Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
apache-tomcat85: Update to 8.5.50
Changelog:
Tomcat 8.5.50 (markt)
Catalina
Add: Improvements to CsrfPreventionFilter: additional logging, allow the \
CSRF nonce request parameter name to be customized. (schultz)
Add: 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and \
friends. (michaelo)
Fix: 63964: Correct a regression in the static resource caching changes \
introduced in 9.0.28. URLs constructed from URLs obtained from the cache could \
not be used to access resources. (markt)
Fix: 63968: Fix ClassCastException in the Expires filter which was a \
regression in the fix for 63909. (markt)
Fix: 63970: Correct a regression in the static resource caching changes \
introduced in 9.0.28. Connections to URLs obtained for JAR resources could not \
be cast to JarURLConnection. (markt)
Add: 63937: Add a new attribute to the standard Authenticator \
implementations, allowCorsPreflight, that allows the Authenticators to be \
configured to allow CORS preflight requests to bypass authentication as required \
by the CORS specification. (markt)
Fix: 63939: Correct the same origin check in the CORS filter. An origin with \
an explicit default port is now considered to be the same as an origin without a \
deafult port and origins are now compared in a case-sensitive manner as required \
by the CORS specification. (markt)
Fix: 63982: CombinedRealm makes assumptions about principal implementation \
(michaelo)
Fix: 63983: Correct a regression in the static resource caching changes \
introduced in 9.0.28. A large number of file descriptors were opened that could \
reach the OS limit before being released by GC. (markt)
Update: 63987: Deprecate Realm.getRoles(Principal). (michaelo)
Code: Add a unit test for the session FileStore implementation and refactor \
loops in FileStore to use the ForEach style. Pull request provided by Govinda \
Sakhare. (markt)
Fix: Refactor FORM authentication to reduce duplicate code and to ensure \
that the authenticated Principal is not cached in the session when caching is \
disabled. (markt)
Coyote
Code: Refactor the APR poller to always use a single pollset now that the \
Windows operating systems that required multiple smaller pollsets to be used are \
no longer supported. (markt)
Update: Add vectoring for NIO in the base and SSL channels. (remm)
Add: Add async API to the NIO and APR connector. (remm)
Fix: 63931: Improve timeout handling for asyncIO to ensure that blocking \
operations see a SocketTimeoutException if one occurs. (remm/markt)
Fix: 63932: By default, do not compress content that has a strong ETag. This \
behaviour is configuration for the HTTP/1.1 and HTTP/2 connectors via the new \
Connector attribute noCompressionStrongETag. (markt)
Fix: Simplify regular endpoint writes by removing write(Non)BlockingDirect. \
All regular writes will now be buffered for a more predictable behavior. (remm)
Fix: Send an exception directly to the completion handler when a timeout \
exception occurs for the operation, and add a boolean to make sure the \
completion handler is called only once. (remm/markt)
WebSocket
Fix: Ensure a couple of very unlikely concurrency issues are avoided when \
writing WebSocket messages. (markt)
Web applications
Fix: Fix the broken re-try link on the error page for the FORM \
authentication example in the JSP section of the examples web application. \
(markt)
Fix: Correct the documentation for the maxConnections attribute of the \
Connector in the documentation web application. (markt)
Add: Add the ability to set and display session attributes in the JSP FORM \
authentication example to demonstrate session persistence across restarts for \
authenticated sessions. (markt)
Other
Fix: Correct the fix for 63815 (quoting the use of CATALINA_OPTS and \
JAVA_OPTS when used in shell scripts to avoid the expansion of *) as it caused \
various regressions, particularly with daemon.sh. (markt)
Add: Expand the search made by the Windows installer for a suitable Java \
installation to include the 64-bit JDK registry entries and the JAVA_HOME \
environment variable. Pull request provided by Alexander Norz. (markt)
Add: Expand the coverage of the German translations provided with Apache \
Tomcat. Contribution provided by Jens. (markt)
Add: Expand the coverage of the French translations provided with Apache \
Tomcat. (remm)
Add: Expand the coverage of the Japanese translations provided with Apache \
Tomcat. (markt)
Add: Expand the coverage of the Korean translations provided with Apache \
Tomcat. (woonsan)
Add: Expand the coverage of the Chinese translations provided with Apache \
Tomcat. Contributions provided by lins and 磊. (markt)
Add: Update the internal fork of Apache Commons BCEL to ff6941e (2019-12-06, \
6.4.2-dev). Code clean-up only. (markt)
Add: Update the internal fork of Apache Commons Codec to 9637dd4 \
(2019-12-06, 1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt)
Add: Update the internal fork of Apache Commons FileUpload to 2317552 \
(2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt)
Add: Update the internal fork of Apache Commons Pool 2 to 6092f92 \
(2019-12-06, 2.8.0-SNAPSHOT). Clean-up and minor refactoring. (markt)
Add: Update the internal fork of Apache Commons DBCP 2 to a36390 \
(2019-12-06, 2.7.1-SNAPSHOT). Minor refactoring. (markt)
2019-11-21 Tomcat 8.5.49 (markt)
Catalina
Fix: Correption when using a RequestDispatcher. (markt)
Add: Improvement to CsrfPreventionFilter: expose the latest available nonce \
as a request attribute; expose the expected nonce request parameter name as a \
context attribute. (schultz)
not released Tomcat 8 63872: Fix some edge cases where the docBase was not being \
set using a canonical path which in turn meant resource URLs were not being \
constructed as expected. (markt)
Fix: Make a best effort attempt to clean-up if a request fails during \
processing dle to see an updated last modified time but the content would be \
that prior to the modification. (markt)
Update: 63905 Clean up Tomcat CSS. (michaelo)
Fix: 63909: When the ExpiresFilter is used without a default and the \
response is served by the D sets a 304 (Not Found) status code. (markt)
Fix: Update the Servlet 4 preview API to reflect changes made to the API in \
the final release. Note that this preview API has been deprecated for over a \
year and may be removed as soon as the next 8.5.x release. (markt)
Fix: Refactor JMX remote RMI registry creation. (remm)
Coyote
Fix: Ensure that ServletRequest.isAsyncStarted() returns false once \
AsyncContext.complete() or AsyncContext.dispatch() has been called during \
AsyncListener.onTimeout() or AsyncListener.onError(). (markt)
Fix: 63816 and 63817: Correctly handle I/O errors after asynchronous \
processing has been started but before the container thread that started \
asynchronous processing has completed processing the current request/response. \
(markt)
Fix: 63825: When processing the Expect and Connection HTTP headers looking \
for a specific token, be stricter in ensuring that the exact token is present. \
(markt)
Fix: 63829: Improve the check of the Content-Encoding header when looking to \
see if Tomcat is serving pre-compressed content. Ensure that only a full token \
is matched and that the match is case insensitive. (markt)
Add: 63835: Add support for Keep-Alive response header. (michaelo)
Fix: 63864: Refactor parsing of the transfer-encoding request header to use \
the shared parsing code and reduce duplication. (markt)
Fix: 63865: Add Unset option to same-site cookies and pass through None \
value if set by user. Patch provided by John Kelly. (markt)
Fix: 63894: Ensure that the configured values for certificateVerification \
and certificateVerificationDepth are correctly passed to the OpenSSL based \
SSLEngine implementation. (remm/markt)
Fix: Do not perform a blocking read after a CPING message is received by the \
AJP connector because, if the JK Connector is configured with \
ping_mode="I", the CPING message will not always be followed by the \
start of a request. (markt)
Fix: Properly calculate all dynamic parts of the ErrorReportValve response \
on the fly in org.apache.coyote.http2.TestHttp2InitialConnection. (michaelo)
Jasper
Fix: 63897: Capture the timestamp of a JSP for the purposes of modification \
tracking before the JSP is compiled to prevent a race condition if the JSP is \
modified during compilation. Patch provided by Karl von Randow. (markt)
Fix: Fix a race condition that could mean changes to a modified JSP were not \
visible to end users. (markt)
WebSocket
Fix: 63913: Wrap any NullPointerExceptions throw by the Inflater or Deflater \
used by the PerMessageDeflate extension in an IOException so that the error can \
be caught and handled by the WebSocket error handling mechanism. (markt)
Web applications
Fix: Correct the description of the default value for the server attribute \
in the security How-To. (markt)
Other
Fix: 63815: Quote the use of CATALINA_OPTS and JAVA_OPTS when used in shell \
scripts to avoid the expansion of *. Note that any newlines present in \
CATALINA_OPTS and/or JAVA_OPTS will no longer removed. (markt)
Fix: 63826: Remove commons-daemon-native.tar.gz and tomcat-native.tar.gz \
from the binary zip distributions for Windows since compiled versions of those \
components are already included within the zip distributions. (markt)
Fix: 63838: Suppress reflexive access warnings when running the unit tests \
on the command line. (markt)
Fix: Add missing charsets from the HPE JVM on HP-UX to pass unit tests in \
org.apache.tomcat.util.buf.TestCharsetCache. (michaelo)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Korean translations provided \
with Apache Tomcat. (woonsan)
Add: Expand the coverage and quality of the Simplified Chinese translations \
provided with Apache Tomcat. Contributions provided by rpo130, Mason Shen, \
leeyazhou, winsonzhao, qingshi huang, Lay, Shucheng Hou and Yanming Zhou. \
(markt)
2019-10-11 Tomcat 8.5.47 (markt)
Coyote
Fix: Use URL safe base 64 encoding rather than standard base 64 encoding \
when generating or parsing the HTTP2-Settings header as part of an HTTP upgrade \
to h2c as required by RFC 7540. (markt)
Fix: 63765: NIO2 should try to unwrap after TLS handshake to avoid edge \
cases. (remm)
Fix: 63766: Ensure Processor objects are recycled when processing an HTTP \
upgrade connection that terminates before processing switches to the Processor \
for the upgraded protocol. (markt)
Jasper
Fix: 63781: When performing various checks related to the visibility of \
classes, fields and methods in the EL implementation, also check that the \
containing module has been exported. (markt)
Web Socket
Fix: 63753: Ensure that the Host header in a Web Socket HTTP upgrade request \
only contains a port if a non-default port is being used. (markt)
Fix: When running on Java 9 and above, don't attempt to instantiate \
WebSocket Endpoints found in modules that are not exported. (markt)
Web Applications
Docs: Add Javadoc for the Common Annotations API implementation. (markt)
jdbc-pool
Fix: When connections are validated without an explicit validation query, \
ensure that any transactions opened by the validation process are committed. \
Patch provided by Pascal Davoust. (markt)
Other
Code: Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was \
only used for unit tests in org.apache.tomcat.util.net.TesterSupport and has \
been moved there. (rjung)
Fix: 63759: When installing Tomcat with the Windows installer, grant \
sufficient privileges to enable the uninstaller to execute when user account \
control is active. (markt)
Add: Use a build property to define the minimum supported Java version and \
use that build property to reduce the number of edits required to update the \
minimum supported Java version. (markt)
Update: 63767: Update to Commons Daemon 1.2.2. This corrects a regression in \
Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on start \
when running on an operating system that had not been fully updated. (markt)
| Revision | Action | file |
| 1.12 | modify | pkgsrc/www/apache-tomcat85/Makefile |
| 1.12 | modify | pkgsrc/www/apache-tomcat85/distinfo |