Path to this page:
Subject: CVS commit: [pkgsrc-2014Q1] pkgsrc/www/apache-tomcat7
From: Matthias Scheler
Date: 2014-04-09 16:10:59
Message id: 20140409141059.E708096@cvs.netbsd.org
Log Message:
Pullup ticket #4361 - requested by ryoon
www/apache-tomcat7: security update
Revisions pulled up:
- www/apache-tomcat7/Makefile 1.18
- www/apache-tomcat7/PLIST 1.10
- www/apache-tomcat7/distinfo 1.12
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Apr 8 20:14:55 UTC 2014
Modified Files:
pkgsrc/www/apache-tomcat7: Makefile PLIST distinfo
Log Message:
Update to 7.0.53
* Fix CVE-2014-0050 and CVE-2013-4590,
Changelog:
Tomcat 7.0.53 (violetagg)
Catalina
add Make it easier for applications embedding and/or extending =
Tomcat to modify the javaseClassLoader attribute of the WebappClassLoad=
er. (markt)
fix Improve the robustness of web application undeployment base=
d on some code analysis triggered by the report for 54315. (markt)
fix 56219: Improve merging process for web.xml files to take ac=
count of the elements and attributes supported by the Servlet version o=
f the merged file. (markt)
fix 56190: The response should be closed (i.e. no further outpu=
t is permitted) when a call to AsyncContext.complete() takes effect. (m=
arkt)
fix 56236: Enable Tomcat to work with alternative Servlet and J=
SP API JARs that package the XML schemas in such as way as to require a=
dependency on the JSP API before enabling validation for web.xml. Tomc=
at has no such dependency. (markt)
fix 56246: Fix NullPointerException in MemoryRealm when authent=
icating an unknown user. (markt)
fix 56248: Allow the deployer to update an existing WAR file wi=
thout undeploying the existing application if the update flag is set. T=
his allows any existing custom context.xml for the application to be re=
tained. To update an application and remove any existing context.xml si=
mply undeploy the old version of the application before deploying the n=
ew version. (markt)
fix Redefine the globalXsltFile initialisation parameter of the=
DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf=
. Prevent user supplied XSLTs used by the DefaultServlet from defining =
external entities. (markt)
add Add a work around for validating XML documents (often TLDs)=
that use just the file name to refer to refer to the JavaEE schema on =
which they are based. (markt)
fix 56293: Cache resources loaded by the class loader from /MET=
A-INF/services/ for better performance for repeated look ups. (markt)
Coyote
fix 53119: Make sure the NIO AJP output buffer is cleared on an=
y error to prevent any possible overflow if it is written to again befo=
re the connection is closed. This extends the original fix for the APR/=
native output buffer to the NIO connector. (kkolinko)
fix 56172: Avoid possible request corruption when using the AJP=
NIO connector and a request is sent using more than one AJP message. P=
atch provided by Amund Elstad. (markt)
fix 56213: Reduce garbage collection when the NIO connector is =
under heavy load. (markt)
fix Improve processing of chuck size from chunked headers. Avoi=
d overflow and use a bit shift instead of a multiplication as it is mar=
ginally faster. (markt/kkolinko)
fix Fix possible overflow when parsing long values from a byte =
array. (markt)
Jasper
fix 54475: Add Java 8 support to SMAP generation for JSPs. Patc=
h by Robbie Gibson. (markt)
fix 55483: Improve handing of overloaded methods and constructo=
rs in expression language implementation. (markt)
fix 56208: Restore the validateXml option to Jasper that was pr=
eviously renamed validateTld. Both options are now supported. validateX=
ml controls the validation of web.xml files when Jasper parses them and=
validateTld controls the validation of *.tld files when Jasper parses =
them. (markt)
fix 56223: Throw an IllegalStateException if a call is made to =
ServletContext.setInitParameter() after the ServletContext has been ini=
tialized. (markt)
fix 56265: Do not escape values of dynamic tag attributes conta=
ining EL expressions. (kkolinko)
fix Make the default compiler source and target versions for JS=
Ps Java 6 since Tomcat 7 requires Java 6 as a minimum. (markt)
update 56283: Update to the Eclipse JDT Compiler P20140317-1600=
which adds support for Java 8 syntax to JSPs. Add support for value "1=
.8" for the compilerSourceVM and compilerTargetVM options. (markt)
WebSocket
fix Avoid a possible deadlock when one thread is shutting down =
a connection while another thread is trying to write to it. (markt)
fix Call onError if an exception is thrown calling onClose when=
closing a session. (remm)
Web applications
code In the documentation: add support for several documentatio=
n tags from Tomcat 8. Such as <version-major/>. (kkolinko)
add 56093: Add the SSL Valve to the documentation web applicati=
on. (markt)
fix 56217: Improve readability by using left alignment for the =
table cell containing the request information on the Manager applicatio=
n status page. (markt)
fix Fixed java.lang.NegativeArraySizeException when using "Expi=
re sessions" command in the manager web application on a context where =
the session timeout is disabled. (kfujino)
fix Add support for LAST_ACCESS_AT_START system property to Man=
ager web application. (kfujino)
fix Add definition of org.apache.catalina.ant.FindLeaksTask. (k=
fujino)
fix 56273: If the Manager web application does not perform an o=
peration because the web application is already being serviced, report =
an error rather than reporting success. (markt)
fix 56304: Add a note to the documentation about not using WebS=
ocket with BIO HTTP in production. (markt)
Other
fix 56143: Improve service.bat so that it can be launched from =
a non-UAC console. This includes using a single call to tomcat7.exe to =
install the Windows service rather than three calls, and using command =
line arguments instead of environment variables to pass the settings. (=
markt/kkolinko)
fix Fix regression in 7.0.52: when using service.bat install to=
install the service the values for --StdOutput, --StdError options wer=
e passed as blank instead of "auto". (kkolinko)
fix Align options between service.bat and exe Windows installer=
. For service.bat the changes are in --Classpath, --DisplayName, --Star=
tPath, --StopPath. For exe installer the changes are in --JvmMs, --JvmM=
x options, which are now 128 Mb and 256 Mb respectively instead of bein=
g empty. Explicitly specify --LogPath path when uninstalling Windows se=
rvice, avoiding default value for that option. (kkolinko)
code Simplify Windows *.bat files: remove %OS% checks, as java =
6 does not run on ancient non-NT operating systems. (kkolinko)
fix 56137: Explicitly use the BIO connector in the SSL example =
in server.xml so it doesn't break if APR is enabled. (markt)
fix 56139: Avoid a web application class loader leak in some un=
it tests when running on Windows. (markt)
fix Correct build script to avoid building JARs with empty pack=
ages. (markt)
add Allow to limit JUnit test run to a number of selected test =
case methods. (kkolinko)
fix 56189: Remove used file cpappend.bat from the distribution.=
(markt)
Tomcat 7.0.52 (violetagg) released 2014-02-17
Catalina
fix Generate a valid root element for the effective web.xml for=
a web application for all supported versions of web.xml. (markt)
Coyote
code Pull up SocketWrapper to AbstractProcessor. (markt)
fix In some circumstances asynchronous requests could time out =
too soon. (markt)
Tomcat 7.0.51 (violetagg) not released
Catalina
fix 55287: ServletContainerInitializer defined in the container=
may not be found. (markt/jboynes)
fix 55855: Provide a per Context option (containerSciFilter) to=
exclude container SCIs. (markt)
fix 55937: When deploying applications, treat a context path of=
/ROOT as equivalent to /. (markt)
fix 55943: Improve the implementation of the class loader check=
that prevents web applications from trying to override J2SE implementa=
tion classes. As part of this fix, refactor the way a null parent class=
loader is handled which enables a number of null checks and object cre=
ation calls to be removed. (markt)
fix 55958: Differentiate between foo.war the WAR file and foo.w=
ar the directory. (markt)
fix 55960: Improve the single sign on (SSO) unit tests. Patch p=
rovided by Brian Burch. (markt)
fix 55974: Retain order when reporting errors and warnings whil=
e parsing XML configuration files. (markt)
fix 56013: Fix issue with SPNEGO authentication when using IBM =
JREs. IBM JREs only understand the option of infinite lifetime for Kerb=
eros credentials. Based on a patch provided by Arunav Sanyal. (markt)
fix 56016: When loading resources for XML schema validation, ta=
ke account of the possibility that servlet-api.jar and jsp-api.jar may =
not be loaded by the same class loader. Patch by Juan Carlos Estibariz.=
(markt)
fix 56025: When creating a WebSocket connection, always call Se=
rverEndpointConfig.Configurator.getNegotiatedSubprotocol() and always c=
reate the EndPoint instance after calling ServerEndpointConfig.Configur=
ator.modifyHandshake(). (markt)
fix 56032: Ensure that the WebSocket connection is closed after=
an IO error or an interrupt while sending a WebSocket message. (markt)=
fix 56042: If a request in async mode has an error but has alre=
ady been dispatched don't generate an error page in the ErrorReportValv=
e so the dispatch target can handle it. (markt)
fix Add missing javax.annotation.sql.* classes to annotations-a=
pi.jar. (markt)
fix The type of logger attribute of Context MBean should be not=
org.apache.commons.logging.Log but org.apache.juli.logging.Log. (kfuji=
no)
fix 56082: Fix a concurrency bug in JULI's LogManager implement=
ation. (markt)
fix 56096: When the attribute rmiBindAddress of the JMX Remote =
Lifecycle Listener is specified it's value will be used when constructi=
ng the address of a JMX API connector server. Patch is provided by Jim =
Talbut. (violetagg)
fix When environment entry with one and the same name is define=
d in the web deployment descriptor and with annotation then the one spe=
cified in the web deployment descriptor is with priority. (violetagg)
fix Change default value of xmlBlockExternal attribute of Conte=
xt. It is true now. (kkolinko)
Coyote
fix Avoid possible NPE if a content type is specified without a=
character set. (markt)
fix 55956: Make the forwarded remote IP address available to th=
e Connectors via a request attribute. (markt)
fix 55976: Fix sendfile support for the HTTP NIO connector. (ma=
rkt)
fix 55996: Ensure Async requests timeout correctly when using t=
he NIO HTTP connector. (markt)
add 56021: Make it possible to use the Windows-MY key store wit=
h the BIO and NIO connectors for SSL configuration. It requires a keyst=
oreFile=3D"" keystoreType=3D"Windows-My" to be set on the \
connector. Ba=
sed on a patch provided by Asanka. (markt)
Jasper
fix Correct a regression in the XML refactoring that meant that=
errors in TLD files were swallowed. (markt)
fix 55671: Correct typo in the log message for a wrong value of=
genStringAsCharArray init-param of JspServlet. This parameter had a di=
fferent name in Tomcat 6. (kkolinko)
fix 55973: Fix processing of XML schemas when validation is ena=
bled in Jasper. (kkolinko)
fix 56010: Don't throw an IllegalArgumentException when JspFact=
ory.getPageContext is used with JspWriter.DEFAULT_BUFFER. Based on a pa=
tch by Eugene Chung. (markt)
fix 56012: When using the extends attribute of the page directi=
ve do not import the super class if it is in an unnamed package as impo=
rts from unnamed packages are now explicitly illegal. (markt)
fix 56029: A regression in the fix for 55198 meant that when EL=
containing a ternary expression was used in an attribute a compilation=
error would occur for some expressions. (markt)
fix Correct several errors in jspxml Schema and DTD. (kkolinko)=
fix Change default value of the blockExternal attribute of JspC=
task. The default value is true. Add support for -no-blockExternal swi=
tch when JspC is run as a standalone application. (kkolinko)
Cluster
code Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster.createM=
anager(String). Remove unnecessary class cast. (kfujino)
WebSocket
fix Do not return an empty string for the Sec-WebSocket-Protoco=
l HTTP header when no sub-protocol has been requested or no sub-protoco=
l could be agreed as RFC6455 requires that no Sec-WebSocket-Protocol he=
ader is returned in this case. (markt)
Web applications
fix Add index.xhtml to the welcome files list for the examples =
web application. (kkolinko)
fix Clarify that the connectionTimeout may also be used as the =
read timeout when reading a request body (if any) in the documentation =
web application. (markt)
fix Clarify the behaviour of the maxConnections attribute for a=
connector in the documentation web application. (markt)
fix 55888: Update the documentation web application to make it =
clearer that a Container may define no more than one Realm. (markt)
fix 55956: Where available, displayed the forwarded remote IP a=
ddress available on the status page of the Manager web application. (ma=
rkt)
fix Correct links to the Tomcat mailing lists in the ROOT web a=
pplication. (kkolinko)
fix In Manager web application improve handling of file upload =
errors. Display a message instead of error 500 page. Simplify parts han=
dling code, as it is known that Tomcat takes care of them when recyclin=
g a request. (kkolinko)
Extras
fix 55166, 56045: Copy the XML schemas used for validation that=
are packaged in jsp-api.jar to servlet-api.jar so that an embedded Tom=
cat instance can start without Jasper being available. This also enable=
s validation to work without Jasper being available. (markt/kkolinko)
fix 56039: Enable the JmxRemoteLifecycleListener to work over S=
SL. Patch by esengstrom. (markt)
Other
fix 55743: Enable the stop script to work when the shutdown por=
t is disabled and a PID file is defined. This is only available on plat=
forms that use catalina.sh. (markt)
fix 55986: When forcing Tomcat to stop via kill -9 $CATALINA_PI=
D, the catalina.sh script could incorrectly report that Tomcat had not =
yet completely stopped when it had. Based on a patch by jess. (markt)
fix Package correct license and notice files with embedded JARs=
. (markt)
code Remove svn keywords (such as $Id) from source files and do=
cumentation. (kkolinko)
fix Fix CVE-2014-0050, a denial of service with a malicious, ma=
lformed Content-Type header and multipart request processing. Fixed by =
merging latest code (r1565163) from Commons FileUpload. (markt)
fix 56115: Expose the httpusecaches property of Ant's get task =
as some users may need to change the default. Based on a suggestion by =
Anthony. (markt)
Tomcat 7.0.50 (violetagg) released 2014-01-08
Catalina
fix Handle the case where a context.xml file is added to a web =
application deployed from a directory. Previously the file was ignored =
until Tomcat was restarted. Now (assuming automatic deployment is enabl=
ed) it will trigger a redeploy of the web application. (markt)
fix Fix string comparison in HostConfig.setContextClass(). (kko=
linko)
code Streamline handling of WebSocket messages when no handler =
is configured for the message currently being received. (markt)
fix Handle the case where a WebSocket annotation configures a m=
essage size limit larger than the default permitted by Tomcat. (markt)
fix 55855: This is a partial fix that bypasses the relatively e=
xpensive check for a WebSocket upgrade request if no WebSocket endpoint=
s have been registered. (markt)
fix 55905: Prevent a NPE when web.xml references a taglib file =
that does not exist. Provide better error message. (violetagg)
Coyote
fix When using the BIO connector with an internal executor, do =
not display a warning that the executor has not shutdown as the default=
configuration for BIO connectors is not to wait. This is because threa=
ds in keep-alive connections cannot be interrupted and therefore the wa=
rning was nearly always displayed. (markt)
Jasper
fix JspC uses servlet context initialization parameters to pass=
configuration so ensure that the servlet context used supports initial=
ization parameters. (markt)
Cluster
fix In AbstractReplicatedMap#finalize, remove rpcChannel from c=
hannel Listener of group channel before sending MapMessage.MSG_STOP mes=
sage. This prevents that the node that sent the MapMessage.MSG_STOP by =
normal shutdown is added to member map again by ping at heartbeat threa=
d in the node that received the MapMessage.MSG_STOP. (kfujino)
fix Add time stamp to GET_ALL_SESSIONS message. (kfujino)
Web applications
fix Fix the sample configuration of StaticMembershipInterceptor=
in order to prevent warning log. uniqueId must be 16 bytes. (kfujino)
Extras
update Update dependencies that are used to build tomcat-juli e=
xtras component. Apache Avalon Framework is updated to version 4.1.5, A=
pache Log4J to version 1.2.17. (rjung)
Tomcat 7.0.49 (violetagg) not released
Catalina
fix Correct a regression in the new XML local resolver that tri=
ggered false failures when XML validation was configured. (markt)
fix Prevent a NPE when destroying HTTP upgrade handler for WebS=
ocket connections. (violetagg)
Tomcat 7.0.48 (violetagg) not released
Catalina
add 51294: Add support for unpacking WARs located outside of th=
e Host's appBase in to the appBase. (markt)
fix 55656: Configure the Digester to use the server class loade=
r when parsing server.xml rather than the class loader that loaded Stan=
dardServer. Patch provided by Roberto Benedetti. (markt)
fix 55664: Correctly handle JSR 356 WebSocket Encoder, Decoder =
and MessageHandler implementations that use a generic type such as Enco=
der.Text<List<String>>. Includes a test case by Niki Dokovski. (markt)
fix Correctly handle WebSocket Encoders, Decoders and MessageHa=
ndlers that use arrays of generic types. (markt)
fix 55681: Ensure that the WebSocket session is made available =
to MessageHandler method calls. (markt)
fix Updated servlet spec version and documentation section-numb=
er reported when JAR files are rejected for containing a trigger class =
(e.g. javax.servlet.Servlet). (schultz)
add Modify the WebSocket handshake process so that the user pro=
perties Map exposed by the ServerEndpointConfig during the call to Conf=
igurator.modifyHandshake() is unique to the connection rather than shar=
ed by all connections associated with the Endpoint. This allows for eas=
ier configuration of per connection properties from within modifyHandsh=
ake(). (markt)
fix 55684: Log a warning but continue if the memory leak detect=
ion code is unable to access all threads to check for possible memory l=
eaks when a web application is stopped. (markt)
fix Define the web-fragment.xml in tomcat7-websocket.jar as a S=
ervlet 3.0 web fragment rather than as a Servlet 3.1 web fragment. (mar=
kt)
fix 55715: Add a per web application executor to the WebSocket =
implementation and use it for calling SendHandler.onResult() when there=
is a chance that the current thread also initiated the write. (markt)
fix Prevent file descriptors leak and ensure that files are clo=
sed when configuring the web application. (violetagg)
fix Fixed the name of the provider-configuration file located i=
n tomcat7-websocket.jar!/META-INF/services that exposes information for=
javax.websocket.server.ServerEndpointConfig$Configurator implementatio=
n. (violetagg)
fix 55760: Remove the unnecessary setting of the javax.security=
.auth.useSubjectCredsOnly system property in the SpnegoAuthenticator as=
in addition to it being unnecessary, it causes problems with using SPN=
EGO with IBM JDKs. Patch provided by Arunav Sanyal. (markt)
fix 55772: Ensure that the request and response are recycled af=
ter an error during asynchronous processing. Includes a test case based=
on code contributed by Todd West. (markt)
fix 55778: Add an option to the JNDI Realm to control the QOP u=
sed for the connection to the LDAP server after authentication when usi=
ng SPNEGO with delegated credentials. This value is used to set the jav=
ax.security.sasl.qop environment property for the LDAP connection. (mar=
kt)
fix 55798: Log an error if the MemoryUserDatabase is unable to =
find the specified user database file. (markt)
fix 55799: Correctly enforce the restriction in JSR356 that no =
more than one data message may be sent to a remote WebSocket endpoint a=
t a time. (markt)
fix When Catalina parses TLD files, always use a namespace awar=
e parser to be consistent with how Jasper parses TLD files. The tldName=
spaceAware attribute of the Context is now ignored. (markt)
fix Deprecate the tldNamespaceAware Context attribute as TLDs a=
re always parsed with a namespace aware parser. (markt)
fix Correct a logic error that meant that unpackWARs was ignore=
d and the WAR was always expanded if a WAR failed to deploy. (markt)
add Add support for defining copyXML on a per Context basis. (m=
arkt)
fix Define the expected behaviour of the automatic deployment a=
nd align the implementation to that definition. (markt)
add When running under a security manager, change the default v=
alue of the Host's deployXML attribute to false. (markt)
add If a Host is configured with a value of false for deployXML=
, a web application has an embedded descriptor at META-INF/context.xml =
and no explicit descriptor has been defined for this application, do no=
t allow the application to start. The reason for this is that the embed=
ded descriptor may contain configuration necessary for secure operation=
such as a RemoteAddrValve. (markt)
fix Prevent an NPE in the WebSocket ServerContainer when proces=
sing an HTTP session end event. (markt)
add 55801: Add the ability to set a custom SSLContext to use fo=
r client wss connections. Patch provided by Maciej Lypik. (markt)
fix 55804: If the GSSCredential for the cached Principal expire=
s when using SPNEGO authentication, force a re-authentication. (markt)
add 55811: If the main web.xml contains an empty absolute-order=
ing element and validation of web.xml is not enabled, skip parsing any =
web-fragment.xml files as the result is never used. (markt)
fix 55839: Extend support for digest prefixes {MD5}, {SHA} and =
{SSHA} to all Realms rather than just the JNDIRealm. (markt)
fix 55842: Ensure that if a larger than default response buffer=
is configured that the full buffer is used when a Servlet outputs via =
a Writer. (markt)
fix 55851: Further fixes to enable SPNEGO authentication to wor=
k with IBM JDKs. Based on a patch by Arunav Sanyal. (markt)
add Fix CVE-2013-4590: Add an option to the Context to control =
the blocking of XML external entities when parsing XML configuration fi=
les and enable this blocking by default when a security manager is used=
. The block is implemented via a custom resolver to enable the logging =
of any blocked entities. (markt)
Coyote
code Implement a number of small refactorings to the APR/native=
handler for upgraded HTTP connections. (markt)
fix Fix an issue with upgraded HTTP connections over HTTPS (e.g=
. secure WebSocket) when using the APR/native connector that resulted i=
n the unexpected closure of the connection. (markt)
fix Ensure that the application class loader is used when calli=
ng the ReadListener and WriteListener methods when using non-blocking I=
O. A side effect of not doing this was that JNDI was not available when=
processing WebSocket events. (markt)
add Make the time that the internal executor (if used) waits fo=
r request processing threads to terminate before continuing with the co=
nnector stop process configurable. (markt)
fix 55749: Improve the error message when SSLEngine is disabled=
in the AprLifecycleListener and SSL is configured for an APR/native co=
nnector. (markt)
add If a request that includes an Expect: 100-continue header r=
eceives anything other than a 2xx response, close the connection This p=
rotects against misbehaving clients that may not sent the request body =
in that case and send the next request instead. (markt)
fix Improve the parsing of trailing headers in HTTP requests. (=
markt)
Jasper
fix 55735: Fix a regression caused by the fix to 55198. When pr=
ocessing JSP documents, attributes in XML elements that are template co=
ntent should have their text xml-escaped, but output of EL expressions =
in them should not be escaped. (markt)
fix 55807: The JSP compiler used a last modified time of -1 for=
TLDs in JARs expanded in to WEB-INF/classes (IDEs often do this expans=
ion) when creating the dependency list for JSPs that used that TLD. Thi=
s meant JSPs using that TLD were recompiled on every access. (markt)
Cluster
add Add log message that initialization of AbstractReplicatedMa=
p has been completed. (kfujino)
fix The logger of AbstractReplicatedMap should be non-static in=
order to enable logging of each application. Side-effects of this chan=
ge is to throw RuntimeException in MapMessage#getKey() and getValue() i=
nstead of Null return and error log. (kfujino)
code Simplify the code of DeltaManager#startInternal(). Reduce =
unnecessary nesting for acquisition of cluster instance. (kfujino)
fix Remove unnecessary attributes of stateTransferCreateSendTim=
e and receiverQueue from cluster manager template. These attributes sho=
uld not be defined as a template. (kfujino)
fix Fix MBean attribute definition of stateTransfered. The meth=
od name is not isStateTransfered() but getStateTransfered(). (kfujino)
fix Correct stop failure log of cluster. Failure cause is not o=
nly Valve. (kfujino)
fix Remove unnecessary sleep when sending session blocks on ses=
sion sync phase. (kfujino)
fix Expose stateTimestampDrop of org.apache.catalina.ha.session=
.DeltaManager via JMX. (kfujino)
fix When the ping timeouted, make sure that memberDisappeared m=
ethod is not called by specifying the members that has already been rem=
oved. (kfujino)
add Add log message of session relocation when member disappear=
ed. (kfujino)
fix If ping message fails, prevent wrong timeout detection of n=
ormal member that is no failure members. (kfujino)
Web applications
add Add some documentation on the SSL configuration options for=
WebSocket clients. (markt)
add Add to cluster document a description of notifyLifecycleLis=
tenerOnFailure and heartbeatBackgroundEnabled. (kfujino)
fix Update the documentation with information for WebSocket 1.0=
specification and javadoc. (violetagg)
fix 55703: Clarify the role of the singleton attribute for JNDI=
resource factories. (markt)
fix 55746: Add documentation on the allRolesMode to the Combine=
dRealm and LockOutRealm. Patch by C=E9dric Couralet. (markt)
add Expand the information on web applications that ship as par=
t of Tomcat in the security how-to section of the documentation web app=
lication. (markt)
fix Expand the description of the WebSocket buffers in the docu=
mentation web application to clarify their purpose. (markt)
add Correct the documentation for Cluster manager. (kfujino)
add Add information on how to configure integrated Windows auth=
entication when Tomcat is running on a non-Windows host. (markt)
Extras
update Update commons-logging to version 1.1.3. (rjung)
Other
add 52323: Add support for the Cobertura code coverage tool whe=
n running the unit tests. Based on a patch by mhasko. (markt/kkolinko)
update Update sample Eclipse IDE project. Explicitly use a Java=
6 SE JDK. Exclude JSR356 WebSocket classes from build path, as they ca=
nnot be compiled with Java 6. (kkolinko)
update Update the Eclipse compiler to 4.3.1. (kkolinko/markt)
Files: