt)
Fix: When performing a silent install with the Windows Installer, ensure \
that the registry entires are added to the 64-bit registry when using a 64-bit \
JVM. (markt)
Fix: Remove unused i18n messages and associated translations. Patch provided \
by KangZhiDong. (markt)
Add: Expand the coverage and quality of the Korean translations provided \
with Apache Tomcat. (woonsan)
2019-08-17 Tomcat 9.0.24 (markt)
Coyote
Code: Remove the code in the sendfile poller that ensured smaller pollsets \
were used with older, no longer supported versions of Windows that could not \
support larger pollsets. (markt)
not released Tomcat 9.0.23 (markt)
Catalina
Update: 63627: Implement more fine-grained handling in \
RealmBase.authenticate(GSSContext, boolean). (michaelo)
Add: 62496: Add option to write auth information (remote user/auth type) to \
response headers. (michaelo)
Add: 57665: Add support for the X-Forwarded-Host header to the \
RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63550: Only try the alternateURL in the JNDIRealm if one has been \
specified. (markt)
Add: 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter \
(michaelo)
Fix: If an unhandled exception occurs on a asynchronous thread started via \
AsyncContext.start(Runnable), process it using the standard error page \
mechanism. (markt)
Fix: Discard large byte buffers allocated using setBufferSize when recycling \
the request. (remm)
Fix: 63579: Correct parsing of malformed OPTIONS requests and reject them \
with a 400 response rather than triggering an internal error that results in a \
500 response. (markt)
Fix: 63608: Align the implementation of the negative match feature for \
patterns used with the RewriteValve with the description in the documentation. \
(markt)
Fix: Avoid a NullPointerException in the CrawlerSessionManagerValve if no \
ROOT Context is deployed and a request does not map to any of the other deployed \
Contexts. Patch provided by Jop Zinkweg. (markt)
Fix: 63636: Context.findRoleMapping() never called in \
StandardWrapper.findSecurityReference(). (michaelo)
Coyote
Code: Refactor the APR poller to always use a single pollset now that the \
Windows operating systems that required multiple smaller pollsets to be used are \
no longer supported. (markt)
Fix: 63524: Improve the handling of PEM file based keys and certificates \
that do not include a full certificate chain when configuring the internal, \
in-memory key store. Improve the handling of PKCS#1 formatted private keys when \
configuring the internal, in-memory key store. (markt)
Update: Add callback when finishing the set properties rule in the digester. \
(remm)
Fix: 63570: Fix regression retrieving local address with the NIO connector. \
Submitted by Aditya Kadakia. (remm)
Fix: 63568: Avoid error when trying to set tcpNoDelay on socket types that \
do not support it, which can occur when using the NIO inherited channel \
capability. Submitted by František Kučera. (remm)
Fix: Correct parsing of invalid host names that contain bytes in the range \
128 to 255 and reject them with a 400 response rather than triggering an \
internal error that results in a 500 response. (markt)
Fix: 63571: Allow users to configure infinite TLS session caches and/or \
timeouts. (markt)
Fix: 63578: Improve handling of invalid requests so that 400 responses are \
returned to the client rather than 500 responses. (markt)
Fix: Fix h2spec test suite failure. It is an error if a Huffman encoded \
string literal contains the EOS symbol. (jfclere)
Add: Connections that fail the TLS handshake will now appear in the access \
logs with a 400 status code. (markt)
Fix: Timeouts for HTTP/2 connections were not always correctly handled \
leaving some connections open for longer than expected. (markt)
Fix: 63650: Refactor initialisation for JSSE based TLS connectors to enable \
custom JSSE providers that provide custom cipher suites to be used. (markt)
Add: Expand the HTTP/2 excessive overhead protection to cover various forms \
of abusive client behaviour and close the connection if any such behaviour is \
detected. (markt)
Fix: Fix a crash on shutdown with the APR/native connector when a blocking \
I/O operation was still in progress when the connector stopped. (markt)
Cluster
Fix: Avoid failing Kubernetes membership (and preventing startup) if the \
stream cannot be opened, to get the same behavior as the DNS based membership. \
The namespace is still a failure on startup but it is easy to provide. (remm)
Fix: Avoid non fatal NPEs with Tribes when JMX is not available. (remm)
Fix: Make Kube environment optional for Kube memberships, for easier testing \
and Graal training. A warn log will occur if the environment is not present. \
(remm)
Web applications
Fix: 63597: Update the custom 404 error page for the Host Manager to take \
account of previous refactoring so that the page is used for 404 errors rather \
than falling back to the default error page. (markt)
Other
Fix: JNDI support for GraalVM native images. (remm)
Fix: JSP runtime library support for GraalVM native images. (remm)
Fix: java.util.logging configuration for GraalVM native images. (remm)
Update: Update Checkstyle to 8.22. (markt)
Update: 62696: The digital signature for the Windows installer now uses \
SHA-256 for hashes. (markt)
Update: 63310: Update to Commons Daemon 1.2.0. This provides improved \
support for Java 11. This also changes the user configured by the Windows \
installer for the Windows service from Local System to the lower privileged \
Local Service. (markt)
Fix: 55969: Tighten up the security of the Apache Tomcat installation \
created by the Windows installer. Change the default shutdown port used by the \
Windows installer from 8005 to -1 (disabled). Limit access to the chosen \
installation directory to local administrators, Local System and Local Service. \
(markt)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
Add: 63285: Add an option to service.bat so that when installing a Windows \
service, the name of the executables used by the Windows service may be changed \
to match the service name. This makes the installation behaviour consistent with \
the Windows installer. The original executable names will be restored when the \
Windows service is removed. The renaming can be enabled by using the new \
--rename option after the service name. (markt)
Fix: 63567: Restore the passing of $LOGGING_MANAGER to the jvm in \
catalina.sh when calling stop. (markt)
Fix: Correct broken OSGi data in JAR file manifests. (markt)
Fix: Add "embed" to the Bundle-Name and Bundle-Symbolic-Name for \
the Tomact embedded WebSocket JAR to align the naming with the other embedded \
JARs and to differentiate it from the standard WebSocket JAR that does not \
include the API classes. (markt)
Fix: 63555: Add Automatic-Module-Name entries for each of the Tomcat \
provided JARs included in the Tomcat embedded distribution. (markt)
Update: Update dependency on bnd to 4.2.0. (markt)
Update: Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) to \
pick up the fix for CODEC-134. (markt)
Update: Update the internal fork of Commons Pool2 to 796e32d (2018-08-01) to \
pick up the changes Commons Pool2 2.7.0. (markt)
Update: Update the internal fork of Commons DBCP2 to 87d9e3a (2018-08-01) to \
pick up the changes Commons DBCP2 2.7.0 and DBCP-555. (markt)
Update: 63648: Update the test TLS keys and certificates used in the test \
suite to replace the keys and certificates that are about to expire. (markt)
|
2019-07-15 16:32:15 by Ryo ONODERA | Files touched by this commit (3) | |
Log message:
Update to 9.0.22
Changelog:
Tomcat 9.0.22 (markt)
Catalina
Fix: Improve parsing of Range request headers. (markt)
Fix: Range headers that specify a range unit Tomcat does not recognise \
should be ignored rather than triggering a 416 response. Based on a pull request \
by zhanhb. (markt)
Fix: When comparing a date from a If-Range header, an exact match is \
required. Based on a pull request by zhanhb. (markt)
Fix: Add an option to the default servlet to disable processing of PUT \
requests with Content-Range headers as partial PUTs. The default behaviour \
(processing as partial PUT) is unchanged. Based on a pull request by zhanhb. \
(markt)
Fix: Improve parsing of Content-Range headers. (markt)
Update: Update the recommended minimum Tomcat Native version to 1.2.23. (markt)
Coyote
Fix: Remove a source of potential deadlocks when using HTTP/2 when the \
Connector is configured with useAsyncIO as true. (markt)
Fix: 63523: Restore SSLUtilBase methods as protected to preserve \
compatibility. (remm)
Fix: Fix typo in UTF-32LE charset name. Patch by zhanhb vi Github. (fschumacher)
Fix: Once a URI is identified as invalid don't attempt to process it \
further. Based on a PR by Alex Repert. (markt)
Fix: Fix to avoid the possibility of long poll times for individual pollers \
when using mutliple pollers with APR. (markt)
Fix: Refactor the fix for 63205 so it only applies when using PKCS12 \
keystores as regressions have been reported with some other keystore types. \
(markt)
Jasper
Add: Include file names if SMAP processor is unable to delete or rename a \
class file during SMAP generation. (markt)
Update: Update to the Eclipse JDT compiler 4.12. (markt)
WebSocket
Fix: 63521: As required by the WebSocket specification, if a POJO that is \
deployed as a result of the SCI scan for annotated POJOs is subsequently \
deployed via the programmatic API ignore the programmatic deployment. (markt)
Other
Fix: Switch the check for terminal availability to test for stdin as using \
stdout does not work when output is piped to another process. Patch provided by \
Radosław Józwik. (markt)
Add: Add user buildable optional modules for easier CDI 2 and JAX-RS \
support. Also include a new documentation page describing how to use it. (remm)
2019-06-07 Tomcat 9.0.21 (markt)
Catalina
Add: 57287: Add file sorting to DefaultServlet (schultz)
Fix: Fix --no-jmx flag processing, which was called after registry \
initialization. (remm)
Fix: Ensure that a default request character encoding set on a \
ServletContext is used when calling ServletRequest#getReader(). (markt)
Fix: Make a best efforts attempt to clean-up if a request fails during \
processing due to an OutOfMemoryException. (markt)
Fix: Improve the BoM detection for static files handled by the default \
servlet for the rarely used UTF-32 encodings. Identified by Coverity Scan. \
(markt)
Fix: Ensure that the default servlet reads the entire global XSLT file if \
one is defined. Identified by Coverity Scan. (markt)
Fix: Avoid potential NullPointerException when generating an HTTP Allow \
header. Identified by Coverity Scan. (markt)
Code: Add Context.createInstanceManager() for easier framework integration. \
(remm)
Code: Add utility org.apache.catalina.core.FrameworkListener to allow \
replicating adding a Listener to context.xml in a programmatic way. (remm)
Code: Move Container.ADD_CHILD_EVENT to before the child container start, \
and Container.REMOVE_CHILD_EVENT to before removal of the child from the \
internal child collection. (remm)
Add: Remove any fragment included in the target path used to obtain a \
RequestDispatcher. The requested target path is logged as a warning since this \
is an application error. (markt)
Coyote
Fix: NIO poller seems to create some unwanted concurrency, causing rare CI \
test failures. Add sync when processing async operation to avoid this. (remm)
Fix: Fix concurrency issue that lead to incorrect HTTP/2 connection timeout. \
(remm/markt)
Fix: Avoid useless exception wrapping in async IO. (remm)
Fix: 63412: Security manager failure when using the async IO API from a \
webapp. (remm)
Fix: Remove acceptorThreadCount Connector attribute, one accept thread is \
sufficient. As documented, value 2 was the only other sensible value, but \
without and impact beyond certain microbenchmarks. (remm)
Fix: Avoid possible NPEs on connector stop. (remm)
Update: Remove pollerThreadCount Connector attribute for NIO, one poller \
thread is sufficient. (remm)
Add: Add async IO for APR connector for consistency, but disable it by \
default due to low performance. (remm)
Fix: Avoid blocking write of internal buffer when using async IO. (remm)
Code: Refactor async IO implementation to the SocketWrapperBase. (remm)
Update: Refactor SocketWrapperBase close using an atomic boolean and a \
doClose method that subclasses will implement, with a guarantee that it will be \
run only once. (remm)
Fix: Decouple the socket wrapper, which is not recycled, from the NIOx \
channel after close, and replace it with a dummy static object. (remm)
Fix: Clear buffers on socket wrapper close. (remm)
Fix: NIO2 failed to properly close sockets on connector stop. (remm)
Update: Reduce the default for maxConcurrentStreams on the Http2Protocol \
from 200 to 100 to align with typical defaults for HTTP/2 implementations. \
(markt)
Update: Reduce the default HTTP/2 header list size from 4GB to 32kB to align \
with typical HTTP/2 implementations. (markt)
Add: Add support for same-site cookie attribute. Patch provided by John \
Kelly. (markt)
Fix: Drop legacy NIO double socket close (close channel, then close socket). \
(remm)
Fix: Fix HTTP/2 end of stream concurrency with async. (remm)
Fix: Correct a bug in the stream flushing code that could lead to multiple \
threads processing the stream concurrently which in turn could cause errors \
processing the stream. (markt)
Cluster
Fix: 62841: Refactor the DeltaRequest serialization to reduce the window \
during which the DeltaSession is locked and to remove a potential cause of \
deadlocks during serialization. (markt)
Fix: 63441: Further streamline the processing of session creation messages \
in the DeltaManager to reduce the possibility of a session update message being \
processed before the session has been created. (markt)
WebSocket
d: Expand the explanation of how deprecated TLS configuration attributes are \
converted to the new TLS configuration style. (markt)
Tribes
Fix: Treat NoRouteToHostException the same way as SocketTimeoutException \
when checking the health of group membaven packaging. (remm)
Fix: 63403: Fix TestHttp2InitialConnection test failures when running with a \
non-English locale. (kkolinko)
Fix: Add Graal JreCompat, and use it to disable JMX and URL stream handlers. \
(remm)
Add: Expand the coverage and Expand the coverage and quality of the \
Simplified Chinese translations provided with Apache Tomcat. Includes \
contributions by 諵. (markt)
Fix: Use the test command to check for terminal availability rather than the \
tty command since the tty based te
Fix: Fix some edge cases where the docBase was not being set using a \
canonical path which in turn meant resource URLs were not being constructed as \
expected. (markt)
Fix: Fix a potential resource leak when executing CGI scripts from a WAR \
file. Identified by Coverity scan. (markt)
Fix: Fix a potential concurrency issue in the StringCache identified by \
Coverity scan. (markt)
Fix: Fix a potential concurrency issue in the main Sendfile thread of the \
APR connector. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when running a web application from a WAR \
file. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on some exception paths in the \
DataSourceRealm. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on an exception path when parsing JSP \
files. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when a JNDI lookup returns an object of \
an in compatible class. Identified by Coverity scan. (markt)
Code: Refactor ManagerServlet to avoid loading classes when filtering JNDI \
resources for resources of a specified type. (markt)
Fix: 63324: Refactor the CrawlerSessionManagerValve so that the object \
placed in the session is compatible with session serialization with mem-cached. \
Patch provided by Martin Lemanski. (markt)
Add: 63358: Expand the throwOnFailure support in the Connector to include \
the adding of a Connector to a running Service. (markt)
Add: 63361: Add a new method (Registry.disableRegistry()) that can be used \
to disable JMX registration of Tomcat components providing it is called before \
the first component is registered. (markt)
Fix: Avoid OutOfMemoryErrors and ArrayIndexOutOfBoundsExceptions when \
accessing large files via the default servlet when resource caching has been \
disabled. (markt)
Fix: Avoid a NullPointerException when a Context is defined in server.xml \
with a docBase but not the optional path. (markt)
Fix: 63333: Override the isAvailable() method in the JAASRealm so that only \
login failures caused by invalid credentials trigger account lock out when the \
LockOutRealm is in use. Patch provided by jchobantonov. (markt)
Fix: Add --no-jmx flag to allow disabling JMX in startup.Tomcat.main. (remm)
Coyote
Fix: The useAsyncIO boolean attribute on the Connector element value now \
defaults to true. (remm)
Fix: Possible HTTP/2 connection leak issue when using async with NIO. (remm)
Fix: Fix socket close discrepancies for NIO, now the wrapper close is used \
everywhere except for socket accept problems. (remm)
Fix: Implement poller timeout when using async IO with NIO. (remm)
Fix: Avoid creating and using object caches when they are disabled. (remm)
Fix: When running on newer JREs that don't support SSLv2Hello, don't warn \
that it is not available unless explicitly configured. (markt)
Fix: Change default value of pollerThreadCount of NIO to 1. (remm)
Fix: Associate BlockPoller thread name with its NIO connector for better \
readability. (remm)
Fix: The async HTTP/2 frame parser should tolerate concurrency so clearing \
shared buffers before attempting a read is not possible. (remm)
Update: Update the HTTP/2 connection preface and initial frame reading to be \
asynchronous instead of blocking IO. (remm)
Code: Refactor Hostname validation to improve performance. Patch provided by \
Uwe Hees. (markt)
Update: Add additional NIO2 style read and write methods closer to core \
NIO2, for possible use with an asynchronous workflow like CompletableFuture. \
(remm)
Fix: Expand HTTP/2 timeout handling to include connection window exhaustion \
on write. This is the fix for CVE-2019-10072. (markt)
Jasper
Fix: 63359: Ensure that the type conversions used when converting from \
strings for jsp:setProperty actions are correctly implemented as per section \
JSP.1.14.2.1 of the JSP 2.3 specification. (markt)
Other
Fix: 63335: Ensure that stack traces written by the OneLineFormatter are \
fully indented. The entire stack trace is now indented by an additional TAB \
character. (markt)
Fix: 63370: Message files (LocalStrings_*.properties) of the examples webapp \
not converted to ascii. (woonsan)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Japanese translations provided \
with Apache Tomcat. Includes contributions by motohashi.yuki. (markt)
Add: Expand the coverage and quality of the Czech translations provided with \
Apache Tomcat. Includes contributions by Arnošt Havelka. (markt)
Fix: When using the OneLineFormatter, don't print a blank line in the log \
after printing a stack trace. (markt)
Update: Update the internal fork of Apache Commons FileUpload to 41e4047 \
(2019-04-24) pick up some enhancements. (markt)
Update: Update the internal fork of Apache Commons DBCP 2 to dcdbc72 \
(2019-04-24) to pick up some clean-up and enhancements. (markt)
Update: Update the internal fork of Apache Commons Pool 2 to 0664f4d \
(2019-04-30) to pick up some enhancements and bug fixes. (markt)
2019-04-13 Tomcat 9.0.19 (markt)
Catalina
Fix: Fix wrong JMX registration regression in 9.0.18. (remm)
Coyote
Update: Add vectoring for NIO in the base and SSL channels. (remm)
Add: Add asynchronous IO from NIO2 to the NIO connector, with support for \
the async IO implementations for HTTP/2 and Websockets. The useAsyncIO boolean \
attribute on the Connector element allows enabling use of the asynchronous IO \
API. (remm)
Other
Fix: Ensure that the correct files are included in the source distribution \
for javacc based parsers depending on whether jjtree is used or not. (markt)
Fix: Ensure that text files in the source distribution have the correct line \
endings for the target platform. (markt)
not released Tomcat 9.0.18 (markt)
Catalina
Fix: 63196: Provide a default (X-Forwarded-Proto) for the protocolHeader \
attribute of the RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63235: Refactor Charset cache to reduce start time. (markt)
Fix: 63249: Use a consistent log level (WARN) when logging the failure to \
register or deregister a JMX Bean. (markt)
Fix: 63249: Use a consistent log level (ERROR) when logging the \
LifecycleException associated with the failure to start or stop a component. \
(markt)
Fix: When the SSI directive fsize is used with an invalid target, return a \
file size of - rather than 1k. (markt)
Fix: 63251: Implement a work-around for a known JRE bug (JDK-8194653) that \
may cause a dead-lock when Tomcat starts. (markt)
Fix: 63275: When using a RequestDispatcher ensure that \
HttpServletRequest.getContextPath() returns an encoded path in the dispatched \
request. (markt)
Update: Add optional listeners for Server/Listener, as a slight variant of a \
standard listener. The difference is that loading is not fatal when it fails. \
This would allow adding example configuration to the standard server.xml if \
deemed useful. Storeconfig will not attempt to persist the new listener. (remm)
Fix: 63286: Document the differences in behaviour between the LogFormat \
directive in httpd and the pattern attribute in the AccessLogValve for %D and \
%T. (markt)
Fix: 63287: Make logging levels more consistent for similar issues of \
similar severity. (markt)
Fix: 63311: Add support for https URLs to the local resolver within Tomcat \
used to resolve standard XML DTDs and schemas when Tomcat is configured to \
validate XML configuration files such as web.xml. (markt)
Fix: Encode the output of the SSI printenv command. This is the fix for \
CVE-2019-0221. (markt)
Code: Use constants for SSI encoding values. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to \
true, limit the encoded form of the individual command line arguments to those \
values allowed by RFC 3875. This restriction may be relaxed by the use of the \
new initialisation parameter cmdLineArgumentsEncoded. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to \
true, limit the decoded form of the individual command line arguments to known \
safe values when running on Windows. This restriction may be relaxed by the use \
of the new initialisation parameter cmdLineArgumentsDecoded. This is the fix for \
CVE-2019-0232. (markt)
Coyote
Fix: Fix bad interaction between NIO2 async read API and the regular read. (remm)
Fix: Refactor NIO2 write pending strategy for the classic IO API. (remm)
Fix: Restore original maxConnections default for NIO2 as the underlying \
close issues have been fixed. (remm)
Fix: Harmonize NIO2 isReadyForWrite with isReadyForRead code. (remm)
Fix: When using a JSSE TLS connector that supported ALPN (Java 9 onwards) \
and a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and \
instead dropped the connection. (markt)
Fix: Correct a regression in the TLS connector refactoring in Tomcat 9.0.17 \
that prevented the use of PKCS#8 private keys with OpenSSL based connectors. \
(markt)
Fix: Fix NIO2 SSL edge cases. (remm)
Fix: When performing an upgrade from HTTP/1.1 to HTTP/2, ensure that any \
query string present in the original HTTP/1.1 request is passed to the HTTP/2 \
request processing. (markt)
Fix: When Tomcat writes a final response without reading all of an HTTP/2 \
request, reset the stream to inform the client that the remaining request body \
is not required. (markt)
Jasper
Add: Add support for specifying Java 11 (with the value 11) as the compiler \
source and/or compiler target for JSP compilation. (markt)
Add: Add support for specifying Java 12 (with the value 12) and Java 13 \
(with the value 13) as the compiler source and/or compiler target for JSP \
compilation. If used with an ECJ version that does not support these values, a \
warning will be logged and the latest supported version will used. Based on a \
patch by Thomas Collignon. (markt)
Web applications
Fix: 63184: Expand the SSI documentation to provide more information on the \
supported directives and their attributes. Patch provided by nightwatchcyber. \
(markt)
Add: Add a note to the documentation about the risk of DoS with poorly \
written regular expressions and the RewriteValve. Patch provided by salgattas. \
(markt)
jdbc-pool
Fix: Improved maxAge handling. Add support for age check on idle \
connections. Connection that expired reconnects rather than closes it. Patch \
provided by toby1984. (kfujino)
Fix: 63320: Ensure that StatementCache caches statements that include arrays \
in arguments. (kfujino)
Other
Update: Update to the Eclipse JDT compiler 4.10. (markt)
Add: Expand the coverage and quality of the Spanish translations provided \
with Apache Tomcat. Includes contributions by Ulises Gonzalez Horta. (markt)
Add: Expand the coverage and quality of the Czech translations provided with \
Apache Tomcat. Includes contributions by Arnošt Havelka. (markt)
Add: Expand the coverage and quality of the Chinese translations provided \
with Apache Tomcat. Includes contributions by winsonzhao and wjt. (markt)
Add: Expand the coverage and quality of the Russian translations provided \
with Apache Tomcat. (kkolinko)
Add: Expand the coverage and quality of the Japanese translations provided \
with Apache Tomcat. (kfujino)
Add: Expand the coverage and quality of the Korean translations provided \
with Apache Tomcat. (woonsan)
Add: Expand the coverage and quality of the German translations provided \
with Apache Tomcat. (fschumacher)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
|
2019-03-26 21:59:57 by Ryo ONODERA | Files touched by this commit (3) |
Log message:
Update to 9.0.17
Changelog:
The APR/Native connector now supports both OpenSSL and JSSE
TLS configuration syntax (NIO and NIO2 already support this)
Various improvements to NIO2
Various fixes for HTTP/2 push requests
|
2019-01-22 15:54:41 by Ryo ONODERA | Files touched by this commit (8) |
Log message:
www/apache-tomcat9: import apache-tomcat-9.0.14
Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.
Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.
Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.
This package tracks 9.x release branch.
|