Log Message:
Update to 8.5.46

Changelog:
Tomcat 8.5.46 (markt)
Catalina
Fix:  63684: Wrapper never passed to RealmBase.hasRole() for given security \ 
constraints. (michaelo)
Fix:  Avoid a potential NullPointerException on Service stop if a Service is \ 
embedded directly (i.e. with no Server) in an applciation and JNDI is enabled. \ 
Patch provided by S. Ali Tokmen. (markt)
Add:  Add a new PropertySource implementation, EnvironmentPropertySource, that \ 
can be used to do property replacement in configuration files with environment \ 
variables. Based on a pull request provided by Thomas Meyer. (markt)
Coyote
Fix:  63682: Fix a potential hang when using the asynchronous Servlet API to \ 
write the response body and the stream and/or connection window reaches 0 bytes \ 
in size. (markt)
Fix:  63690: Use the average of the current and previous sizes when calculating \ 
overhead for HTTP/2 DATA and WINDOW_UPDATE frames to avoid false positives as a \ 
result of client side buffering behaviour that causes a small percentage of \ 
non-final DATA frames to be smaller than expected. (markt)
Fix:  63706: Avoid NPE accessing https port with plaintext. (remm)
Fix:  Correct typos in the names of the configuration attributes \ 
overheadDataThreshold and overheadWindowUpdateThreshold. (markt)
Fix:  If the HTTP/2 connection requires an initial window size larger than the \ 
default, send a WINDOW_UPDATE to increase the flow control window for the \ 
connection so that the initial size of the flow control window for the \ 
connection is consistent with the increased value. (markt)
Fix:  63710: When using HTTP/2, ensure that a content-length header is not set \ 
for those responses with status codes that do not permit one. (markt)
Fix:  63737: Correct various issues when parsing the accept-encoding header to \ 
determine if gzip encoding is supported including only parsing the first header \ 
found. (markt)
Web applications
Fix:  Correct the source code links on the index page for the ROOT web \ 
application to point to Git rather than Subversion. (markt)
Fix:  Fix various issues with the Javadoc generated for the documentation web \ 
application to enable release builds to be built with Java 10 onwards. (markt)
Fix:  Fix a large number of Javadoc and documentation typos. Patch provided by \ 
KangZhiDong. (markt)
Fix:  Spelling and formatting corrections for the cluster how-to. Pull request \ 
provided by Bill Mitchell. (markt)
Other
Fix:  Back-port various corrections and improvements to the English versions of \ 
the i18n messages. (markt)
Add:  Include the available German translations in the standard Tomcat \ 
distribution. Back-port additions and updates to the German i18n messages. \ 
(markt)
Fix:  Back-port various corrections and improvements to the Spanish i18n \ 
messages. (markt)
Fix:  Back-port various corrections and improvements to the French i18n \ 
messages. (markt)
Fix:  Back-port various corrections and improvements to the Japanese i18n \ 
messages. (markt)
Fix:  Back-port various corrections and improvements to the Russian i18n \ 
messages. (markt)
Add:  Add Korean translations to the standard Tomcat distribution. (markt)
Add:  Add Simplifed Chinese translations to the standard Tomcat distribution. (markt)
Fix:  62140: Additional usage documentation in comments for catalina.[bat|sh]. \ 
(markt)
Fix:  Fix JSSE_OPTS quoting in catalina.bat. Contributed by Peter Uhnak. \ 
(fschumacher)
Update:  63625: Update to Commons Daemon 1.2.1. This corrects several \ 
regressions in Commons Daemon 1.2.1, most notably the Windows Service crashing \ 
on start when using 32-bit JVMs. (markt)
Fix:  63689: Correct a regression in the fix for 63285 that meant that when \ 
installing a service, the service display name was not set. (markt)
Fix:  When performing a silent install with the Windows Installer, ensure that \ 
the registry entires are added to the 64-bit registry when using a 64-bit JVM. \ 
(markt)
Fix:  Remove unused i18n messages and associated translations. Patch provided by \ 
KangZhiDong. (markt)
2019-08-21Tomcat 8.5.45 (markt)
Coyote
Code:  Remove the code in the sendfile poller that ensured smaller pollsets were \ 
used with older, no longer supported versions of Windows that could not support \ 
larger pollsets. (markt)
not releasedTomcat 8.5.44 (markt)
Catalina
Add:  62258: Don't trigger the standard error page mechanism when the error has \ 
caused the connection to the client to be closed as no-one will ever see the \ 
error page. (markt)
Update:  63627: Implement more fine-grained handling in \ 
RealmBase.authenticate(GSSContext, boolean). (michaelo)
Add:  62496: Add option to write auth information (remote user/auth type) to \ 
response headers. (michaelo)
Add:  51497: Add an option, ipv6Canonical, to the AccessLogValve that causes \ 
IPv6 addresses to be output in canonical form defined by RFC 5952. \ 
(ognjen/markt)
Add:  57665: Add support for the X-Forwarded-Host header to the RemoteIpFilter \ 
and RemoteIpValve. (markt)
Fix:  63550: Only try the alternateURL in the JNDIRealm if one has been \ 
specified. (markt)
Add:  63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter (michaelo)
Fix:  If an unhandled exception occurs on a asynchronous thread started via \ 
AsyncContext.start(Runnable), process it using the standard error page \ 
mechanism. (markt)
Fix:  Discard large byte buffers allocated using setBufferSize when recycling \ 
the request. (remm)
Fix:  63579: Correct parsing of malformed OPTIONS requests and reject them with \ 
a 400onse rather than triggering an internal error that results in a 500 \ 
response. (markt)
Fix:  Correct version information in X-Powered-By header. (markt)
Fix:  63608: Align the implementation of the negative match feature for patterns \ 
used with the RewriteVx:  Avoid a NullPointerException in the \ 
CrawlerSessionManagerValve if no ROOT Context is deployed and a request does not \ 
map to any of the other deployed Contexts. Patch provided by Jop Zinkweg. \ 
(markt)
Fix:  63636: Context.findRoleMapping() never called 3524: Improve the handling \ 
of PEM file based keys and certificates that do not include a full certificate \ 
chain when configuring the internal, in-memory key store. Improve the handling \ 
of PKCS#1 formatted private keys when configuring the internal, in-memying to \ 
set tcpNoDelay on socket types that do not support it, which can occur when \ 
using the NIO inherited channel capability. Submitted by František Kučera. \ 
(remm)
Fix:  Correct parsing of invalid host names that contain bytes in the range 128 \ 
to 255 or that results in a 500 response. (markt)
Fix:  63571: Allow users to configure infinite TLS session caches and/or \ 
timeouts. (markt)
Fix:  63578: Improve handling of invalid requests so that 400 responses are \ 
returned to the client rather than 500 respon an error if a Huffman encoded \ 
string literal contains the EOS symbol. (jfclere)
Add:  Connections that fail the TLS handshake will now appear in the access logs \ 
with a 400 status code. (markt)
Fix:  Timeouts for HTTP/2 connections were not always correctnger than expected. \ 
(markt)
Add:  Expand the HTTP/2 excessive overhead protection to cover various forms of \ 
abusive client behaviour and close the connection if any such behaviour is \ 
detected. (markt)
Fix:  Fix a crash on shutdown with the APR/native connress when the connector \ 
stopped. (markt)
Web applications
Fix:  63597: Update the custom 404 error page for the Host Manager to take \ 
account of previous refactoring so that the page is used for 404 errors rather \ 
than falling back to the default error pagebat so that when installing a Windows \ 
service, by default, it changes the name of the executables used by the Windows \ 
service to match the service name. This makes the installation behaviour \ 
consistent with the Windows installer. The original executable nhe renaming can \ 
be disabled by using the new --no-rename option after the service name. (markt)
Update:  Switch from Checkstyle to the JRE6 backport and update to version 8.22. \ 
This allows Tomcat 8.5 to use the newer Checkstyle releases while still buildi \ 
digital signature for the Windows installer now uses SHA-256 for hashes. (markt)
Update:  63310: Update to Commons Daemon 1.2.0. This provides improved support \ 
for Java 11. This also changes the user configured by the Windows installer for \ 
the Windows seer privileged Local Service. (markt)
Fix:  55969: Tighten up the security of the Apache Tomcat installation created \ 
by the Windows installer. Change the default shutdown port used by the Windows \ 
installer from 8005 to -1 (disabled). Limit access to the cho local \ 
administrators, Local System and Local Service. (markt)
Add:  63285: Add an option to service.bat so that when installing a Windows \ 
service, the name of the executables used by the Windows service may be changed \ 
to match the service name. This maksistent with the Windows installer. The \ 
original executable names will be restored when the Windows service is removed. \ 
The renaming can be enabled by using the new --rename option after the service \ 
name. (markt)
Fix:  63567: Restore the passing of $LOGGIsh when calling stop. (markt)
Update:  Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) to \ 
pick up the fix for CODEC-134. (markt)
Update:  Update the internal fork of Commons Pool2 to 796e32d (2018-08-01) to \ 
pick up the changes Commons Poe the internal fork of Commons DBCP2 to 87d9e3a \ 
(2018-08-01) to pick up the changes Commons DBCP2 2.7.0 and DBCP-555. (markt)
Update:  63648: Update the test TLS keys and certificates used in the test suite \ 
to replace the keys and certificates that are about to expire. (markt)