Log message:
www: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts):
www/nghttp2/distinfo

Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz

Log message:
www: Remove SHA1 hashes for distfiles

Log message:
www/apache-tomcat85: Update to 8.5.61

Changelog for 8.5.61:
  - Align the behaviour of ServletContext.getRealPath(String path) with the
    recent clarification from the Servlet specification project. If the path
    parameter does not start with / then Tomcat processes the call as if / is
    appended to the beginning of the provided path.
  - Fix a potential file descriptor leak when WebSocket connections are
    attempted and fail.
  - Ensure that the LoadBalancerDrainingValve uses the correct setting for the
    secure attribute for any session cookies it creates.

Changelog for 8.5.60:
  - Statistics are now available (via JMX) for HTTP/2, WebSocket and HTTP/1.1
    upgraded connections
  - Stability improvements for HTTP/2
  - Improvements to error handling in the connection pool used by the JNDI
    Realm

Log message:
www/apache-tomcat85: Update to 8.5.58

Changes for 8.5.59:
  - Refactor the handling of closed HTTP/2 streams to reduce the heap usage
    associated with used streams and to retain information for more streams in
    the priority tree.
  - Deprecate the JDBCRealm.
  - Ensure that none of the methods on a ServletContext instance always fail
    when running under a SecurityManager.

Full changelog is available at:
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.59_(markt)

Also CONFLICTS have been adjusted.

Log message:
www/apache-tomcat85: Update to 8.5.58

Changes for 8.5.58:
  - For requests containing the Expect: 100-continue header, optional
    support has been added to delay sending an intermediate 100 status
    response until the servlet reads the request body, allowing the
    servlet the opportunity to respond without asking for the request
    body. Based on a pull request by malaysf.
  - Add support for a read idle timeout and a write idle timeout to the
    WebSocket session via custom properties in the user properties
    instance associated with the session. Based on a pull request by
    sakshamverma.
  - Update the packaged version of the Tomcat Native Library to 1.2.25

Changes for 8.5.57:
  - Improvements to the creation of OSGi manifests.
  - Reduce the memory footprint of closed HTTP/2 streams

Changes for 8.5.56:
  - Add support for ALPN on recent OpenJDK 8 releases.
  - Add support for the CATALINA_OUT_CMD environment variable that
    defines a command to which captured stdout and stderr will be
    redirected. For use with, for example, rotatelogs. Patch provided by
    Harald Dunkel.
  - Be more flexible with respect to the ordering of groups, roles and
    users in the tomcat-users.xml file.

Changes for 8.5.55:
  - Improve the handling of requests that use an expectation. Do not
    disable keep-alive where the response has a non-2xx status code but
    the request body has been fully read.
  - Change default value separator for property replacement to ":-" due
    to possible conflicts. The syntax is now "${name:-default}".
  - Update the packaged version of the Tomcat Native Library to 1.2.24.

For full list of changes see
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html

Log message:
For clarity, use tomcat_start (resp. tomcat_stop) function instead of
calling ${command} directly for start (resp. stop) within rc.d.

Tested on tomcat9; but applicable down to tomcat6.

Bump PKGREVISION.

ok ryo@.

Log message:
apache-tomcat85: Update to 8.5.54

Changelog:
The notable changes compared to 8.5.53 include:

    Add support for default values when using ${...} property replacement in \ 
configuration files. Based on a pull request provided by Bernd Bohmann.
    When configuring an HTTP Connector, warn if the encoding specified for \ 
URIEncoding is not a superset of US-ASCII as required by RFC 7230.
    Replace the system property \ 
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector \ 
attribute encodedSolidusHandling that adds an additional option to pass the %2f \ 
sequence through to the application without decoding it in addition to rejecting \ 
such sequences and decoding such sequences.

The notable changes compared to 8.5.51 include:

    Add new attribute persistAuthentication to both StandardManager and \ 
PersistentManager to support authentication persistence. Patch provided by \ 
Carsten Klein
    A zero length AJP secret will now behave as if it has not been specified.
    Add the TLS request attributes used by IIS to the attributes that an AJP \ 
Connector will always accept.

The notable changes compared to 8.5.50 include:

    AJP defaults changed to listen the loopback address, require a secret and to \ 
be disabled in the sample server.xml file. If you are using the AJP protocol, \ 
please refer to the Migration Guide and update your configuration.
    The JmxRemoteLifecycleListener is now deprecated
    The HTTP Connector attribute rejectIllegalHeaderName is renamed to \ 
rejectIllegalHeader and expanded to include header values as well as names

Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.

Log message:
apache-tomcat85: Update to 8.5.50

Changelog:
Tomcat 8.5.50 (markt)
Catalina

    Add: Improvements to CsrfPreventionFilter: additional logging, allow the \ 
CSRF nonce request parameter name to be customized. (schultz)
    Add: 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and \ 
friends. (michaelo)
    Fix: 63964: Correct a regression in the static resource caching changes \ 
introduced in 9.0.28. URLs constructed from URLs obtained from the cache could \ 
not be used to access resources. (markt)
    Fix: 63968: Fix ClassCastException in the Expires filter which was a \ 
regression in the fix for 63909. (markt)
    Fix: 63970: Correct a regression in the static resource caching changes \ 
introduced in 9.0.28. Connections to URLs obtained for JAR resources could not \ 
be cast to JarURLConnection. (markt)
    Add: 63937: Add a new attribute to the standard Authenticator \ 
implementations, allowCorsPreflight, that allows the Authenticators to be \ 
configured to allow CORS preflight requests to bypass authentication as required \ 
by the CORS specification. (markt)
    Fix: 63939: Correct the same origin check in the CORS filter. An origin with \ 
an explicit default port is now considered to be the same as an origin without a \ 
deafult port and origins are now compared in a case-sensitive manner as required \ 
by the CORS specification. (markt)
    Fix: 63982: CombinedRealm makes assumptions about principal implementation \ 
(michaelo)
    Fix: 63983: Correct a regression in the static resource caching changes \ 
introduced in 9.0.28. A large number of file descriptors were opened that could \ 
reach the OS limit before being released by GC. (markt)
    Update: 63987: Deprecate Realm.getRoles(Principal). (michaelo)
    Code: Add a unit test for the session FileStore implementation and refactor \ 
loops in FileStore to use the ForEach style. Pull request provided by Govinda \ 
Sakhare. (markt)
    Fix: Refactor FORM authentication to reduce duplicate code and to ensure \ 
that the authenticated Principal is not cached in the session when caching is \ 
disabled. (markt)

Coyote

    Code: Refactor the APR poller to always use a single pollset now that the \ 
Windows operating systems that required multiple smaller pollsets to be used are \ 
no longer supported. (markt)
    Update: Add vectoring for NIO in the base and SSL channels. (remm)
    Add: Add async API to the NIO and APR connector. (remm)
    Fix: 63931: Improve timeout handling for asyncIO to ensure that blocking \ 
operations see a SocketTimeoutException if one occurs. (remm/markt)
    Fix: 63932: By default, do not compress content that has a strong ETag. This \ 
behaviour is configuration for the HTTP/1.1 and HTTP/2 connectors via the new \ 
Connector attribute noCompressionStrongETag. (markt)
    Fix: Simplify regular endpoint writes by removing write(Non)BlockingDirect. \ 
All regular writes will now be buffered for a more predictable behavior. (remm)
    Fix: Send an exception directly to the completion handler when a timeout \ 
exception occurs for the operation, and add a boolean to make sure the \ 
completion handler is called only once. (remm/markt)

WebSocket

    Fix: Ensure a couple of very unlikely concurrency issues are avoided when \ 
writing WebSocket messages. (markt)

Web applications

    Fix: Fix the broken re-try link on the error page for the FORM \ 
authentication example in the JSP section of the examples web application. \ 
(markt)
    Fix: Correct the documentation for the maxConnections attribute of the \ 
Connector in the documentation web application. (markt)
    Add: Add the ability to set and display session attributes in the JSP FORM \ 
authentication example to demonstrate session persistence across restarts for \ 
authenticated sessions. (markt)

Other

    Fix: Correct the fix for 63815 (quoting the use of CATALINA_OPTS and \ 
JAVA_OPTS when used in shell scripts to avoid the expansion of *) as it caused \ 
various regressions, particularly with daemon.sh. (markt)
    Add: Expand the search made by the Windows installer for a suitable Java \ 
installation to include the 64-bit JDK registry entries and the JAVA_HOME \ 
environment variable. Pull request provided by Alexander Norz. (markt)
    Add: Expand the coverage of the German translations provided with Apache \ 
Tomcat. Contribution provided by Jens. (markt)
    Add: Expand the coverage of the French translations provided with Apache \ 
Tomcat. (remm)
    Add: Expand the coverage of the Japanese translations provided with Apache \ 
Tomcat. (markt)
    Add: Expand the coverage of the Korean translations provided with Apache \ 
Tomcat. (woonsan)
    Add: Expand the coverage of the Chinese translations provided with Apache \ 
Tomcat. Contributions provided by lins and 磊. (markt)
    Add: Update the internal fork of Apache Commons BCEL to ff6941e (2019-12-06, \ 
6.4.2-dev). Code clean-up only. (markt)
    Add: Update the internal fork of Apache Commons Codec to 9637dd4 \ 
(2019-12-06, 1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt)
    Add: Update the internal fork of Apache Commons FileUpload to 2317552 \ 
(2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt)
    Add: Update the internal fork of Apache Commons Pool 2 to 6092f92 \ 
(2019-12-06, 2.8.0-SNAPSHOT). Clean-up and minor refactoring. (markt)
    Add: Update the internal fork of Apache Commons DBCP 2 to a36390 \ 
(2019-12-06, 2.7.1-SNAPSHOT). Minor refactoring. (markt)

2019-11-21 Tomcat 8.5.49 (markt)
Catalina

    Fix: Correption when using a RequestDispatcher. (markt)
    Add: Improvement to CsrfPreventionFilter: expose the latest available nonce \ 
as a request attribute; expose the expected nonce request parameter name as a \ 
context attribute. (schultz)

not released Tomcat 8 63872: Fix some edge cases where the docBase was not being \ 
set using a canonical path which in turn meant resource URLs were not being \ 
constructed as expected. (markt)
    Fix: Make a best effort attempt to clean-up if a request fails during \ 
processing dle to see an updated last modified time but the content would be \ 
that prior to the modification. (markt)
    Update: 63905 Clean up Tomcat CSS. (michaelo)
    Fix: 63909: When the ExpiresFilter is used without a default and the \ 
response is served by the D sets a 304 (Not Found) status code. (markt)
    Fix: Update the Servlet 4 preview API to reflect changes made to the API in \ 
the final release. Note that this preview API has been deprecated for over a \ 
year and may be removed as soon as the next 8.5.x release. (markt)
    Fix: Refactor JMX remote RMI registry creation. (remm)

Coyote

    Fix: Ensure that ServletRequest.isAsyncStarted() returns false once \ 
AsyncContext.complete() or AsyncContext.dispatch() has been called during \ 
AsyncListener.onTimeout() or AsyncListener.onError(). (markt)
    Fix: 63816 and 63817: Correctly handle I/O errors after asynchronous \ 
processing has been started but before the container thread that started \ 
asynchronous processing has completed processing the current request/response. \ 
(markt)
    Fix: 63825: When processing the Expect and Connection HTTP headers looking \ 
for a specific token, be stricter in ensuring that the exact token is present. \ 
(markt)
    Fix: 63829: Improve the check of the Content-Encoding header when looking to \ 
see if Tomcat is serving pre-compressed content. Ensure that only a full token \ 
is matched and that the match is case insensitive. (markt)
    Add: 63835: Add support for Keep-Alive response header. (michaelo)
    Fix: 63864: Refactor parsing of the transfer-encoding request header to use \ 
the shared parsing code and reduce duplication. (markt)
    Fix: 63865: Add Unset option to same-site cookies and pass through None \ 
value if set by user. Patch provided by John Kelly. (markt)
    Fix: 63894: Ensure that the configured values for certificateVerification \ 
and certificateVerificationDepth are correctly passed to the OpenSSL based \ 
SSLEngine implementation. (remm/markt)
    Fix: Do not perform a blocking read after a CPING message is received by the \ 
AJP connector because, if the JK Connector is configured with \ 
ping_mode="I", the CPING message will not always be followed by the \ 
start of a request. (markt)
    Fix: Properly calculate all dynamic parts of the ErrorReportValve response \ 
on the fly in org.apache.coyote.http2.TestHttp2InitialConnection. (michaelo)

Jasper

    Fix: 63897: Capture the timestamp of a JSP for the purposes of modification \ 
tracking before the JSP is compiled to prevent a race condition if the JSP is \ 
modified during compilation. Patch provided by Karl von Randow. (markt)
    Fix: Fix a race condition that could mean changes to a modified JSP were not \ 
visible to end users. (markt)

WebSocket

    Fix: 63913: Wrap any NullPointerExceptions throw by the Inflater or Deflater \ 
used by the PerMessageDeflate extension in an IOException so that the error can \ 
be caught and handled by the WebSocket error handling mechanism. (markt)

Web applications

    Fix: Correct the description of the default value for the server attribute \ 
in the security How-To. (markt)

Other

    Fix: 63815: Quote the use of CATALINA_OPTS and JAVA_OPTS when used in shell \ 
scripts to avoid the expansion of *. Note that any newlines present in \ 
CATALINA_OPTS and/or JAVA_OPTS will no longer removed. (markt)
    Fix: 63826: Remove commons-daemon-native.tar.gz and tomcat-native.tar.gz \ 
from the binary zip distributions for Windows since compiled versions of those \ 
components are already included within the zip distributions. (markt)
    Fix: 63838: Suppress reflexive access warnings when running the unit tests \ 
on the command line. (markt)
    Fix: Add missing charsets from the HPE JVM on HP-UX to pass unit tests in \ 
org.apache.tomcat.util.buf.TestCharsetCache. (michaelo)
    Add: Expand the coverage and quality of the French translations provided \ 
with Apache Tomcat. (remm)
    Add: Expand the coverage and quality of the Korean translations provided \ 
with Apache Tomcat. (woonsan)
    Add: Expand the coverage and quality of the Simplified Chinese translations \ 
provided with Apache Tomcat. Contributions provided by rpo130, Mason Shen, \ 
leeyazhou, winsonzhao, qingshi huang, Lay, Shucheng Hou and Yanming Zhou. \ 
(markt)

2019-10-11 Tomcat 8.5.47 (markt)
Coyote

    Fix: Use URL safe base 64 encoding rather than standard base 64 encoding \ 
when generating or parsing the HTTP2-Settings header as part of an HTTP upgrade \ 
to h2c as required by RFC 7540. (markt)
    Fix: 63765: NIO2 should try to unwrap after TLS handshake to avoid edge \ 
cases. (remm)
    Fix: 63766: Ensure Processor objects are recycled when processing an HTTP \ 
upgrade connection that terminates before processing switches to the Processor \ 
for the upgraded protocol. (markt)

Jasper

    Fix: 63781: When performing various checks related to the visibility of \ 
classes, fields and methods in the EL implementation, also check that the \ 
containing module has been exported. (markt)

Web Socket

    Fix: 63753: Ensure that the Host header in a Web Socket HTTP upgrade request \ 
only contains a port if a non-default port is being used. (markt)
    Fix: When running on Java 9 and above, don't attempt to instantiate \ 
WebSocket Endpoints found in modules that are not exported. (markt)

Web Applications

    Docs: Add Javadoc for the Common Annotations API implementation. (markt)

jdbc-pool

    Fix: When connections are validated without an explicit validation query, \ 
ensure that any transactions opened by the validation process are committed. \ 
Patch provided by Pascal Davoust. (markt)

Other

    Code: Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was \ 
only used for unit tests in org.apache.tomcat.util.net.TesterSupport and has \ 
been moved there. (rjung)
    Fix: 63759: When installing Tomcat with the Windows installer, grant \ 
sufficient privileges to enable the uninstaller to execute when user account \ 
control is active. (markt)
    Add: Use a build property to define the minimum supported Java version and \ 
use that build property to reduce the number of edits required to update the \ 
minimum supported Java version. (markt)
    Update: 63767: Update to Commons Daemon 1.2.2. This corrects a regression in \ 
Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on start \ 
when running on an operating system that had not been fully updated. (markt)

Log message:
Update to 8.5.46

Changelog:
Tomcat 8.5.46 (markt)
Catalina
Fix:  63684: Wrapper never passed to RealmBase.hasRole() for given security \ 
constraints. (michaelo)
Fix:  Avoid a potential NullPointerException on Service stop if a Service is \ 
embedded directly (i.e. with no Server) in an applciation and JNDI is enabled. \ 
Patch provided by S. Ali Tokmen. (markt)
Add:  Add a new PropertySource implementation, EnvironmentPropertySource, that \ 
can be used to do property replacement in configuration files with environment \ 
variables. Based on a pull request provided by Thomas Meyer. (markt)
Coyote
Fix:  63682: Fix a potential hang when using the asynchronous Servlet API to \ 
write the response body and the stream and/or connection window reaches 0 bytes \ 
in size. (markt)
Fix:  63690: Use the average of the current and previous sizes when calculating \ 
overhead for HTTP/2 DATA and WINDOW_UPDATE frames to avoid false positives as a \ 
result of client side buffering behaviour that causes a small percentage of \ 
non-final DATA frames to be smaller than expected. (markt)
Fix:  63706: Avoid NPE accessing https port with plaintext. (remm)
Fix:  Correct typos in the names of the configuration attributes \ 
overheadDataThreshold and overheadWindowUpdateThreshold. (markt)
Fix:  If the HTTP/2 connection requires an initial window size larger than the \ 
default, send a WINDOW_UPDATE to increase the flow control window for the \ 
connection so that the initial size of the flow control window for the \ 
connection is consistent with the increased value. (markt)
Fix:  63710: When using HTTP/2, ensure that a content-length header is not set \ 
for those responses with status codes that do not permit one. (markt)
Fix:  63737: Correct various issues when parsing the accept-encoding header to \ 
determine if gzip encoding is supported including only parsing the first header \ 
found. (markt)
Web applications
Fix:  Correct the source code links on the index page for the ROOT web \ 
application to point to Git rather than Subversion. (markt)
Fix:  Fix various issues with the Javadoc generated for the documentation web \ 
application to enable release builds to be built with Java 10 onwards. (markt)
Fix:  Fix a large number of Javadoc and documentation typos. Patch provided by \ 
KangZhiDong. (markt)
Fix:  Spelling and formatting corrections for the cluster how-to. Pull request \ 
provided by Bill Mitchell. (markt)
Other
Fix:  Back-port various corrections and improvements to the English versions of \ 
the i18n messages. (markt)
Add:  Include the available German translations in the standard Tomcat \ 
distribution. Back-port additions and updates to the German i18n messages. \ 
(markt)
Fix:  Back-port various corrections and improvements to the Spanish i18n \ 
messages. (markt)
Fix:  Back-port various corrections and improvements to the French i18n \ 
messages. (markt)
Fix:  Back-port various corrections and improvements to the Japanese i18n \ 
messages. (markt)
Fix:  Back-port various corrections and improvements to the Russian i18n \ 
messages. (markt)
Add:  Add Korean translations to the standard Tomcat distribution. (markt)
Add:  Add Simplifed Chinese translations to the standard Tomcat distribution. (markt)
Fix:  62140: Additional usage documentation in comments for catalina.[bat|sh]. \ 
(markt)
Fix:  Fix JSSE_OPTS quoting in catalina.bat. Contributed by Peter Uhnak. \ 
(fschumacher)
Update:  63625: Update to Commons Daemon 1.2.1. This corrects several \ 
regressions in Commons Daemon 1.2.1, most notably the Windows Service crashing \ 
on start when using 32-bit JVMs. (markt)
Fix:  63689: Correct a regression in the fix for 63285 that meant that when \ 
installing a service, the service display name was not set. (markt)
Fix:  When performing a silent install with the Windows Installer, ensure that \ 
the registry entires are added to the 64-bit registry when using a 64-bit JVM. \ 
(markt)
Fix:  Remove unused i18n messages and associated translations. Patch provided by \ 
KangZhiDong. (markt)
2019-08-21Tomcat 8.5.45 (markt)
Coyote
Code:  Remove the code in the sendfile poller that ensured smaller pollsets were \ 
used with older, no longer supported versions of Windows that could not support \ 
larger pollsets. (markt)
not releasedTomcat 8.5.44 (markt)
Catalina
Add:  62258: Don't trigger the standard error page mechanism when the error has \ 
caused the connection to the client to be closed as no-one will ever see the \ 
error page. (markt)
Update:  63627: Implement more fine-grained handling in \ 
RealmBase.authenticate(GSSContext, boolean). (michaelo)
Add:  62496: Add option to write auth information (remote user/auth type) to \ 
response headers. (michaelo)
Add:  51497: Add an option, ipv6Canonical, to the AccessLogValve that causes \ 
IPv6 addresses to be output in canonical form defined by RFC 5952. \ 
(ognjen/markt)
Add:  57665: Add support for the X-Forwarded-Host header to the RemoteIpFilter \ 
and RemoteIpValve. (markt)
Fix:  63550: Only try the alternateURL in the JNDIRealm if one has been \ 
specified. (markt)
Add:  63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter (michaelo)
Fix:  If an unhandled exception occurs on a asynchronous thread started via \ 
AsyncContext.start(Runnable), process it using the standard error page \ 
mechanism. (markt)
Fix:  Discard large byte buffers allocated using setBufferSize when recycling \ 
the request. (remm)
Fix:  63579: Correct parsing of malformed OPTIONS requests and reject them with \ 
a 400onse rather than triggering an internal error that results in a 500 \ 
response. (markt)
Fix:  Correct version information in X-Powered-By header. (markt)
Fix:  63608: Align the implementation of the negative match feature for patterns \ 
used with the RewriteVx:  Avoid a NullPointerException in the \ 
CrawlerSessionManagerValve if no ROOT Context is deployed and a request does not \ 
map to any of the other deployed Contexts. Patch provided by Jop Zinkweg. \ 
(markt)
Fix:  63636: Context.findRoleMapping() never called 3524: Improve the handling \ 
of PEM file based keys and certificates that do not include a full certificate \ 
chain when configuring the internal, in-memory key store. Improve the handling \ 
of PKCS#1 formatted private keys when configuring the internal, in-memying to \ 
set tcpNoDelay on socket types that do not support it, which can occur when \ 
using the NIO inherited channel capability. Submitted by František Kučera. \ 
(remm)
Fix:  Correct parsing of invalid host names that contain bytes in the range 128 \ 
to 255 or that results in a 500 response. (markt)
Fix:  63571: Allow users to configure infinite TLS session caches and/or \ 
timeouts. (markt)
Fix:  63578: Improve handling of invalid requests so that 400 responses are \ 
returned to the client rather than 500 respon an error if a Huffman encoded \ 
string literal contains the EOS symbol. (jfclere)
Add:  Connections that fail the TLS handshake will now appear in the access logs \ 
with a 400 status code. (markt)
Fix:  Timeouts for HTTP/2 connections were not always correctnger than expected. \ 
(markt)
Add:  Expand the HTTP/2 excessive overhead protection to cover various forms of \ 
abusive client behaviour and close the connection if any such behaviour is \ 
detected. (markt)
Fix:  Fix a crash on shutdown with the APR/native connress when the connector \ 
stopped. (markt)
Web applications
Fix:  63597: Update the custom 404 error page for the Host Manager to take \ 
account of previous refactoring so that the page is used for 404 errors rather \ 
than falling back to the default error pagebat so that when installing a Windows \ 
service, by default, it changes the name of the executables used by the Windows \ 
service to match the service name. This makes the installation behaviour \ 
consistent with the Windows installer. The original executable nhe renaming can \ 
be disabled by using the new --no-rename option after the service name. (markt)
Update:  Switch from Checkstyle to the JRE6 backport and update to version 8.22. \ 
This allows Tomcat 8.5 to use the newer Checkstyle releases while still buildi \ 
digital signature for the Windows installer now uses SHA-256 for hashes. (markt)
Update:  63310: Update to Commons Daemon 1.2.0. This provides improved support \ 
for Java 11. This also changes the user configured by the Windows installer for \ 
the Windows seer privileged Local Service. (markt)
Fix:  55969: Tighten up the security of the Apache Tomcat installation created \ 
by the Windows installer. Change the default shutdown port used by the Windows \ 
installer from 8005 to -1 (disabled). Limit access to the cho local \ 
administrators, Local System and Local Service. (markt)
Add:  63285: Add an option to service.bat so that when installing a Windows \ 
service, the name of the executables used by the Windows service may be changed \ 
to match the service name. This maksistent with the Windows installer. The \ 
original executable names will be restored when the Windows service is removed. \ 
The renaming can be enabled by using the new --rename option after the service \ 
name. (markt)
Fix:  63567: Restore the passing of $LOGGIsh when calling stop. (markt)
Update:  Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) to \ 
pick up the fix for CODEC-134. (markt)
Update:  Update the internal fork of Commons Pool2 to 796e32d (2018-08-01) to \ 
pick up the changes Commons Poe the internal fork of Commons DBCP2 to 87d9e3a \ 
(2018-08-01) to pick up the changes Commons DBCP2 2.7.0 and DBCP-555. (markt)
Update:  63648: Update the test TLS keys and certificates used in the test suite \ 
to replace the keys and certificates that are about to expire. (markt)