Navigation:
Browse pkgsrc
(this page)| 2019-10-04 15:54:43 by Ryo ONODERA | Files touched by this commit (3) |
Log message:
Update to 9.0.26
Changelog:
Tomcat 9.0.26 (markt)
Oher
Fix: Re-tagged to ensure that the source file for the changelog did not \
contain an XML byte order mark. (markt)
not released Tomcat 9.0.25 (markt)
Catalina
Fix: Avoid a possible InvalidPathException when obtaining a URI for a \
configuration file. (markt)
Fix: 63684: Wrapper never passed to RealmBase.hasRole() for given security \
constraints. (michaelo)
Fix: 63740: Ensure configuration files are loaded correctly when a Host is \
configured with an xmlBase. Patch provided by uk4sx. (markt)
Fix: Avoid a potential NullPointerException on Service stop if a Service is \
embedded directly (i.e. with no Server) in an applciation and JNDI is enabled. \
Patch provided by S. Ali Tokmen. (markt)
Add: Add a new PropertySource implementation, EnvironmentPropertySource, \
that can be used to do property replacement in configuration files with \
environment variables. Based on a pull request provided by Thomas Meyer. (markt)
Coyote
Fix: 63682: Fix a potential hang when using the asynchronous Servlet API to \
write the response body and the stream and/or connection window reaches 0 bytes \
in size. (markt)
Fix: 63690: Use the average of the current and previous sizes when \
calculating overhead for HTTP/2 DATA and WINDOW_UPDATE frames to avoid false \
positives as a result of client side buffering behaviour that causes a small \
percentage of non-final DATA frames to be smaller than expected. (markt)
Fix: 63706: Avoid NPE accessing https port with plaintext. (remm)
Fix: Correct typos in the names of the configuration attributes \
overheadDataThreshold and overheadWindowUpdateThreshold. (markt)
Fix: If the HTTP/2 connection requires an initial window size larger than \
the default, send a WINDOW_UPDATE to increase the flow control window for the \
connection so that the initial size of the flow control window for the \
connection is consistent with the increased value. (markt)
Fix: 63710: When using HTTP/2, ensure that a content-length header is not \
set for those responses with status codes that do not permit one. (markt)
Fix: 63737: Correct various issues when parsing the accept-encoding header \
to determine if gzip encoding is supported including only parsing the first \
header found. (markt)
Jasper
Fix: 63724: Correct a regression introduced in 9.0.21 that broke compilation \
of JSPs in some configurations. (markt)
Web applications
Fix: Correct the source code links on the index page for the ROOT web \
application to point to Git rather than Subversion. (markt)
Fix: Fix various issues with the Javadoc generated for the documentation web \
application to enable release builds to be built with Java 10 onwards. (markt)
Fix: 63733: Remove the documentation for the "Additional \
Components" since they have been remove / merged into the core Tomcat \
distribution for 9.0.5 onwards. (markt)
Fix: 63739: Correct the invalid Automatic-Module-Name manifest entries for \
the Tomcat provided JARs included in the Tomcat embedded distribution. (markt)
Fix: Fix a large number of Javadoc and documentation typos. Patch provided \
by KangZhiDong. (markt)
Fix: Spelling and formatting corrections for the cluster how-to. Pull \
request provided by Bill Mitchell. (markt)
Other
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Simplified Chinese translations \
provided with Apache Tomcat. Includes contributions by leeyazhou and 康智冬. \
(markt)
Fix: 62140: Additional usage documentation in comments for \
catalina.[bat|sh]. (markt)
Fix: Fix JSSE_OPTS quoting in catalina.bat. Contributed by Peter Uhnak. \
(fschumacher)
Update: 63625: Update to Commons Daemon 1.2.1. This corrects several \
regressions in Commons Daemon 1.2.1, most notably the Windows Service crashing \
on start when using 32-bit JVMs. (markt)
Fix: 63689: Correct a regression in the fix for 63285 that meant that when \
installing a service, the service display name was not set. (markt)
Fix: When performing a silent install with the Windows Installer, ensure \
that the registry entires are added to the 64-bit registry when using a 64-bit \
JVM. (markt)
Fix: Remove unused i18n messages and associated translations. Patch provided \
by KangZhiDong. (markt)
Add: Expand the coverage and quality of the Korean translations provided \
with Apache Tomcat. (woonsan)
2019-08-17 Tomcat 9.0.24 (markt)
Coyote
Code: Remove the code in the sendfile poller that ensured smaller pollsets \
were used with older, no longer supported versions of Windows that could not \
support larger pollsets. (markt)
not released Tomcat 9.0.23 (markt)
Catalina
Update: 63627: Implement more fine-grained handling in \
RealmBase.authenticate(GSSContext, boolean). (michaelo)
Add: 62496: Add option to write auth information (remote user/auth type) to \
response headers. (michaelo)
Add: 57665: Add support for the X-Forwarded-Host header to the \
RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63550: Only try the alternateURL in the JNDIRealm if one has been \
specified. (markt)
Add: 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter \
(michaelo)
Fix: If an unhandled exception occurs on a asynchronous thread started via \
AsyncContext.start(Runnable), process it using the standard error page \
mechanism. (markt)
Fix: Discard large byte buffers allocated using setBufferSize when recycling \
the request. (remm)
Fix: 63579: Correct parsing of malformed OPTIONS requests and reject them \
with a 400 response rather than triggering an internal error that results in a \
500 response. (markt)
Fix: 63608: Align the implementation of the negative match feature for \
patterns used with the RewriteValve with the description in the documentation. \
(markt)
Fix: Avoid a NullPointerException in the CrawlerSessionManagerValve if no \
ROOT Context is deployed and a request does not map to any of the other deployed \
Contexts. Patch provided by Jop Zinkweg. (markt)
Fix: 63636: Context.findRoleMapping() never called in \
StandardWrapper.findSecurityReference(). (michaelo)
Coyote
Code: Refactor the APR poller to always use a single pollset now that the \
Windows operating systems that required multiple smaller pollsets to be used are \
no longer supported. (markt)
Fix: 63524: Improve the handling of PEM file based keys and certificates \
that do not include a full certificate chain when configuring the internal, \
in-memory key store. Improve the handling of PKCS#1 formatted private keys when \
configuring the internal, in-memory key store. (markt)
Update: Add callback when finishing the set properties rule in the digester. \
(remm)
Fix: 63570: Fix regression retrieving local address with the NIO connector. \
Submitted by Aditya Kadakia. (remm)
Fix: 63568: Avoid error when trying to set tcpNoDelay on socket types that \
do not support it, which can occur when using the NIO inherited channel \
capability. Submitted by František Kučera. (remm)
Fix: Correct parsing of invalid host names that contain bytes in the range \
128 to 255 and reject them with a 400 response rather than triggering an \
internal error that results in a 500 response. (markt)
Fix: 63571: Allow users to configure infinite TLS session caches and/or \
timeouts. (markt)
Fix: 63578: Improve handling of invalid requests so that 400 responses are \
returned to the client rather than 500 responses. (markt)
Fix: Fix h2spec test suite failure. It is an error if a Huffman encoded \
string literal contains the EOS symbol. (jfclere)
Add: Connections that fail the TLS handshake will now appear in the access \
logs with a 400 status code. (markt)
Fix: Timeouts for HTTP/2 connections were not always correctly handled \
leaving some connections open for longer than expected. (markt)
Fix: 63650: Refactor initialisation for JSSE based TLS connectors to enable \
custom JSSE providers that provide custom cipher suites to be used. (markt)
Add: Expand the HTTP/2 excessive overhead protection to cover various forms \
of abusive client behaviour and close the connection if any such behaviour is \
detected. (markt)
Fix: Fix a crash on shutdown with the APR/native connector when a blocking \
I/O operation was still in progress when the connector stopped. (markt)
Cluster
Fix: Avoid failing Kubernetes membership (and preventing startup) if the \
stream cannot be opened, to get the same behavior as the DNS based membership. \
The namespace is still a failure on startup but it is easy to provide. (remm)
Fix: Avoid non fatal NPEs with Tribes when JMX is not available. (remm)
Fix: Make Kube environment optional for Kube memberships, for easier testing \
and Graal training. A warn log will occur if the environment is not present. \
(remm)
Web applications
Fix: 63597: Update the custom 404 error page for the Host Manager to take \
account of previous refactoring so that the page is used for 404 errors rather \
than falling back to the default error page. (markt)
Other
Fix: JNDI support for GraalVM native images. (remm)
Fix: JSP runtime library support for GraalVM native images. (remm)
Fix: java.util.logging configuration for GraalVM native images. (remm)
Update: Update Checkstyle to 8.22. (markt)
Update: 62696: The digital signature for the Windows installer now uses \
SHA-256 for hashes. (markt)
Update: 63310: Update to Commons Daemon 1.2.0. This provides improved \
support for Java 11. This also changes the user configured by the Windows \
installer for the Windows service from Local System to the lower privileged \
Local Service. (markt)
Fix: 55969: Tighten up the security of the Apache Tomcat installation \
created by the Windows installer. Change the default shutdown port used by the \
Windows installer from 8005 to -1 (disabled). Limit access to the chosen \
installation directory to local administrators, Local System and Local Service. \
(markt)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
Add: 63285: Add an option to service.bat so that when installing a Windows \
service, the name of the executables used by the Windows service may be changed \
to match the service name. This makes the installation behaviour consistent with \
the Windows installer. The original executable names will be restored when the \
Windows service is removed. The renaming can be enabled by using the new \
--rename option after the service name. (markt)
Fix: 63567: Restore the passing of $LOGGING_MANAGER to the jvm in \
catalina.sh when calling stop. (markt)
Fix: Correct broken OSGi data in JAR file manifests. (markt)
Fix: Add "embed" to the Bundle-Name and Bundle-Symbolic-Name for \
the Tomact embedded WebSocket JAR to align the naming with the other embedded \
JARs and to differentiate it from the standard WebSocket JAR that does not \
include the API classes. (markt)
Fix: 63555: Add Automatic-Module-Name entries for each of the Tomcat \
provided JARs included in the Tomcat embedded distribution. (markt)
Update: Update dependency on bnd to 4.2.0. (markt)
Update: Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) to \
pick up the fix for CODEC-134. (markt)
Update: Update the internal fork of Commons Pool2 to 796e32d (2018-08-01) to \
pick up the changes Commons Pool2 2.7.0. (markt)
Update: Update the internal fork of Commons DBCP2 to 87d9e3a (2018-08-01) to \
pick up the changes Commons DBCP2 2.7.0 and DBCP-555. (markt)
Update: 63648: Update the test TLS keys and certificates used in the test \
suite to replace the keys and certificates that are about to expire. (markt)
|
2019-07-15 16:32:15 by Ryo ONODERA | Files touched by this commit (3) |  |
Log message:
Update to 9.0.22
Changelog:
Tomcat 9.0.22 (markt)
Catalina
Fix: Improve parsing of Range request headers. (markt)
Fix: Range headers that specify a range unit Tomcat does not recognise \
should be ignored rather than triggering a 416 response. Based on a pull request \
by zhanhb. (markt)
Fix: When comparing a date from a If-Range header, an exact match is \
required. Based on a pull request by zhanhb. (markt)
Fix: Add an option to the default servlet to disable processing of PUT \
requests with Content-Range headers as partial PUTs. The default behaviour \
(processing as partial PUT) is unchanged. Based on a pull request by zhanhb. \
(markt)
Fix: Improve parsing of Content-Range headers. (markt)
Update: Update the recommended minimum Tomcat Native version to 1.2.23. (markt)
Coyote
Fix: Remove a source of potential deadlocks when using HTTP/2 when the \
Connector is configured with useAsyncIO as true. (markt)
Fix: 63523: Restore SSLUtilBase methods as protected to preserve \
compatibility. (remm)
Fix: Fix typo in UTF-32LE charset name. Patch by zhanhb vi Github. (fschumacher)
Fix: Once a URI is identified as invalid don't attempt to process it \
further. Based on a PR by Alex Repert. (markt)
Fix: Fix to avoid the possibility of long poll times for individual pollers \
when using mutliple pollers with APR. (markt)
Fix: Refactor the fix for 63205 so it only applies when using PKCS12 \
keystores as regressions have been reported with some other keystore types. \
(markt)
Jasper
Add: Include file names if SMAP processor is unable to delete or rename a \
class file during SMAP generation. (markt)
Update: Update to the Eclipse JDT compiler 4.12. (markt)
WebSocket
Fix: 63521: As required by the WebSocket specification, if a POJO that is \
deployed as a result of the SCI scan for annotated POJOs is subsequently \
deployed via the programmatic API ignore the programmatic deployment. (markt)
Other
Fix: Switch the check for terminal availability to test for stdin as using \
stdout does not work when output is piped to another process. Patch provided by \
Radosław Józwik. (markt)
Add: Add user buildable optional modules for easier CDI 2 and JAX-RS \
support. Also include a new documentation page describing how to use it. (remm)
2019-06-07 Tomcat 9.0.21 (markt)
Catalina
Add: 57287: Add file sorting to DefaultServlet (schultz)
Fix: Fix --no-jmx flag processing, which was called after registry \
initialization. (remm)
Fix: Ensure that a default request character encoding set on a \
ServletContext is used when calling ServletRequest#getReader(). (markt)
Fix: Make a best efforts attempt to clean-up if a request fails during \
processing due to an OutOfMemoryException. (markt)
Fix: Improve the BoM detection for static files handled by the default \
servlet for the rarely used UTF-32 encodings. Identified by Coverity Scan. \
(markt)
Fix: Ensure that the default servlet reads the entire global XSLT file if \
one is defined. Identified by Coverity Scan. (markt)
Fix: Avoid potential NullPointerException when generating an HTTP Allow \
header. Identified by Coverity Scan. (markt)
Code: Add Context.createInstanceManager() for easier framework integration. \
(remm)
Code: Add utility org.apache.catalina.core.FrameworkListener to allow \
replicating adding a Listener to context.xml in a programmatic way. (remm)
Code: Move Container.ADD_CHILD_EVENT to before the child container start, \
and Container.REMOVE_CHILD_EVENT to before removal of the child from the \
internal child collection. (remm)
Add: Remove any fragment included in the target path used to obtain a \
RequestDispatcher. The requested target path is logged as a warning since this \
is an application error. (markt)
Coyote
Fix: NIO poller seems to create some unwanted concurrency, causing rare CI \
test failures. Add sync when processing async operation to avoid this. (remm)
Fix: Fix concurrency issue that lead to incorrect HTTP/2 connection timeout. \
(remm/markt)
Fix: Avoid useless exception wrapping in async IO. (remm)
Fix: 63412: Security manager failure when using the async IO API from a \
webapp. (remm)
Fix: Remove acceptorThreadCount Connector attribute, one accept thread is \
sufficient. As documented, value 2 was the only other sensible value, but \
without and impact beyond certain microbenchmarks. (remm)
Fix: Avoid possible NPEs on connector stop. (remm)
Update: Remove pollerThreadCount Connector attribute for NIO, one poller \
thread is sufficient. (remm)
Add: Add async IO for APR connector for consistency, but disable it by \
default due to low performance. (remm)
Fix: Avoid blocking write of internal buffer when using async IO. (remm)
Code: Refactor async IO implementation to the SocketWrapperBase. (remm)
Update: Refactor SocketWrapperBase close using an atomic boolean and a \
doClose method that subclasses will implement, with a guarantee that it will be \
run only once. (remm)
Fix: Decouple the socket wrapper, which is not recycled, from the NIOx \
channel after close, and replace it with a dummy static object. (remm)
Fix: Clear buffers on socket wrapper close. (remm)
Fix: NIO2 failed to properly close sockets on connector stop. (remm)
Update: Reduce the default for maxConcurrentStreams on the Http2Protocol \
from 200 to 100 to align with typical defaults for HTTP/2 implementations. \
(markt)
Update: Reduce the default HTTP/2 header list size from 4GB to 32kB to align \
with typical HTTP/2 implementations. (markt)
Add: Add support for same-site cookie attribute. Patch provided by John \
Kelly. (markt)
Fix: Drop legacy NIO double socket close (close channel, then close socket). \
(remm)
Fix: Fix HTTP/2 end of stream concurrency with async. (remm)
Fix: Correct a bug in the stream flushing code that could lead to multiple \
threads processing the stream concurrently which in turn could cause errors \
processing the stream. (markt)
Cluster
Fix: 62841: Refactor the DeltaRequest serialization to reduce the window \
during which the DeltaSession is locked and to remove a potential cause of \
deadlocks during serialization. (markt)
Fix: 63441: Further streamline the processing of session creation messages \
in the DeltaManager to reduce the possibility of a session update message being \
processed before the session has been created. (markt)
WebSocket
d: Expand the explanation of how deprecated TLS configuration attributes are \
converted to the new TLS configuration style. (markt)
Tribes
Fix: Treat NoRouteToHostException the same way as SocketTimeoutException \
when checking the health of group membaven packaging. (remm)
Fix: 63403: Fix TestHttp2InitialConnection test failures when running with a \
non-English locale. (kkolinko)
Fix: Add Graal JreCompat, and use it to disable JMX and URL stream handlers. \
(remm)
Add: Expand the coverage and Expand the coverage and quality of the \
Simplified Chinese translations provided with Apache Tomcat. Includes \
contributions by 諵. (markt)
Fix: Use the test command to check for terminal availability rather than the \
tty command since the tty based te
Fix: Fix some edge cases where the docBase was not being set using a \
canonical path which in turn meant resource URLs were not being constructed as \
expected. (markt)
Fix: Fix a potential resource leak when executing CGI scripts from a WAR \
file. Identified by Coverity scan. (markt)
Fix: Fix a potential concurrency issue in the StringCache identified by \
Coverity scan. (markt)
Fix: Fix a potential concurrency issue in the main Sendfile thread of the \
APR connector. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when running a web application from a WAR \
file. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on some exception paths in the \
DataSourceRealm. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on an exception path when parsing JSP \
files. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when a JNDI lookup returns an object of \
an in compatible class. Identified by Coverity scan. (markt)
Code: Refactor ManagerServlet to avoid loading classes when filtering JNDI \
resources for resources of a specified type. (markt)
Fix: 63324: Refactor the CrawlerSessionManagerValve so that the object \
placed in the session is compatible with session serialization with mem-cached. \
Patch provided by Martin Lemanski. (markt)
Add: 63358: Expand the throwOnFailure support in the Connector to include \
the adding of a Connector to a running Service. (markt)
Add: 63361: Add a new method (Registry.disableRegistry()) that can be used \
to disable JMX registration of Tomcat components providing it is called before \
the first component is registered. (markt)
Fix: Avoid OutOfMemoryErrors and ArrayIndexOutOfBoundsExceptions when \
accessing large files via the default servlet when resource caching has been \
disabled. (markt)
Fix: Avoid a NullPointerException when a Context is defined in server.xml \
with a docBase but not the optional path. (markt)
Fix: 63333: Override the isAvailable() method in the JAASRealm so that only \
login failures caused by invalid credentials trigger account lock out when the \
LockOutRealm is in use. Patch provided by jchobantonov. (markt)
Fix: Add --no-jmx flag to allow disabling JMX in startup.Tomcat.main. (remm)
Coyote
Fix: The useAsyncIO boolean attribute on the Connector element value now \
defaults to true. (remm)
Fix: Possible HTTP/2 connection leak issue when using async with NIO. (remm)
Fix: Fix socket close discrepancies for NIO, now the wrapper close is used \
everywhere except for socket accept problems. (remm)
Fix: Implement poller timeout when using async IO with NIO. (remm)
Fix: Avoid creating and using object caches when they are disabled. (remm)
Fix: When running on newer JREs that don't support SSLv2Hello, don't warn \
that it is not available unless explicitly configured. (markt)
Fix: Change default value of pollerThreadCount of NIO to 1. (remm)
Fix: Associate BlockPoller thread name with its NIO connector for better \
readability. (remm)
Fix: The async HTTP/2 frame parser should tolerate concurrency so clearing \
shared buffers before attempting a read is not possible. (remm)
Update: Update the HTTP/2 connection preface and initial frame reading to be \
asynchronous instead of blocking IO. (remm)
Code: Refactor Hostname validation to improve performance. Patch provided by \
Uwe Hees. (markt)
Update: Add additional NIO2 style read and write methods closer to core \
NIO2, for possible use with an asynchronous workflow like CompletableFuture. \
(remm)
Fix: Expand HTTP/2 timeout handling to include connection window exhaustion \
on write. This is the fix for CVE-2019-10072. (markt)
Jasper
Fix: 63359: Ensure that the type conversions used when converting from \
strings for jsp:setProperty actions are correctly implemented as per section \
JSP.1.14.2.1 of the JSP 2.3 specification. (markt)
Other
Fix: 63335: Ensure that stack traces written by the OneLineFormatter are \
fully indented. The entire stack trace is now indented by an additional TAB \
character. (markt)
Fix: 63370: Message files (LocalStrings_*.properties) of the examples webapp \
not converted to ascii. (woonsan)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Japanese translations provided \
with Apache Tomcat. Includes contributions by motohashi.yuki. (markt)
Add: Expand the coverage and quality of the Czech translations provided with \
Apache Tomcat. Includes contributions by Arnošt Havelka. (markt)
Fix: When using the OneLineFormatter, don't print a blank line in the log \
after printing a stack trace. (markt)
Update: Update the internal fork of Apache Commons FileUpload to 41e4047 \
(2019-04-24) pick up some enhancements. (markt)
Update: Update the internal fork of Apache Commons DBCP 2 to dcdbc72 \
(2019-04-24) to pick up some clean-up and enhancements. (markt)
Update: Update the internal fork of Apache Commons Pool 2 to 0664f4d \
(2019-04-30) to pick up some enhancements and bug fixes. (markt)
2019-04-13 Tomcat 9.0.19 (markt)
Catalina
Fix: Fix wrong JMX registration regression in 9.0.18. (remm)
Coyote
Update: Add vectoring for NIO in the base and SSL channels. (remm)
Add: Add asynchronous IO from NIO2 to the NIO connector, with support for \
the async IO implementations for HTTP/2 and Websockets. The useAsyncIO boolean \
attribute on the Connector element allows enabling use of the asynchronous IO \
API. (remm)
Other
Fix: Ensure that the correct files are included in the source distribution \
for javacc based parsers depending on whether jjtree is used or not. (markt)
Fix: Ensure that text files in the source distribution have the correct line \
endings for the target platform. (markt)
not released Tomcat 9.0.18 (markt)
Catalina
Fix: 63196: Provide a default (X-Forwarded-Proto) for the protocolHeader \
attribute of the RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63235: Refactor Charset cache to reduce start time. (markt)
Fix: 63249: Use a consistent log level (WARN) when logging the failure to \
register or deregister a JMX Bean. (markt)
Fix: 63249: Use a consistent log level (ERROR) when logging the \
LifecycleException associated with the failure to start or stop a component. \
(markt)
Fix: When the SSI directive fsize is used with an invalid target, return a \
file size of - rather than 1k. (markt)
Fix: 63251: Implement a work-around for a known JRE bug (JDK-8194653) that \
may cause a dead-lock when Tomcat starts. (markt)
Fix: 63275: When using a RequestDispatcher ensure that \
HttpServletRequest.getContextPath() returns an encoded path in the dispatched \
request. (markt)
Update: Add optional listeners for Server/Listener, as a slight variant of a \
standard listener. The difference is that loading is not fatal when it fails. \
This would allow adding example configuration to the standard server.xml if \
deemed useful. Storeconfig will not attempt to persist the new listener. (remm)
Fix: 63286: Document the differences in behaviour between the LogFormat \
directive in httpd and the pattern attribute in the AccessLogValve for %D and \
%T. (markt)
Fix: 63287: Make logging levels more consistent for similar issues of \
similar severity. (markt)
Fix: 63311: Add support for https URLs to the local resolver within Tomcat \
used to resolve standard XML DTDs and schemas when Tomcat is configured to \
validate XML configuration files such as web.xml. (markt)
Fix: Encode the output of the SSI printenv command. This is the fix for \
CVE-2019-0221. (markt)
Code: Use constants for SSI encoding values. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to \
true, limit the encoded form of the individual command line arguments to those \
values allowed by RFC 3875. This restriction may be relaxed by the use of the \
new initialisation parameter cmdLineArgumentsEncoded. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to \
true, limit the decoded form of the individual command line arguments to known \
safe values when running on Windows. This restriction may be relaxed by the use \
of the new initialisation parameter cmdLineArgumentsDecoded. This is the fix for \
CVE-2019-0232. (markt)
Coyote
Fix: Fix bad interaction between NIO2 async read API and the regular read. (remm)
Fix: Refactor NIO2 write pending strategy for the classic IO API. (remm)
Fix: Restore original maxConnections default for NIO2 as the underlying \
close issues have been fixed. (remm)
Fix: Harmonize NIO2 isReadyForWrite with isReadyForRead code. (remm)
Fix: When using a JSSE TLS connector that supported ALPN (Java 9 onwards) \
and a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and \
instead dropped the connection. (markt)
Fix: Correct a regression in the TLS connector refactoring in Tomcat 9.0.17 \
that prevented the use of PKCS#8 private keys with OpenSSL based connectors. \
(markt)
Fix: Fix NIO2 SSL edge cases. (remm)
Fix: When performing an upgrade from HTTP/1.1 to HTTP/2, ensure that any \
query string present in the original HTTP/1.1 request is passed to the HTTP/2 \
request processing. (markt)
Fix: When Tomcat writes a final response without reading all of an HTTP/2 \
request, reset the stream to inform the client that the remaining request body \
is not required. (markt)
Jasper
Add: Add support for specifying Java 11 (with the value 11) as the compiler \
source and/or compiler target for JSP compilation. (markt)
Add: Add support for specifying Java 12 (with the value 12) and Java 13 \
(with the value 13) as the compiler source and/or compiler target for JSP \
compilation. If used with an ECJ version that does not support these values, a \
warning will be logged and the latest supported version will used. Based on a \
patch by Thomas Collignon. (markt)
Web applications
Fix: 63184: Expand the SSI documentation to provide more information on the \
supported directives and their attributes. Patch provided by nightwatchcyber. \
(markt)
Add: Add a note to the documentation about the risk of DoS with poorly \
written regular expressions and the RewriteValve. Patch provided by salgattas. \
(markt)
jdbc-pool
Fix: Improved maxAge handling. Add support for age check on idle \
connections. Connection that expired reconnects rather than closes it. Patch \
provided by toby1984. (kfujino)
Fix: 63320: Ensure that StatementCache caches statements that include arrays \
in arguments. (kfujino)
Other
Update: Update to the Eclipse JDT compiler 4.10. (markt)
Add: Expand the coverage and quality of the Spanish translations provided \
with Apache Tomcat. Includes contributions by Ulises Gonzalez Horta. (markt)
Add: Expand the coverage and quality of the Czech translations provided with \
Apache Tomcat. Includes contributions by Arnošt Havelka. (markt)
Add: Expand the coverage and quality of the Chinese translations provided \
with Apache Tomcat. Includes contributions by winsonzhao and wjt. (markt)
Add: Expand the coverage and quality of the Russian translations provided \
with Apache Tomcat. (kkolinko)
Add: Expand the coverage and quality of the Japanese translations provided \
with Apache Tomcat. (kfujino)
Add: Expand the coverage and quality of the Korean translations provided \
with Apache Tomcat. (woonsan)
Add: Expand the coverage and quality of the German translations provided \
with Apache Tomcat. (fschumacher)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
|
| 2019-03-26 21:59:57 by Ryo ONODERA | Files touched by this commit (3) |
Log message:
Update to 9.0.17
Changelog:
The APR/Native connector now supports both OpenSSL and JSSE
TLS configuration syntax (NIO and NIO2 already support this)
Various improvements to NIO2
Various fixes for HTTP/2 push requests
|
| 2019-01-22 15:54:41 by Ryo ONODERA | Files touched by this commit (8) |
Log message: www/apache-tomcat9: import apache-tomcat-9.0.14 Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed under the Java Community Process. Apache Tomcat is developed in an open and participatory environment and released under the Apache Software License. Apache Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. Apache Tomcat powers numerous large-scale, mission-critical web applications across a diverse range of industries and organizations. This package tracks 9.x release branch. |
New packages: