Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Update to 9.0.22
Changelog:
Tomcat 9.0.22 (markt)
Catalina
Fix: Improve parsing of Range request headers. (markt)
Fix: Range headers that specify a range unit Tomcat does not recognise \
should be ignored rather than triggering a 416 response. Based on a pull request \
by zhanhb. (markt)
Fix: When comparing a date from a If-Range header, an exact match is \
required. Based on a pull request by zhanhb. (markt)
Fix: Add an option to the default servlet to disable processing of PUT \
requests with Content-Range headers as partial PUTs. The default behaviour \
(processing as partial PUT) is unchanged. Based on a pull request by zhanhb. \
(markt)
Fix: Improve parsing of Content-Range headers. (markt)
Update: Update the recommended minimum Tomcat Native version to 1.2.23. (markt)
Coyote
Fix: Remove a source of potential deadlocks when using HTTP/2 when the \
Connector is configured with useAsyncIO as true. (markt)
Fix: 63523: Restore SSLUtilBase methods as protected to preserve \
compatibility. (remm)
Fix: Fix typo in UTF-32LE charset name. Patch by zhanhb vi Github. (fschumacher)
Fix: Once a URI is identified as invalid don't attempt to process it \
further. Based on a PR by Alex Repert. (markt)
Fix: Fix to avoid the possibility of long poll times for individual pollers \
when using mutliple pollers with APR. (markt)
Fix: Refactor the fix for 63205 so it only applies when using PKCS12 \
keystores as regressions have been reported with some other keystore types. \
(markt)
Jasper
Add: Include file names if SMAP processor is unable to delete or rename a \
class file during SMAP generation. (markt)
Update: Update to the Eclipse JDT compiler 4.12. (markt)
WebSocket
Fix: 63521: As required by the WebSocket specification, if a POJO that is \
deployed as a result of the SCI scan for annotated POJOs is subsequently \
deployed via the programmatic API ignore the programmatic deployment. (markt)
Other
Fix: Switch the check for terminal availability to test for stdin as using \
stdout does not work when output is piped to another process. Patch provided by \
Radosław Józwik. (markt)
Add: Add user buildable optional modules for easier CDI 2 and JAX-RS \
support. Also include a new documentation page describing how to use it. (remm)
2019-06-07 Tomcat 9.0.21 (markt)
Catalina
Add: 57287: Add file sorting to DefaultServlet (schultz)
Fix: Fix --no-jmx flag processing, which was called after registry \
initialization. (remm)
Fix: Ensure that a default request character encoding set on a \
ServletContext is used when calling ServletRequest#getReader(). (markt)
Fix: Make a best efforts attempt to clean-up if a request fails during \
processing due to an OutOfMemoryException. (markt)
Fix: Improve the BoM detection for static files handled by the default \
servlet for the rarely used UTF-32 encodings. Identified by Coverity Scan. \
(markt)
Fix: Ensure that the default servlet reads the entire global XSLT file if \
one is defined. Identified by Coverity Scan. (markt)
Fix: Avoid potential NullPointerException when generating an HTTP Allow \
header. Identified by Coverity Scan. (markt)
Code: Add Context.createInstanceManager() for easier framework integration. \
(remm)
Code: Add utility org.apache.catalina.core.FrameworkListener to allow \
replicating adding a Listener to context.xml in a programmatic way. (remm)
Code: Move Container.ADD_CHILD_EVENT to before the child container start, \
and Container.REMOVE_CHILD_EVENT to before removal of the child from the \
internal child collection. (remm)
Add: Remove any fragment included in the target path used to obtain a \
RequestDispatcher. The requested target path is logged as a warning since this \
is an application error. (markt)
Coyote
Fix: NIO poller seems to create some unwanted concurrency, causing rare CI \
test failures. Add sync when processing async operation to avoid this. (remm)
Fix: Fix concurrency issue that lead to incorrect HTTP/2 connection timeout. \
(remm/markt)
Fix: Avoid useless exception wrapping in async IO. (remm)
Fix: 63412: Security manager failure when using the async IO API from a \
webapp. (remm)
Fix: Remove acceptorThreadCount Connector attribute, one accept thread is \
sufficient. As documented, value 2 was the only other sensible value, but \
without and impact beyond certain microbenchmarks. (remm)
Fix: Avoid possible NPEs on connector stop. (remm)
Update: Remove pollerThreadCount Connector attribute for NIO, one poller \
thread is sufficient. (remm)
Add: Add async IO for APR connector for consistency, but disable it by \
default due to low performance. (remm)
Fix: Avoid blocking write of internal buffer when using async IO. (remm)
Code: Refactor async IO implementation to the SocketWrapperBase. (remm)
Update: Refactor SocketWrapperBase close using an atomic boolean and a \
doClose method that subclasses will implement, with a guarantee that it will be \
run only once. (remm)
Fix: Decouple the socket wrapper, which is not recycled, from the NIOx \
channel after close, and replace it with a dummy static object. (remm)
Fix: Clear buffers on socket wrapper close. (remm)
Fix: NIO2 failed to properly close sockets on connector stop. (remm)
Update: Reduce the default for maxConcurrentStreams on the Http2Protocol \
from 200 to 100 to align with typical defaults for HTTP/2 implementations. \
(markt)
Update: Reduce the default HTTP/2 header list size from 4GB to 32kB to align \
with typical HTTP/2 implementations. (markt)
Add: Add support for same-site cookie attribute. Patch provided by John \
Kelly. (markt)
Fix: Drop legacy NIO double socket close (close channel, then close socket). \
(remm)
Fix: Fix HTTP/2 end of stream concurrency with async. (remm)
Fix: Correct a bug in the stream flushing code that could lead to multiple \
threads processing the stream concurrently which in turn could cause errors \
processing the stream. (markt)
Cluster
Fix: 62841: Refactor the DeltaRequest serialization to reduce the window \
during which the DeltaSession is locked and to remove a potential cause of \
deadlocks during serialization. (markt)
Fix: 63441: Further streamline the processing of session creation messages \
in the DeltaManager to reduce the possibility of a session update message being \
processed before the session has been created. (markt)
WebSocket
d: Expand the explanation of how deprecated TLS configuration attributes are \
converted to the new TLS configuration style. (markt)
Tribes
Fix: Treat NoRouteToHostException the same way as SocketTimeoutException \
when checking the health of group membaven packaging. (remm)
Fix: 63403: Fix TestHttp2InitialConnection test failures when running with a \
non-English locale. (kkolinko)
Fix: Add Graal JreCompat, and use it to disable JMX and URL stream handlers. \
(remm)
Add: Expand the coverage and Expand the coverage and quality of the \
Simplified Chinese translations provided with Apache Tomcat. Includes \
contributions by 諵. (markt)
Fix: Use the test command to check for terminal availability rather than the \
tty command since the tty based te
Fix: Fix some edge cases where the docBase was not being set using a \
canonical path which in turn meant resource URLs were not being constructed as \
expected. (markt)
Fix: Fix a potential resource leak when executing CGI scripts from a WAR \
file. Identified by Coverity scan. (markt)
Fix: Fix a potential concurrency issue in the StringCache identified by \
Coverity scan. (markt)
Fix: Fix a potential concurrency issue in the main Sendfile thread of the \
APR connector. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when running a web application from a WAR \
file. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on some exception paths in the \
DataSourceRealm. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on an exception path when parsing JSP \
files. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when a JNDI lookup returns an object of \
an in compatible class. Identified by Coverity scan. (markt)
Code: Refactor ManagerServlet to avoid loading classes when filtering JNDI \
resources for resources of a specified type. (markt)
Fix: 63324: Refactor the CrawlerSessionManagerValve so that the object \
placed in the session is compatible with session serialization with mem-cached. \
Patch provided by Martin Lemanski. (markt)
Add: 63358: Expand the throwOnFailure support in the Connector to include \
the adding of a Connector to a running Service. (markt)
Add: 63361: Add a new method (Registry.disableRegistry()) that can be used \
to disable JMX registration of Tomcat components providing it is called before \
the first component is registered. (markt)
Fix: Avoid OutOfMemoryErrors and ArrayIndexOutOfBoundsExceptions when \
accessing large files via the default servlet when resource caching has been \
disabled. (markt)
Fix: Avoid a NullPointerException when a Context is defined in server.xml \
with a docBase but not the optional path. (markt)
Fix: 63333: Override the isAvailable() method in the JAASRealm so that only \
login failures caused by invalid credentials trigger account lock out when the \
LockOutRealm is in use. Patch provided by jchobantonov. (markt)
Fix: Add --no-jmx flag to allow disabling JMX in startup.Tomcat.main. (remm)
Coyote
Fix: The useAsyncIO boolean attribute on the Connector element value now \
defaults to true. (remm)
Fix: Possible HTTP/2 connection leak issue when using async with NIO. (remm)
Fix: Fix socket close discrepancies for NIO, now the wrapper close is used \
everywhere except for socket accept problems. (remm)
Fix: Implement poller timeout when using async IO with NIO. (remm)
Fix: Avoid creating and using object caches when they are disabled. (remm)
Fix: When running on newer JREs that don't support SSLv2Hello, don't warn \
that it is not available unless explicitly configured. (markt)
Fix: Change default value of pollerThreadCount of NIO to 1. (remm)
Fix: Associate BlockPoller thread name with its NIO connector for better \
readability. (remm)
Fix: The async HTTP/2 frame parser should tolerate concurrency so clearing \
shared buffers before attempting a read is not possible. (remm)
Update: Update the HTTP/2 connection preface and initial frame reading to be \
asynchronous instead of blocking IO. (remm)
Code: Refactor Hostname validation to improve performance. Patch provided by \
Uwe Hees. (markt)
Update: Add additional NIO2 style read and write methods closer to core \
NIO2, for possible use with an asynchronous workflow like CompletableFuture. \
(remm)
Fix: Expand HTTP/2 timeout handling to include connection window exhaustion \
on write. This is the fix for CVE-2019-10072. (markt)
Jasper
Fix: 63359: Ensure that the type conversions used when converting from \
strings for jsp:setProperty actions are correctly implemented as per section \
JSP.1.14.2.1 of the JSP 2.3 specification. (markt)
Other
Fix: 63335: Ensure that stack traces written by the OneLineFormatter are \
fully indented. The entire stack trace is now indented by an additional TAB \
character. (markt)
Fix: 63370: Message files (LocalStrings_*.properties) of the examples webapp \
not converted to ascii. (woonsan)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Japanese translations provided \
with Apache Tomcat. Includes contributions by motohashi.yuki. (markt)
Add: Expand the coverage and quality of the Czech translations provided with \
Apache Tomcat. Includes contributions by Arnošt Havelka. (markt)
Fix: When using the OneLineFormatter, don't print a blank line in the log \
after printing a stack trace. (markt)
Update: Update the internal fork of Apache Commons FileUpload to 41e4047 \
(2019-04-24) pick up some enhancements. (markt)
Update: Update the internal fork of Apache Commons DBCP 2 to dcdbc72 \
(2019-04-24) to pick up some clean-up and enhancements. (markt)
Update: Update the internal fork of Apache Commons Pool 2 to 0664f4d \
(2019-04-30) to pick up some enhancements and bug fixes. (markt)
2019-04-13 Tomcat 9.0.19 (markt)
Catalina
Fix: Fix wrong JMX registration regression in 9.0.18. (remm)
Coyote
Update: Add vectoring for NIO in the base and SSL channels. (remm)
Add: Add asynchronous IO from NIO2 to the NIO connector, with support for \
the async IO implementations for HTTP/2 and Websockets. The useAsyncIO boolean \
attribute on the Connector element allows enabling use of the asynchronous IO \
API. (remm)
Other
Fix: Ensure that the correct files are included in the source distribution \
for javacc based parsers depending on whether jjtree is used or not. (markt)
Fix: Ensure that text files in the source distribution have the correct line \
endings for the target platform. (markt)
not released Tomcat 9.0.18 (markt)
Catalina
Fix: 63196: Provide a default (X-Forwarded-Proto) for the protocolHeader \
attribute of the RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63235: Refactor Charset cache to reduce start time. (markt)
Fix: 63249: Use a consistent log level (WARN) when logging the failure to \
register or deregister a JMX Bean. (markt)
Fix: 63249: Use a consistent log level (ERROR) when logging the \
LifecycleException associated with the failure to start or stop a component. \
(markt)
Fix: When the SSI directive fsize is used with an invalid target, return a \
file size of - rather than 1k. (markt)
Fix: 63251: Implement a work-around for a known JRE bug (JDK-8194653) that \
may cause a dead-lock when Tomcat starts. (markt)
Fix: 63275: When using a RequestDispatcher ensure that \
HttpServletRequest.getContextPath() returns an encoded path in the dispatched \
request. (markt)
Update: Add optional listeners for Server/Listener, as a slight variant of a \
standard listener. The difference is that loading is not fatal when it fails. \
This would allow adding example configuration to the standard server.xml if \
deemed useful. Storeconfig will not attempt to persist the new listener. (remm)
Fix: 63286: Document the differences in behaviour between the LogFormat \
directive in httpd and the pattern attribute in the AccessLogValve for %D and \
%T. (markt)
Fix: 63287: Make logging levels more consistent for similar issues of \
similar severity. (markt)
Fix: 63311: Add support for https URLs to the local resolver within Tomcat \
used to resolve standard XML DTDs and schemas when Tomcat is configured to \
validate XML configuration files such as web.xml. (markt)
Fix: Encode the output of the SSI printenv command. This is the fix for \
CVE-2019-0221. (markt)
Code: Use constants for SSI encoding values. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to \
true, limit the encoded form of the individual command line arguments to those \
values allowed by RFC 3875. This restriction may be relaxed by the use of the \
new initialisation parameter cmdLineArgumentsEncoded. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to \
true, limit the decoded form of the individual command line arguments to known \
safe values when running on Windows. This restriction may be relaxed by the use \
of the new initialisation parameter cmdLineArgumentsDecoded. This is the fix for \
CVE-2019-0232. (markt)
Coyote
Fix: Fix bad interaction between NIO2 async read API and the regular read. (remm)
Fix: Refactor NIO2 write pending strategy for the classic IO API. (remm)
Fix: Restore original maxConnections default for NIO2 as the underlying \
close issues have been fixed. (remm)
Fix: Harmonize NIO2 isReadyForWrite with isReadyForRead code. (remm)
Fix: When using a JSSE TLS connector that supported ALPN (Java 9 onwards) \
and a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and \
instead dropped the connection. (markt)
Fix: Correct a regression in the TLS connector refactoring in Tomcat 9.0.17 \
that prevented the use of PKCS#8 private keys with OpenSSL based connectors. \
(markt)
Fix: Fix NIO2 SSL edge cases. (remm)
Fix: When performing an upgrade from HTTP/1.1 to HTTP/2, ensure that any \
query string present in the original HTTP/1.1 request is passed to the HTTP/2 \
request processing. (markt)
Fix: When Tomcat writes a final response without reading all of an HTTP/2 \
request, reset the stream to inform the client that the remaining request body \
is not required. (markt)
Jasper
Add: Add support for specifying Java 11 (with the value 11) as the compiler \
source and/or compiler target for JSP compilation. (markt)
Add: Add support for specifying Java 12 (with the value 12) and Java 13 \
(with the value 13) as the compiler source and/or compiler target for JSP \
compilation. If used with an ECJ version that does not support these values, a \
warning will be logged and the latest supported version will used. Based on a \
patch by Thomas Collignon. (markt)
Web applications
Fix: 63184: Expand the SSI documentation to provide more information on the \
supported directives and their attributes. Patch provided by nightwatchcyber. \
(markt)
Add: Add a note to the documentation about the risk of DoS with poorly \
written regular expressions and the RewriteValve. Patch provided by salgattas. \
(markt)
jdbc-pool
Fix: Improved maxAge handling. Add support for age check on idle \
connections. Connection that expired reconnects rather than closes it. Patch \
provided by toby1984. (kfujino)
Fix: 63320: Ensure that StatementCache caches statements that include arrays \
in arguments. (kfujino)
Other
Update: Update to the Eclipse JDT compiler 4.10. (markt)
Add: Expand the coverage and quality of the Spanish translations provided \
with Apache Tomcat. Includes contributions by Ulises Gonzalez Horta. (markt)
Add: Expand the coverage and quality of the Czech translations provided with \
Apache Tomcat. Includes contributions by Arnošt Havelka. (markt)
Add: Expand the coverage and quality of the Chinese translations provided \
with Apache Tomcat. Includes contributions by winsonzhao and wjt. (markt)
Add: Expand the coverage and quality of the Russian translations provided \
with Apache Tomcat. (kkolinko)
Add: Expand the coverage and quality of the Japanese translations provided \
with Apache Tomcat. (kfujino)
Add: Expand the coverage and quality of the Korean translations provided \
with Apache Tomcat. (woonsan)
Add: Expand the coverage and quality of the German translations provided \
with Apache Tomcat. (fschumacher)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
| Revision | Action | file |
| 1.3 | modify | pkgsrc/www/apache-tomcat9/Makefile |
| 1.3 | modify | pkgsrc/www/apache-tomcat9/PLIST |
| 1.3 | modify | pkgsrc/www/apache-tomcat9/distinfo |