Log Message:
Update to 7.0.54

* Fix CVE-2014-0119

Changelog:
Tomcat 7.0.54 (violetagg)

    Catalina

        fix	Fix custom UTF-8 decoder so that a byte of value 0xC1 is always \ 
rejected immediately as it is never valid in a UTF-8 byte sequence. Update UTF-8 \ 
decoder tests to account for UTF-8 decoding improvements in Java 8. The custom \ 
UTF-8 decoder is still required due to bugs in the UTF-8 decoder provided by \ 
Java. Java 8's decoder is better than Java 7's but it is still buggy. (markt)
        fix	56027: Add more options for managing FIPS mode in the \ 
AprLifecycleListener. (schultz/kkolinko)
        fix	56321: When a WAR is modified, undeploy the web application before \ 
deleting any expanded directory as the undeploy process may refer to classes \ 
that need to be loaded from the expanded directory. If the expanded directory is \ 
deleted first, any attempt to load a new class during undeploy will fail. \ 
(markt)
        fix	56339: Avoid an infinite loop if an application calls \ 
session.invalidate() from the session destroyed event for that session. (markt)
        update	56365: Simplify file name pattern matching code in \ 
StandardJarScanner. Ignore leading and trailing whitespace and empty strings \ 
when configuring patterns. Improve documentation. (kkolinko)
        fix	56369: Ensure that removing an MBean notification listener reverts \ 
all the operations performed when adding an MBean notification listener. (markt)
        add	56382: Information about finished deployment and its execution time \ 
is added to the log files. Patch is provided by Danila Galimov. (violetagg)
        add	56383: Properties for disabling server information and error report \ 
are added to the org.apache.catalina.valves.ErrorReportValve. Based on the patch \ 
provided by Nick Bunn. (violetagg/kkolinko)
        fix	Only create XML parsing objects if required and fix associated \ 
potential memory leak in the default Servlet. (markt)
        fix	Modify generic exception handling so that StackOverflowError is not \ 
treated as a fatal error and can handled and/or logged as required. (markt)
        fix	56409: Avoid StackOverflowError on non-Windows systems if a file \ 
named \ is encountered when scanning for TLDs. (markt)
        add	56430: Extend checks for suspicious URL patterns to include patterns \ 
of the form *.a.b which are not valid patterns for extension mappings. (markt)
        add	Extend XML factory, parser etc. memory leak protection to cover some \ 
additional locations where, theoretically, a memory leak could occur. (markt)
        fix	Ensure that a TLD parser obtained from the cache has the correct \ 
value of blockExternal. (markt)
        fix	56441: Raise the visibility of exceptions thrown when a problem is \ 
encountered calling a getter or setter on a component attribute. The logging \ 
level is raised from debug to warning. (markt)
        fix	56451: Make resources accessed via a context alias accessible via \ 
JNDI in the same way standard resources are available. (markt)
        add	56463: Property for disabling server information is added to the \ 
DefaultServlet. Server information is presented in the response sent to the \ 
client when directory listings is enabled. (violetagg)
        add	Add the org.apache.naming package to the packages requiring code to \ 
have the defineClassInPackage permission when running under a security manager. \ 
(markt)
        add	Add the org.apache.naming.resources package to the packages \ 
requiring code to have the accessClassInPackage permission when running under a \ 
security manager. (markt)
        fix	Make the naming context tokens for containers more robust. Require \ 
RuntimePermission when introducing a new token. (markt/kkolinko)
        fix	56472: Allow NamingContextListener to clean up on stop if its start \ 
failed. (kkolinko)
        add	56492: Avoid eclipse debugger pausing on uncaught exceptions when \ 
tomcat renews its threads. (slaurent)
        fix	Minor fixes to ThreadLocalLeakPreventionListener. Do not trigger \ 
threads renewal for failed contexts. Do not ignore threadRenewalDelay setting. \ 
Improve documentation. (kkolinko)
        fix	Correct regression introduced in r797162 that broke authentication \ 
of users when using the JAASMemoryLoginModule. (markt)
        fix	56501: HttpServletRequest.getContextPath() should return the \ 
undecoded context path used by the user agent. (markt)
        fix	56523: When using SPNEGO authentication, log the exceptions \ 
associated with failed user logins at debug level rather than error level. \ 
(markt)
        fix	56536: Ensure that HttpSessionBindingListener.valueUnbound() uses \ 
the correct class loader when the SingleSignOn valve is used. (markt)

    Coyote

        add	56399: Assert that both Coyote and Catalina request objects have \ 
been properly recycled. (kkolinko)
        fix	56416: Correct documentation for default value of socket linger for \ 
the AJP and HTTP connectors. (markt)

    Jasper

        fix	56334: Fix a regression in the handling of back-slash escaping \ 
introduced by the fix for 55735. (markt/kkolinko)
        fix	56425: Improve method matching for EL expressions. When looking for \ 
matching methods, an exact match between parameter types is preferred followed \ 
by an assignable match followed by a coercible match. (markt)
        fix	Correct the handling of back-slash escaping in the EL parser and no \ 
longer require that \$ or \# must be followed by { in order for the back-slash \ 
escaping to take effect. (markt)
        fix	56529: Avoid NoSuchElementException while handling attributes with \ 
empty string value in custom tags. Patch provided by Hariprasad Manchi. \ 
(violetagg)

    Cluster

        fix	Remove cluster and replicationValve from cluster manager template. \ 
These instance are not necessary to template. (kfujino)
        fix	Add support for cross context session replication to \ 
org.apache.catalina.ha.session.BackupManager. (kfujino)
        fix	Remove the unnecessary cross context check. It does not matter \ 
whether the context that is referenced by other context is set to \ 
crossContext=true. The context that refers to the different context must be set \ 
to crossContext=true. (kfujino)
        code	Move to org.apache.catalina.ha.session.ClusterManagerBase common \ 
logics of org.apache.catalina.ha.session.BackupManager and \ 
org.apache.catalina.ha.session.DeltaManager. (kfujino)
        code	Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster. In order to add \ 
or remove cluster valve to Container, use pipeline instead of \ 
IntrospectionUtils. (kfujino)
        fix	There is no need to set cluster instance when \ 
SimpleTcpCluster.unregisterClusterValve is called. Set null than cluster \ 
instance for cleanup. (kfujino)
        code	Backport refactoring of AbstractReplicatedMap to implement Map \ 
rather than extend ConcurrentHashMap to enable Tomcat 7 to be built with Java 8. \ 
(markt)

    WebSocket

        fix	56343: Avoid a NPE if Tomcat's Java WebSocket 1.0 implementation is \ 
used with the Java WebSocket 1.0 API JAR from the reference implementation. \ 
(markt)
        fix	Increase the default maximum size of the executor used by the \ 
WebSocket implementation for call backs associated with asynchronous writes from \ 
10 to 200. (markt)
        add	Add a warning if the thread group created for WebSocket asynchronous \ 
write call backs can not be destroyed when the web application is stopped. \ 
(markt)
        fix	Ensure that threads created to support WebSocket clients are stopped \ 
when no longer required. This will happen automatically for WebSocket client \ 
connections initiated by web applications but stand alone clients must call \ 
WsWebSocketContainer.destroy(). (markt)
        fix	56449: When creating a new session, add the message handlers to the \ 
session before calling Endpoint.onOpen() so the message handlers are in place \ 
should the onOpen() method trigger the sending of any messages. (markt)
        fix	56458: Report WebSocket sessions that are created over secure \ 
connections as secure rather than as not secure. (markt)
        fix	Stop threads used for secure WebSocket client connections when they \ 
are no longer required and give them better names for easier debugging while \ 
they are running. (markt)

    Web applications

        fix	Add Support for copyXML attribute of Host to Host Manager. (kfujino)
        fix	Ensure that "name" request parameter is used as a \ 
application base of host if "webapps" request parameter is not set \ 
when adding host in HostManager Application. (kfujino)
        fix	Correct documentation on Windows service options, aligning it with \ 
Apache Commons Daemon documentation. (kkolinko)
        update	55215: Improve log4j configuration example. Clarify access \ 
logging documentation. Based on patches provided by Brian Burch. (kkolinko)
        update	55383: Backport improved HTML markup for tables and code \ 
fragments from Tomcat 8 documentation. (kkolinko)
        fix	56418: Ensure that the Manager web application does not report \ 
success for a web application deployment that fails. (slaurent)
        fix	Fix target and rel attributes on links in documentation. They were \ 
lost during XSLT transformation. (kkolinko)
        update	Improve valves documentation. Split valves into groups. (kkolinko)

    Other

        fix	Align DisplayName of Tomcat installed by service.bat with one \ 
installed by the *.exe installer. Print a warning in case if neither server nor \ 
client jvm is found by service.bat. (kkolinko)
        update	56363: Update to version 1.1.30 of Tomcat Native library. (schultz)
        update	Update package renamed Apache Commons BCEL to r1593495 to pick up \ 
some additional changes for Java 7 support and some code clean up. (markt)
        add	In tests: allow to configure directory where JUnit reports and \ 
access log are written to. (kkolinko)