Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Update to 8.0.30
Changelog:
Tomcat 8.0.30 (markt)
Catalina
Fix: 34319: Only load those keys in StoreBase.processExpire from JDBCStore, \
that are old enough, to be expired. Based on a patch by Tom Anderson. \
(fschumacher)
Add: 56917: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later redirects to \
use relative URIs. This is controlled by a new attribute useRelativeRedirects on \
the Context and defaults to true. (markt)
Fix: 58629: Allow an embedded Tomcat instance to start when the Service has \
no Engine configured. (markt)
Fix: 58635: Enable break points to be set within agent code when running \
Tomcat with a Java agent. Based on a patch by Huxing Zhang. (markt)
Fix: 58660: Correct a regression in 8.0.29 caused by the change that moved \
the redirection for context roots from the Mapper to the Default Servlet. \
(markt)
Fix: Fixed potential NPE in HostConfig while deploying an application. Issue \
reported by coverity scan. (violetagg)
Fix: 58655: Fix an IllegalStateException when calling \
HttpServletResponse.sendRedirect() with the RemoteIpFilter. This was caused by \
trying to correctly generate the absolute URI for the redirect. With the fix for \
56917, redirects may now be relative making the sendRedirect() implementation \
for the RemoteIpFilter much simpler. This also addresses issues where the \
redirect may not have behaved as expected when redirecting from http to https to \
from https to http. (markt)
Fix: 58657: Exceptions in a Servlet 3.1 ReadListener or WriteListener do not \
need to be immediately fatal to the connection. Allow an error response to be \
written. (markt)
Coyote
Fix: Improve upgrade context classloader handling by using Context.bind and \
unbind. (remm)
Jasper
Fix: 57136#c25: Change default value of quoteAttributeEL setting in Jasper \
to be true for better compatibility with other implementations and older \
versions of Tomcat (8.0.26/7.0.64 and earlier). Add command line option \
-no-quoteAttributeEL in JspC. (kkolinko)
Cluster
Fix: Fix potential integer overflow in DeltaSession. Reported by coverity \
scan. (fschumacher)
WebSocket
Add: 55006: The WebSocket client now honors the \
java.net.java.net.ProxySelector configuration (using the HTTP type) when \
establishing WebSocket connections to servers. Based on a patch by Niki \
Dokovski. (markt)
Fix: 58624: Correct a thread safety issue that meant that blocking message \
writes could block indefinitely if the WebSocket connection was closed while a \
message write was in progress. (markt)
Web Applications
Fix: 58631: Correct the continuation character use in the Windows Service \
How-To page of the documentation web application. (markt)
Tribes
Fix: Ensure that the static member is registered to the add suspect list \
even if the static member that is registered to the remove suspect list has \
disappeared. (kfujino)
Fix: Correct the warning log of when the member that is not registered in \
the membership is detected. (kfujino)
Fix: When using a static cluster, add the members that have been cached in \
the membership service to the map members list in order to ensure that the map \
member is a static member. (kfujino)
jdbc-pool
Fix: Correct evaluation of system property \
org.apache.tomcat.jdbc.pool.onlyAttemptCurrentClassLoader. It was basically \
ignored before. Reported by coverity scan. (fschumacher)
Fix: Fix potential integer overflow in ConnectionPool and PooledConnection. \
Reported by coverity scan. (fschumacher)
Other
Update: Update optional Checkstyle library to 6.13. (kkolinko)
2015-11-24 Tomcat 8.0.29 (markt)
General
Update: 58596: Clarify the description in RUNNING.txt of how environment \
variables are used. (markt)
Catalina
Add: Extend the fix for 57136 to provide a JSP Servlet initialisation \
parameter per web application that controls whether or not EL in JSP attributes \
is processed as if it uses JSP attribute quoting. By default, EL does not use \
JSP attribute quoting. (markt)
Fix: 57799: InputStream.available() was causing an IO operation to occur \
even in blocking mode, which caused problems with NIO2. (remm)
Add: Extend the fix for 58228 to include ServletContext.getRealPath(). (markt)
Add: 58486: Protect against two further possible memory leaks associated \
with XML parsing. (markt)
Fix: 58490: Fixed NPE thrown when scanning for \
javax.servlet.ServletContainerInitializer in case the web application is not \
extracted. (violetagg)
Code: 58497: Make AbstractHttp11Processor easy to extend. (markt)
Fix: 58508: Escape role names when generating associated MBeans in case the \
role name contains characters not permitted in an MBean name. (markt)
Fix: 58518: Correct a regression in the fix for 56777 that added support for \
URIs in config file locations. File paths on Windows could previously be \
specified with \ or / as the separator. 56777 broke that. (markt)
Fix: 58519: Fix ISE thrown by web application classloader in some error \
conditions due to trying to call initCause() on a ClassNotFoundException which \
is not permitted. (markt)
Fix: 58534: Removed repeated conditional tests in \
o.a.tomcat.websocket.pojo.PojoMethodMapping and o.a.tomcat.util.net.AprEndpoint \
Patch provided by Anthony Whitford. (violetagg)
Fix: 58535: Use Collections.reverseOrder when a reverse ordering is needed. \
(violetagg)
Fix: 58537, 58546: Some of the inner classes in \
o.a.catalina.valves.ExtendedAccessLogValve and \
o.a.tomcat.util.net.SecureNio2Channel are made static. Patch provided by Anthony \
Whitford. (violetagg)
Fix: 58540: Removed unused code from o.a.catalina.connector.Request. Patch \
provided by Anthony Whitford. (violetagg)
Fix: 58541, 58544: It is more efficient to call Integer.toString(int) \
instead of Integer.valueOf(int).toString() when only a string representation of \
a primitive is needed. Based on a patch provided by Anthony Whitford. \
(violetagg)
Fix: 58541, 58547: It is more efficient to call valueOf(...) instead of \
Number constructor. Based on a patch provided by Anthony Whitford. (violetagg)
Fix: 58545: In some use cases it is more efficient to use Map.entrySet() \
instead of Map.keySet() Based on a patch provided by Anthony Whitford. \
(violetagg)
Fix: Ensure that ServletRequest.getContentLengthLong is used instead of \
ServletRequest.getContentLength for servlets and valves provided by Tomcat. The \
API is available since Servlet specification 3.1. (violetagg)
Add: Add a new RestCsrfPreventionFilter that provides basic CSRF protection \
for REST APIs. (violetagg)
Fix: 58578: Avoid NPE accessing cookies during access logging for request \
that had no context mapping. (remm)
error page fails, fall back to the standard error page rather than throwing \
an NPE. Based on a patch by Huxing Zhang. (markt)
Fix: 58582: Combined realm should perform background processing on its \
sub-realms. Based upon a patch provided by Aidan. (schn additional check that a \
client provided session ID is in use in at least one other web application \
before allowing it to be used as the ID for a new session in the current web \
application. (markt)
Add: Add support for DIGEST authentication to the JN
Fix: Ensure that in an embedded Tomcat the logging configuration is not lost \
during garbage collection. (violetagg)
Add: Move the functionality that provides redirects for context roots and \
directories where a trailing / is added from the Mapper to the DefaultServlet. \
This enables such requests to be processed by any configured Valves and Filters \
before the redirect is made. This behaviour is configurable via the \
mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes \
of the Context which may be used to restore the previous behaviour. (markt)
Coyote
Fix: Cancel pending blocking IO operation following a timeout in the NIO2 \
connector. (remm)
Fix: Add instance manager support for upgrade handlers, and set context \
class loader. (remm)
Update: Synchronize OpenSSL to JSSE cipher mapping to recent OpenSSL \
changes. In particular, TLSv1.0 is now an alias for those ciphers that require \
TLSv1 and will not work with SSLv3. TLSv1 remains an alias for SSLv3. (markt)
Jasper
Add: Deprecate the STRICT_QUOTE_ESCAPING system property and replace it with \
an initialisation parameter for the JSP Servlet. This enables per web \
application control of this configuration setting. (markt)
Cluster
Fix: Optimize the session lock range in DeltaManager.requestCompleted. (kfujino)
Fix: Enable an explicit configuration of local member in the static cluster \
membership. (kfujino)
Tribes
Code: Distinguish the handling of the shutdown payload and member \
verification clearly. When handling shutdown payload, verification completion \
message is not required. (kfujino)
Fix: When starting the StaticMembershipInterceptor, \
StaticMembershipInterceptor checks the required Interceptors. If the required \
Interceptor does not exist, it issues warning logs. (kfujino)
WebSocket
Fix: Use instance manager for server endpoint instances. (remm)
Web applications
Add: Make it clear in the documentation for the CGI servlet that the debug \
page is not considered secure and should not be used in production. (markt)
Fix: The domain attribute of StaticMember is not required but optional. (kfujino)
jdbc-pool
Fix: 58489: Correct QueryStatsComparator to hold up the general contract for \
Comparator. (fschumacher)
Fix: When creating a QueryStats object, ensure that maxQueries is checked. \
If maxQueries is a value less than or equal to 0, QueryStats are never created. \
(kfujino)
Other
Update: Update optional Checkstyle library to 6.12.1. (kkolinko)
Add: Add support for creating a FindBugs report when building Tomcat. It is \
disabled by default. (violetagg)
2015-10-12 Tomcat 8.0.28 (markt)
Catalina
Add: Add support for the custom classpath protocol in URLs. It an be used \
anywhere Tomcat accepts a URL for a configuration parameter. (markt)
Fix: 56777: Allow file based configuration resources (user database, \
certificate revocation lists, keystores and trust stores) to be configured using \
URLs as well as files. (markt)
Fix: Perform null-checking on input and stored credentials in all Realms \
before passing credentials off to CredentialHandlers for matching. (schultz)
Coyote
Update: Add the new ciphers from RFC6655 and RFC7251 to the OpenSSL to JSSE \
cipher mapping. (markt)
Update: Remove DES, RC2 and RC4 from DEFAULT for the OpenSSL to JSSE cipher \
mapping to align with the OpenSSL development branch. (markt)
Jasper
Fix: Improve the error message when JSP parser encounters an error parsing \
an attribute value. (markt)
Web applications
Update: 58474: Provide a reference to the differences between CATALINA_HOME \
and CATALINA_BASE in the sample application that is part of the documentation \
web application. (markt)
Extras
Fix: Ensure JULI adapters does not include the LogFactoryImpl class. Patch \
provided by Benjamin Gandon. (markt)
2015-10-01 Tomcat 8.0.27 (markt)
Catalina
Fix: 58187: Correct a regression in the fix for 57765 that meant that \
deployment of web applications deployed via the Manager application was delayed \
until the next execution of the automatic deployment background process. (markt)
Fix: 58284: Correctly implement session serialization so non-serializable \
attributes are skipped with a warning. Patch provided by Andrew Shore. (markt)
Fix: 58313: Fix concurrent access of encoders map when clearing encoders \
prior to switch to async. (markt)
Fix: 58320: Fix concurrent access of request attributes which is possible \
during asynchronous processing. (markt)
Fix: 58352: Always trigger a thread dump if Tomcat fails to stop gracefully \
from catalina.sh even if using -force. Patch provided by Alexandre Garnier. \
(markt)
Fix: 58368: Fix a rare data race in the code that obtains the \
ApplicationFilterFactory instance. (markt)
Fix: 58369: Fix a rare data race in the code that obtains the \
CookieProcessor for a StandardContext instance. (markt)
Fix: Ensure the JAASRealm uses the configured CredentialHandler. (markt)
Fix: 58372: Fix rare data races closed and suspended flags that could be \
triggered by async and/or comet processing. (markt)
Fix: 58373: Fix rare data race with the application event listeners for \
StandardContext. (markt)
Fix: 58374: Fix a rare data race in the AsyncContext implementation for \
access to the internal Tomcat request object to which it holds a reference. \
(markt)
Fix: 58380: Fix two rare data races in the standard session implementation \
on the flag that tracks if the session is new and on the field that tracks the \
maximum inactive period. (markt)
Fix: 58385: Fix a rare data race in the internal flag Tomcat uses to keep \
track of whether or not a request is being used for Comet processing. (markt)
Fix: 58394: Fix a rare data race in Mapper when adding or removing a host. \
(markt)
Fix: 58398: Fix a rare data race in LifecycleSupport. (markt)
Fix: 58412: Ensure that the AsyncFileHandler has the source class and method \
name available for logging. (fschumacher)
Fix: 58416: Correctly detect when a forced stop fails to stop Tomcat because \
the Tomcat process is waiting on some system call or is uninterruptible. (markt)
Fix: 58436: Fix some rare data races in JULI's ClassLoaderLogManager during \
shutdown. (markt)
Fix: 58845: Fix off-by one error in calculation of valid characters in a \
cookie domain. Patch provided by Thorsten Ehlers. (markt)
Coyote
Fix: Correct some edge cases in RequestUtil.normalize(). (markt)
Fix: 58275: The IBM JREs accept cipher suite names starting with TLS_ or \
SSL_ but when listing the supported cipher suites only the SSL_ version is \
reported. This can break Tomcat's check that at least one requested cipher suite \
is supported. Tomcat now includes a work-around so either form of the cipher \
suite name can be used when running on an IBM JRE. (markt)
Fix: 58357: For reasons not currently understood when the APR/native \
connector is used with OpenSSL reads can return an error code when there is no \
apparent error. This was work-around for HTTP upgrade connections by treating \
this as EAGAIN. The same fix has now been applied to the standard HTTP \
connector. (markt)
Code: Minor clean-up in NIO2 SSL handshake code to address some theoretical \
concurrency issues. (markt)
Fix: 58367: Fix a rare data race in the code that obtains the reason phrase \
for a given HTTP response code. (markt)
Fix: 58370: Fix a rare data race in the connector shutdown code. (markt)
Fix: 58371: Fix a rare data race when accessing request URI in String form \
when switching from non-async to async due to early triggering of the gathering \
of request statistics. (markt)
Fix: 58375: Fix a rare data race on the internal flag Tomcat uses to mark a \
response as committed. (markt)
Fix: 58377: Fix a rare data race on the internal flag Tomcat uses to mark a \
request as using HTTP keep-alive when switching to asynchronous processing. \
(markt)
Fix: 58379: Fix a rare data race on the internal reference Tomcat retains to \
the socket when switching to asynchronous processing. (markt)
Fix: 58387: Fix a rare data race when closing Comet connections. (markt)
Fix: 58388: Fix a data race when determining if Comet processing is \
occurring on a container or non-container thread. (markt)
Fix: 58389: Fix a rare data race while shutting down the thread pools on \
Connector stop. (markt)
Code: Clean up use of error flag on socket wrapper prompted by 58390. (markt)
Code: Remove some unnecessary code from the NIO Poller and fix 58396 as a \
side-effect. (markt)
Fix: 57799: Remove useless sendfile check for NIO SSL. (remm)
Jasper
Fix: 57136: Correct a regression in the previous fix for this issue. \${ \
should only be an escape for ${ within an EL expression. Within a JSP page \$ \
should be an escape for $. The EL specification applies when parsing the \
expression delimited by ${ and }. Parsing of the delimiting ${ and } is the \
responsibility of the JSP specification. (markt)
Fix: 58296: Fix a memory leak in the JSP unloading feature that meant that \
using a value other than -1 for maxLoadedJsps triggered a memory leak once the \
limit was reached. (markt)
Fix: 58327: Cache the expression string for value expression literals since \
it is frequently used and may be expensive to evaluate. Patch provided by \
Andreas Kohn. (markt)
Fix: 58340: Improve error reporting for tag files packaged in JARs. (markt)
Fix: 58424: When parsing TLD files, allow whitespace around boolean \
configuration values. (schultz)
Fix: Fix a possible resource leak reported by coverity scan. (fschumacher)
Fix: 58427: Enforce the JSP specification defined limitations of which \
elements are allowed in an implicit.tld file. (markt)
Fix: 58444: Ensure that JSPs work with any custom base class that meets the \
requirements defined in the JSP specification without requiring that base class \
to implement Tomcat specific code. (markt)
Cluster
Fix: Fix a default clusterListeners in SimpleTcpCluster. The optimal default \
value is different for each session manager. ClusterSessionListener is never \
used in BackupManager. (kfujino)
Fix: Correct log messages in case of using BackupManager. (kfujino)
WebSocket
Fix: 58342: Fix a copy and paste error that meant MessageHandler removal \
could fail for binary and pong MessageHandlers. Patch provided by DJ. (markt)
Fix: Data races detected by RV-Predict, mostly caused by completion handlers \
running in separate threads. (markt)
Fix: 58414: Correctly handle sending zero length messages when using per \
message deflate. (markt)
Web applications
Fix: Correct documentation for cluster-howto. (kfujino)
Fix: Add missing documentation for property alwaysAddExpires for the \
LegacyCookieProcessor. (markt)
Tribes
Add: Add support for configurations of ChannelListener and \
MembershipListener in server.xml. (kfujino)
Fix: Correct log messages in case of using ReplicatedMap. (kfujino)
Fix: 58381: Fix a rare data race in the NioReceiver. (markt)
Fix: 58382: Fix multiple rare data races in the default membership \
implementation. (markt)
Fix: 58383: Fix a data race in SenderState. (markt)
Fix: 58386: Fix a data race in ObjectReader. (markt)
Fix: 58391: Fix multiple data races in NonBlockingCoordinator, most of which \
were associated with ensuring that log messages contained the correct \
information. (markt)
Fix: 58392: Fix a data race in DomainFilterInterceptor. (markt)
Fix: 58393: Fix a data race on the listener in McastService. (markt)
Fix: 58395: Fix multiple data races in MemberImpl that were likely to cause \
issues if certain properties were updated concurrently (such updates are \
unlikely in normal usage). (markt)
Code: Remove some unnecessary code from PooledParallelSender and fix 58397. \
(markt)
jdbc-pool
Fix: Make sure the pool has been properly configured when attributes that \
related to the pool size are changed via JMX. (kfujino)
Other
Fix: Ensure logging works for all tests in a class rather than just the \
first one executed. (markt)
Add: 58344: Add build properties to enable tests to be executed against \
alternative binaries. Based on a patch by Petr Sumbera. (markt)
| Revision | Action | file |
| 1.5 | modify | pkgsrc/www/apache-tomcat8/Makefile |
| 1.6 | modify | pkgsrc/www/apache-tomcat8/distinfo |