Path to this page:
Subject: CVS commit: pkgsrc/www/apache-tomcat9
From: Ryo ONODERA
Date: 2020-01-13 08:48:10
Message id: 20200113074810.5EB7EFBF4@cvs.NetBSD.org
Log Message:
apache-tomcat9: Update to 9.0.30
Changelog:
Tomcat 9.0.30 (markt)
Catalina
Add: 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and \
friends. (michaelo)
Fix: 63964: Correct a regression in the static resource caching changes \
introduced in 9.0.28. URLs constructed from URLs obtained from the cache could \
not be used to access resources. (markt)
Fix: 63970: Correct a regression in the static resource caching changes \
introduced in 9.0.28. Connections to URLs obtained for JAR resources could not \
be cast to JarURLConnection. (markt)
Add: 63937: Add a new attribute to the standard Authenticator \
implementations, allowCorsPreflight, that allows the Authenticators to be \
configured to allow CORS preflight requests to bypass authentication as required \
by the CORS specification. (markt)
Fix: 63939: Correct the same origin check in the CORS filter. An origin with \
an explicit default port is now considered to be the same as an origin without a \
deafult port and origins are now compared in a case-sensitive manner as required \
by the CORS specification. (markt)
Fix: 63981: Allow multiple calls to Registry.disableRegistry() without the \
second and subsequent calls triggering the logging of a warning. Based on a \
patch by Andy Wilkinson. (markt)
Fix: 63982: CombinedRealm makes assumptions about principal implementation \
(michaelo)
Fix: 63983: Correct a regression in the static resource caching changes \
introduced in 9.0.28. A large number of file descriptors were opened that could \
reach the OS limit before being released by GC. (markt)
Update: 63987: Deprecate Realm.getRoles(Principal). (michaelo)
Code: Add a unit test for the session FileStore implementation and refactor \
loops in FileStore to use the ForEach style. Pull request provided by Govinda \
Sakhare. (markt)
Update: Moved server-side include (SSI) module into a separate JAR library. \
(schultz)
Fix: Refactor FORM authentication to reduce duplicate code and to ensure \
that the authenticated Principal is not cached in the session when caching is \
disabled. (markt)
Coyote
Fix: Fix endpoint closeSocket and destroySocket discrepancies, in particular \
in the APR connector. (remm)
Fix: Harmonize maxConnections default value to 8192 across all connectors. (remm)
Fix: 63931: Improve timeout handling for asyncIO to ensure that blocking \
operations see a SocketTimeoutException if one occurs. (remm/markt)
Fix: 63932: By default, do not compress content that has a strong ETag. This \
behaviour is configuration for the HTTP/1.1 and HTTP/2 connectors via the new \
Connector attribute noCompressionStrongETag. (markt)
Fix: 63949: Fix non blocking write problems with NIO due to the need for a \
write loop. (remm)
Fix: Simplify regular endpoint writes by removing write(Non)BlockingDirect. \
All regular writes will now be buffered for a more predictable behavior. (remm)
Fix: Send an exception directly to the completion handler when a timeout \
exception occurs for the operation, and add a boolean to make sure the \
completion handler is called only once. (remm/markt)
WebSocket
Fix: Ensure a couple of very unlikely concurrency issues are avoided when \
writing WebSocket messages. (markt)
Web applications
Fix: Fix the broken re-try link on the error page for the FORM \
authentication example in the JSP section of the examples web application. \
(markt)
Add: Improvements to CsrfPreventionFilter: additional logging, allow the \
CSRF nonce request parameter name to be customized. (schultz)
Fix: Correct the documentation for the maxConnections attribute of the \
Connector in the documentation web application. (markt)
Add: Add the ability to set and display session attributes in the JSP FORM \
authentication example to demonstrate session persistence across restarts for \
authenticated sessions. (markt)
Other
Fix: Correct the fix for 63815 (quoting the use of CATALINA_OPTS and \
JAVA_OPTS when used in shell scripts to avoid the expansion of *) as it caused \
various regressions, particularly with daemon.sh. (markt)
Update: Update the OWB module to Apache OpenWebBeans 2.0.13. (remm)
Update: Support Java 11 in Graal Native Images with Graal 19.3+. (remm)
Add: Expand the search made by the Windows installer for a suitable Java \
installation to include the 64-bit JDK registry entries and the JAVA_HOME \
environment variable. Pull request provided by Alexander Norz. (markt)
Add: Expand the coverage of the Korean translations provided with Apache \
Tomcat. (woonsan)
Add: Expand the coverage of the French translations provided with Apache \
Tomcat. (remm)
Add: Expand the coverage of the Chinese translations provided with Apache \
Tomcat. Contributions provided by lins and 磊. (markt)
Add: Update the internal fork of Apache Commons BCEL to ff6941e (2019-12-06, \
6.4.2-dev). Code clean-up only. (markt)
Add: Update the internal fork of Apache Commons Codec to 9637dd4 \
(2019-12-06, 1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt)
Add: Update the internal fork of Apache Commons FileUpload to 2317552 \
(2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt)
Add: Update the internal fork of Apache Commons Pool 2 to 6092f92 \
(2019-12-06, 2.8.0-SNAPSHOT). Clean-up and minor refactoring. (markt)
Add: Update the internal fork of Apache Commons DBCP 2 to a36390 \
(2019-12-06, 2.7.1-SNAPSHOT). Minor refactoringremote RMI registry creation. \
(remm)
Add: Improvement to CsrfPreventionFilter: expose the latest available nonce \
as a request attribute; expose the expected nonce request parameter name as a \
context attribute. (schultz)
Coyote
Add: 63835: Add suormance of the HTTP and AJP connectors if socket.txBufSize \
is configured with an explicit value rather than using the JVM default. (markt)
Other
Fix: Improve OWB module based using custom shade appender. (remm)
Fix: Add security filter in OWB mo error occurs on stop. (remm)
Add: Add more details on the usage of RewriteMap functionality in the \
RewriteValve. (fschumacher)
Fix: 63836 Ensure that references to the Host object are cleared once the \
Host instance is destroyed. (markt)
Fix: static files (including JSP files) goes via the cache so that a \
consistent view of the static files is seen. Prior to this change it was \
possible to see an updated last modified time but the content would be that \
prior to the modification. (markt)
Update: 63905 Clean up Tomcat CSS. (michaelo)
Fix: 63909: When the ExpiresFilter is used without a default and the \
response is served by the Default Servlet, ensure that the filter processes the \
response if the Default Servlet sets a 304 (Not Found) status code. (markt)
Coyote
Fix: Ensure that ServletRequest.isAsyncStarted() returns false once \
AsyncContext.complete() or AsyncContext.dispatch() has been called during \
AsyncListener.onTimeout() or AsyncListener.onError(). (markt)
Fix: 63816 and 63817: Correctly handle I/O errors after asynchronous \
processing has been started but before the container thread that started \
asynchronous processing has completed processing the current request/response. \
(markt)
Fix: 63825: When processing the Expect and Connection HTTP headers looking \
for a specific token, be stricter in ensuring that the exact token is present. \
(markt)
Fix: 63829: Improve the check of the Content-Encoding header when looking to \
see if Tomcat is serving pre-compressed content. Ensure that only a full token \
is matched and that the match is case insensitive. (markt)
Fix: 63864: Refactor parsing of the transfer-encoding request header to use \
the shared parsing code and reduce duplication. (markt)
Fix: 63865: Add Unset option to same-site cookies and pass through None \
value if set by user. Patch provided by John Kelly. (markt)
Fix: 63879: Remove stack trace from debug logging on socket wrapper close. (remm)
Update: Add connection tracking on the connector endpoint to remove \
excessive concurrency in the protocol handler when maintaining an association \
between the socket wrapper and its current processor. (remm)
Fix: 63894: Ensure that the configured values for certificateVerification \
and certificateVerificationDepth are correctly passed to the OpenSSL based \
SSLEngine implementation. (remm/markt)
Fix: Improve cleanup after errors when setting socket options. (remm)
Fix: Do not perform a blocking read after a CPING message is received by the \
AJP connector because, if the JK Connector is configured with \
ping_mode="I", the CPING message will not always be followed by the \
start of a request. (markt)
Fix: Properly calculate all dynamic parts of the ErrorReportValve response \
on the fly in org.apache.coyote.http2.TestHttp2InitialConnection. (michaelo)
Jasper
Fix: 63897: Capture the timestamp of a JSP for the purposes of modification \
tracking before the JSP is compiled to prevent a race condition if the JSP is \
modified during compilation. Patch provided by Karl von Randow. (markt)
Fix: Fix a race condition that could mean changes to a modified JSP were not \
visible to end users. (markt)
WebSocket
Fix: 63913: Wrap any NullPointerExceptions throw by the Inflater or Deflater \
used by the PerMessageDeflate extension in an IOException so that the error can \
be caught and handled by the WebSocket error handling mechanism. (markt)
Web applications
Fix: Correct the description of the default value for the server attribute \
in the security How-To. (markt)
Other
Fix: 63815: Quote the use of CATALINA_OPTS and JAVA_OPTS when used in shell \
scripts to avoid the expansion of *. Note that any newlines present in \
CATALINA_OPTS and/or JAVA_OPTS will no longer removed. (markt)
Fix: 63826: Remove commons-daemon-native.tar.gz and tomcat-native.tar.gz \
from the binary zip distributions for Windows since compiled versions of those \
components are already included within the zip distributions. (markt)
Fix: 63838: Suppress reflexive access warnings when running the unit tests \
on the command line. (markt)
Fix: Add missing charsets from the HPE JVM on HP-UX to pass unit tests in \
org.apache.tomcat.util.buf.TestCharsetCache. (michaelo)
Update: Update the CXF module to Apache CXF 3.3.4. (remm)
Add: Expand the coverage and quality of the French translations provided \
with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Japanese translations provided \
with Apache Tomcat. Patch provided by motohashi.yuki. (markt)
Add: Expand the coverage and quality of the Simplified Chinese translations \
provided with Apache Tomcat. Contributions provided by rpo130, Mason Shen, \
leeyazhou, winsonzhao, qingshi huang, Lay, Shucheng Hou and Yanming Zhou. \
(markt)
Add: Expand the coverage and quality of the Brazilian Portuguese \
translations provided with Apache Tomcat. Patch provided by Danielamorais. \
(markt)
2019-10-11 Tomcat 9.0.27 (markt)
Catalina
Fix: Correct a regression introduced in 9.0.25 that prevented configuration \
files from being loaded from the class path. (markt)
Coyote
Fix: Use URL safe base 64 encoding rather than standard base 64 encoding \
when generating or parsing the HTTP2-Settings header as part of an HTTP upgrade \
to h2c as required by RFC 7540. (markt)
Fix: 63765: NIO2 should try to unwrap after TLS handshake to avoid edge \
cases. (remm)
Fix: 63766: Ensure Processor objects are recycled when processing an HTTP \
upgrade connection that terminates before processing switches to the Processor \
for the upgraded protocol. (markt)
Fix: Fix a memory leak introduced by the HTTP/2 timeout refactoring in \
9.0.23 that could occur when HTTP/2 or WebSocket was used. (markt)
Jasper
Update: Update to the Eclipse JDT compiler 4.13. (markt)
Fix: Add GraalVM specific ELResolver to avoid BeanInfo use in BeanElResolver \
if possible, as it needs manual reflection configuration. (remm)
Fix: 63781: When performing various checks related to the visibility of \
classes, fields an methods in the EL implementation, also check that the \
containing module has been exported. (markt)
Web Socket
Fix: 63753: Ensure that the Host header in a Web Socket HTTP upgrade request \
only contains a port if a non-default port is being used. (markt)
Fix: When running on Java 9 and above, don't attempt to instantiate \
WebSocket Endpoints found in modules that are not exported. (markt)
Web Applications
Add: Add base GraalVM documentation. (remm)
Add: Add Javadoc for the Common Annotations API implementation. (markt)
Fix: Correct various typos in the comments, error messages and Javadoc. \
Patch provided by 康智冬. (markt)
jdbc-pool
Fix: When connections are validated without an explicit validation query, \
ensure that any transactions opened by the validation process are committed. \
Patch provided by Pascal Davoust. (markt)
Other
Code: Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was \
only used for unit tests in org.apache.tomcat.util.net.TesterSupport and has \
been moved there. (rjung)
Fix: 63759: When installing Tomcat with the Windows installer, grant \
sufficient privileges to enable the uninstaller to execute when user account \
control is active. (markt)
Add: Use a build property to define the minimum supported Java version and \
use that build property to reduce the number of edits required to update the \
minimum supported Java version. (markt)
Update: Update the OWB module to Apache OpenWebBeans 2.0.12. (remm)
Update: Update the CXF module to Apache CXF 3.3.3. (remm)
Update: 63767: Update to Commons Daemon 1.2.2. This corrects a regression in \
Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on start \
when running on an operating system that had not been fully updated. (markt)
Files: