Navigation:
Browse pkgsrc
(this page)
www apache-t..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2024-07-18 13:55:53 by Ryo ONODERA | Files touched by this commit (3) |  |
Log message:
www/apache-tomcat7: Update to 7.0.109
Changelog:
Tomcat 7.0.109 (violetagg)
Catalina
fix 65224: Ensure the correct escaping of attribute values and search
filters in the JNDIRealm. (markt)
fix 65226: Fix extraction of JAR name in some cases in
StandardJarScanner. Submitted by Lynx. (remm)
fix 65235: Add missing attributes to the MBean descriptor file for the
RemoteIpValve. (markt)
Web applications
fix 65235: Correct name of changeLocalName in the documentation for the
RemoteIpValve. (markt)
Other
add Improvements to Korean translations. (woonsan)
add Improvements to Russian translations. Provided by Azat. (mark)
add Improvements to Chinese translations. Provided by shawn. (mark)
add Improvements to Japanese translations. Provided by kfujino and
Shirayuking. (markt)
update Update the packaged version of the Tomcat Native Library to
1.2.28. (markt)
Tomcat 7.0.108 (violetagg) released 2021-02-05
Catalina
56181: Update the RemoteIpValve and RemoteIpFilter so that calls to
fix ServletRequest.getRemoteHost() are consistent with the return value
of ServletRequest.getRemoteAddr() rather than always returning a
value for the proxy. (markt)
fix Ensure that values are not duplicated when manipulating the vary
header. Based on a pull request by Fredrik Fall. (markt)
fix Avoid uncaught InaccessibleObjectException on Java 16 trying to
clear references threads. (remm)
65047: If the AccessLogValve is unable to open the access log file,
fix include information on the current user in the associated log
message (markt)
Jasper
fix 64965: JspContextWrapper.findAttribute should ignore expired
sessions rather than throw an IllegalStateException. (remm)
WebSocket
64951: Fix a potential file descriptor leak when WebSocket
fix connections are attempted and fail. Patch provided by Maurizio
Adami. (markt)
Web applications
Correct a regression in the addition of the HTTP header security
fix filter to the examples web application that prevented the Servlet
examples that depend on the asynchronous API from functioning
correctly. (kkolinko/markt)
65007: Clarify that the commands shown in the TLS documentation
fix for importing a signed TLS certificate from a certificate
authority are typical examples that may need to be adjusted in
some cases. (markt)
code Test for one directory being a sub-directory of another in a
consistent way. (markt)
Other
add 64931: Implement validation of changelog.xml file at build time.
(kkolinko)
update Update to Maven Ant Resolver Tasks 1.3.0. (markt)
fix 62695: Provide SHA-256 and SHA-512 checksums for files published
via Maven. (markt)
add Improvements to Chinese translations. Provided by leeyazhou.
(markt)
add Improvements to French translations. (remm)
add Improvements to Korean translations. (woonsan)
update Update the packaged version of the Tomcat Native Library to
1.2.26. (markt)
update Migrate to new code signing service. (markt)
update Update to Commons Daemon 1.2.4. (markt)
add Improvements to Russian translations. Provided by Polina and
Azat. (markt)
update Update the NSIS Installer used to build the Windows installer to
version 3.06.1. (kkolinko)
Tomcat 7.0.107 (violetagg) released 2020-11-23
Catalina
fix Correct numerous spellings throughout the code base. Based on a
pull request from John Bampton. (markt)
64735: Ensure that none of the methods on a ServletContext instance
fix always fail when running under a SecurityManager. Pull request
provided by Kyle Stiemann. (markt)
64765: Ensure that the number of currently processing threads is
tracked correctly when a web application is undeployed, long
fix running requests are being processed and
renewThreadsWhenStoppingContext is enabled for the web application.
(markt)
Improve the error messages when running under JPMS without the
add necessary options to enable reflection required by the memory leak
prevention / detection code. (markt)
fix 64805: Correct imports used by JMXProxyServlet. (markt)
add 64871: Log a warning if Tomcat blocks access to a file because it
uses symlinks. (markt)
Coyote
Fix processing of URIs with %nn encoded solidus characters when
fix encodedSolidusHandling was set to passthrough and the encoded
solidus was preceded by other %nn encoded characters. Based on a
pull request by willmeck. (markt)
fix 55160: Re-fix this bug after the original fix was reverted by a
separate fix to timeouts in 7.0.81. (markt)
add Add additional debug logging for I/O issues when communicating with
the user agent. (markt)
Web applications
Update the Manager How-To in the documentation web application to
fix clarify when a user may wish to deploy additional instances of the
Manager web application. (markt)
fix 64797: Align manager.xml template file in Host-Manager with
context.xml of real Manager web application. (isapir)
Configure the examples, Manager and Host Manager to use the HTTP
add header security filter with default settings apart from no HSTS
header. Based on a suggestion by Debangshu Kundu. (markt)
Other
add When building, only rebuild JAR files if the contents has
changed. (markt)
add Improvements to Chinese translations. Pull request provided by
Yang Yang. (markt)
add Expand coverage of Russian translations. Pull request provided
by Nikolay Gribanov. (markt)
update Updated to Ant 1.9.1. The build now requires a minimum of Ant
1.9.1. (markt)
fix Fix running service.bat when called from $CATALINA_HOME. (markt)
Complete the fix for 63815. Users wishing to use system
fix properties that require quoting with catalina.sh and the debug
option must use a JRE that includes the fix for JDK-8234808.
(markt)
add Improvements to Chinese translations. Provided by leeyazhou.
(markt)
add Improvements to French translations. (remm)
add Improvements to Korean translations. (woonsan)
add Improvements to Spanish translations. Provided by
Andrewlanecarr. (markt)
add Improvements to Russian translations. Provided by Azat. (markt)
|
| 2021-10-26 13:31:15 by Nia Alarie | Files touched by this commit (1030) |
Log message: www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz |
| 2021-10-07 17:09:00 by Nia Alarie | Files touched by this commit (1033) |
Log message: www: Remove SHA1 hashes for distfiles |
| 2020-10-15 18:27:21 by Juraj Lutter | Files touched by this commit (3) |
Log message: www/apache-tomcat7: Update to 7.0.106 Brief changes for 7.0.16: - Pre-load the CoyoteOutputStream class to prevent a potential exception when running under a security manager. Patch provided by Johnathan Gilday. (markt) - Refactor the Default servlet to provide a single method that can be overridden (generateETag()) should a custom entity tag format be required. (markt) - Improve the validation of entity tags provided with conditional requests. Requests with headers that contain invalid entity tags will be rejected with a 400 response code. Improve the matching algorithm used to compare entity tags in conditional requests with the entity tag for the requested resource. Based on a pull request by Sergey Ponomarev. (markt) - Deprecate the JDBCRealm. (markt) Full changelog is available at: https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Also CONFLICTS have been adjusted. |
| 2020-04-26 00:23:06 by Jean-Yves Migeon | Files touched by this commit (10) |
Log message:
For clarity, use tomcat_start (resp. tomcat_stop) function instead of
calling ${command} directly for start (resp. stop) within rc.d.
Tested on tomcat9; but applicable down to tomcat6.
Bump PKGREVISION.
ok ryo@.
|
| 2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046) |
Log message: all: migrate several HOMEPAGEs to https pkglint --only "https instead of http" -r -F With manual adjustments afterwards since pkglint 19.4.4 fixed a few indentations in unrelated lines. This mainly affects projects hosted at SourceForce, as well as freedesktop.org, CTAN and GNU. |
| 2020-01-13 08:37:46 by Ryo ONODERA | Files touched by this commit (3) | |
Log message:
apache-tomcat7: Update to 7.0.99
Changelog:
Tomcat 7.0.99 (violetagg)
Catalina
add 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and \
friends. (michaelo)
add 63937: Add a new attribute to the standard Authenticator \
implementations, allowCorsPreflight, that allows the Authenticators to be \
configured to allow CORS preflight requests to bypass authentication as required \
by the CORS specification. (markt)
fix 63939: Correct the same origin check in the CORS filter. An origin \
with an explicit default port is now considered to be the same as an origin \
without a default port and origins are now compared in a case-sensitive manner \
as required by the CORS specification. (markt)
fix 63950: Fix timing issue in TestAsyncContextStateChanges test that \
caused it to hang indefinitely. (markt)
fix 63982: CombinedRealm makes assumptions about principal \
implementation (michaelo)
code Add a unit test for the session FileStore implementation and \
refactor loops in FileStore to use the ForEach style. Pull request provided by \
Govinda Sakhare. (markt)
fix Refactor FORM authentication to reduce duplicate code and to ensure \
that the authenticated Principal is not cached in the session when caching is \
disabled. (markt)
update Do not store username and password as session notes during \
authentication if they are not needed. (kkolinko)
Coyote
fix 63932: By default, do not compress content that has a strong ETag. \
This behaviour is configuration for the HTTP/1.1 connectors via the new \
Connector attribute noCompressionStrongETag. (markt)
WebSocket
fix Ensure a very unlikely concurrency issue is avoided when writing \
WebSocket messages. (markt)
Web applications
add Add the ability to set and display session attributes in the JSP \
FORM authentication example to demonstrate session persistence across restarts \
for authenticated sessions. (markt)
Other
fix Correct the fix for 63815 (quoting the use of CATALINA_OPTS and \
JAVA_OPTS when used in shell scripts to avoid the expansion of *) as it caused \
various regressions, particularly with daemon.sh. (markt)
add Expand the search made by the Windows installer for a suitable Java \
installation to include the 64-bit JDK registry entries and the JAVA_HOME \
environment variable. Pull request provided by Alexander Norz. (markt)
add Expand the coverage of the German translations provided with Apache \
Tomcat. Contribution provided by Jens. (markt)
add Expand the coverage of the French translations provided with Apache \
Tomcat. (remm)
add Expand the coverage of the Japanese translations provided with \
Apache Tomcat. (markt)
add Expand the coverage of the Korean translations provided with Apache \
Tomcat. (woonsan)
add Expand the coverage of the Chinese translations provided with Apache \
Tomcat. Contributions provided by lins and 磊. (markt)
add Update the internal fork of Apache Commons BCEL to ff6941e \
(2019-12-06, 6.4.2-dev). Code clean-up only. (markt)
add Update the internal fork of Apache Commons Codec to 9637dd4 \
(2019-12-06, 1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt)
add Update the internal fork of Apache Commons FileUpload to 2317552 \
(2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt)
Tomcat 7.0.98 (violetagg) not released
Catalina
fix 63832: Properly mark container as FAILED when a JVM error occurs on \
stop. (remm)
fix Make a best efforts attempt to clean-up if a request fails during \
processing due to an OutOfMemoryException. (markt)
update 63905 Clean up Tomcat CSS. (michaelo)
fix Refactor JMX remote RMI registry creation. (remm)
Coyote
fix 63814: Do not set server socket timeout with negative values in NIO. \
(remm)
fix Ensure that ServletRequest.isAsyncStarted() returns false once \
AsyncContext.complete() or AsyncContext.dispatch() has been called during \
AsyncListener.onTimeout() or AsyncListener.onError(). (markt)
fix 63816 and 63817: Correctly handle I/O errors after asynchronous \
processing has been started but before the container thread that started \
asynchronous processing has completed processing the current request/response. \
(markt)
fix 63825: When processing the Expect and Connection HTTP headers \
looking for a specific token, be stricter in ensuring that the exact token is \
present. (markt)
fix 63829: Improve the check of the Content-Encoding header when looking \
to see if Tomcat is serving pre-compressed content. Ensure that only a full \
token is matched and that the match is case insensitive. (markt)
fix 63836: Ensure that the memory reserved for the OOME parachute is \
released when the NIO endpoint is stopped. (markt)
fix 63864: Refactor parsing of the transfer-encoding request header to \
use the shared parsing code and reduce duplication. (markt)
code Refactor the APR poller to always use a single pollset now that the \
Windows operating systems that required multiple smaller pollsets to be used are \
no longer supported. (markt)
Jasper
fix 63897: Capture the timestamp of a JSP for the purposes of \
modification tracking before the JSP is compiled to prevent a race condition if \
the JSP is modified during compilation. Patch provided by Karl von Randow. \
(markt)
fix Fiible to end users. (markt)
WebSocket
fix 63913: Wrap any NullPointerExceptions throw by the Inflater or \
Deflater used by the PerMessageDeflate extension in an IOException so that the \
error can be caught and handled by the WebSocket error hanion web application. \
(markt)
Other
fix 63815: Quote the use of CATALINA_OPTS and JAVA_OPTS when used in \
shell scripts to avoid the expansion of *. Note that any newlines present in \
CATALINA_OPTS and/or JAVA_OPTS will no longer removed. (marke generification of \
the copied Commons DBCP 1.x code that caused a NullPointerException if a \
DataSource was configured with a database that did not exist. Patch provided by \
Guoxiong Li. (markt)
fix 63838: Suppress reflexive access warnings when ruhe French \
translations provided with Apache Tomcat. (remm)
add Expand the coverage and quality of the Korean translations provided \
with Apache Tomcat. (woonsan)
add Expand the coverage and quality of the Simplified Chinese \
translations proeader to the RemoteIpFilter and RemoteIpValve. (markt)
add 62496: Add option to write auth information (remote user/auth type) \
to response headers. (michaelo)
fix 63550: Only try the alternateURL in the JNDIRealm if one has been \
specified. update 63627: Implement more fine-grained handling in \
RealmBase.authenticate(GSSContext, boolean). (michaelo)
fix Avoid a NullPointerException in the CrawlerSessionManagerValve if no \
ROOT Context is deployed and a request does not map to any of the other deployed \
Contexts. Patch provided by Jop Zinkweg. (markt)
fix 63636: Context.findRoleMapping() never called in \
StandardWrapper.findSecurityReference(). (michaelo)
fix Fix a crash on shutdown with the APR/native connector when a \
blocking I/O operation was still in progress when the connector stopped. (markt)
fix 63684: Wrapper never passed to RealmBase.hasRole() for given \
security constraints. (michaelo)
fix Avoid a potential NullPointerException on Service stop if a Service \
is embedded directly (i.e. with no Server) in an application and JNDI is \
enabled. Patch provided by S. Ali Tokmen. (markt)
add Add a new PropertySource implementation, EnvironmentPropertySource, \
that can be used to do property replacement in configuration files with \
environment variables. Based on a pull request provided by Thomas Meyer. (markt)
fix 63758: Include the XML schema for the tomcat-users.xml file in the \
binary distributions. (markt)
fix 63778: When running on Java 7, use the correct signature to look up \
the DatabaseMetaData.getPseudoColumns() method and avoid the \
NullPointerExceptions caused by using the wrong method. Add error logging to \
detect similar bugs. Based on a pull request by liguoxiong. (markt)
Coyote
fix 63571: Use the implementation default for JSSE TLS session cache \
size. (markt)
fix 63578: Improve handling of invalid requests so that 400 responses \
are returned to the client rather than 500 responses. (markt)
code Remove the code in the sendfile poller that ensured smaller \
pollsets were used with older, no longer supported versions of Windows that \
could not support larger pollsets. (markt)
fix 63737: Correct various issues when parsing the accept-encoding \
header to determine if gzip encoding is supported including only parsing the \
first header found. (markt)
fix 63766: Ensure Processor objects are recycled when processing an HTTP \
upgrade connection that terminates before processing switches to the Processor \
for the upgraded protocol. (markt)
Jasper
fix 63781: When performing various checks related to the visibility of \
classes, fields an methods in the EL implementation, also check that the \
containing module has been exported. (markt)
Web Socket
fix 63753: Ensure that the Host header in a Web Socket HTTP upgrade \
request only contains a port if a non-default port is being used. (markt)
fix When running on Java 9 and above, don't attempt to instantiate \
WebSocket Endpoints found in modules that are not exported. (markt)
Web applications
fix Correct the source code links on the index page for the ROOT web \
application to point to Git rather than Subversion. (markt)
fix Fix various issues with the Javadoc generated for the documentation \
web application to enable release builds to be built with Java 10 onwards. \
(markt)
fix Fix a large number of Javadoc and documentation typos. Patch \
provided by KangZhiDong. (markt)
fix Spelling and formatting corrections for the cluster how-to. Pull \
request provided by Bill Mitchell. (markt)
docs Add Javadoc for the Common Annotations API implementation. (markt)
jdbc-pool
fix When connections are validated without an explicit validation query, \
ensure that any transactions opened by the validation process are committed. \
Patch provided by Pascal Davoust. (markt)
Other
fix 55620: Partial fix. Prevent Tomcat from starting when $CATALINA_HOME \
and/or $CATALINA_BASE contains a semi-colon on Windows or a colon on \
Linux/FreeBSD/etc. (markt)
fix 62140: Additional usage documentation in comments for \
catalina.[bat|sh]. (markt)
add 63285: Add an option to service.bat so that when installing a \
Windows service, the name of the executables used by the Windows service may be \
changed to match the service name. This makes the installation behaviour \
consistent with the Windows installer. The original executable names will be \
restored when the Windows service is removed. The renaming can be enabled by \
using the new --rename option after the service name. (markt)
update 63625: Update to Commons Daemon 1.2.1. This corrects several \
regressions in Commons Daemon 1.2.0, most notably the Windows Service crashing \
on start when using 32-bit JVMs. (markt)
update 63634: Align setproxy target in build.xml with 8.5/9.0. (michaelo)
add Limit the default JPDA (remote debugging interface) listen address \
to localhost:8000. (markt)
update Tighten up the default file permissions for the .tar.gz \
distribution so no files or directories are world readable by default. Configure \
Tomcat to run with a default umask of 0027 which may be overridden by setting \
UMASK in setenv.sh. (markt)
fix Allow customization of service.bat, such as heap memory size, \
service startup mode and JVM args. (isapir)
update Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) \
to pick up the fix for CODEC-134. (markt)
update 63648: Update the test TLS keys and certificates used in the test \
suite to replace the keys and certificates that are about to expire. (markt)
fix Back-port various corrections and improvements to the English \
versions of the i18n messages. (markt)
fix Back-port various corrections and improvements to the Spanish i18n \
messages. (markt)
fix Back-port various corrections and improvements to the French i18n \
messages. (markt)
fix Back-port various corrections and improvements to the Japanese i18n \
messages. (markt)
fix Back-port various corrections and improvements to the Russian i18n \
messages. (markt)
add Include the available German translations in the standard Tomcat \
distribution. Back-port additions and updates to the German i18n messages. \
(markt)
add Add Korean translations to the standard Tomcat distribution. (markt)
add Add simplified Chinese translations to the standard Tomcat \
distribution. (markt)
fix Fix JSSE_OPTS quoting in catalina.bat. Contributed by Peter Uhnak. \
(fschumacher)
fix Remove unused i18n messages and associated translations. Patch \
provided by KangZhiDong. (markt)
code Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was \
only used for unit tests in org.apache.tomcat.util.net.TesterSupport and has \
been moved there. (rjung)
fix When performing a silent install with the Windows Installer, ensure \
that the registry entries are added to the 64-bit registry when using a 64-bit \
JVM. (markt)
fix 63759: When installing Tomcat with the Windows installer, grant \
sufficient privileges to enable the uninstaller to execute when user account \
control is active. (markt)
add Use a build property to define the minimum supported Java version \
and use that build property to reduce the number of edits required to update the \
minimum supported Java version. (markt)
update 63767: Update to Commons Daemon 1.2.2. This corrects a regression \
in Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on \
start when running on an operating system that had not been fully updated. \
(markt)
Tomcat 7.0.96 (violetagg) released 2019-07-29
Catalina
fix 63579: Correct parsing of malformed OPTIONS requests and reject them \
with a 400 response rather than triggering an internal error that results in a \
500 response. (markt)
Coyote
fix Correct parsing of invalid host names that contain bytes in the \
range 128 to 255 and reject them with a 400 response rather than triggering an \
internal error that results in a 500 response. (markt)
WebSocket
fix Correct a regression that prevented a default Tomcat 7 install from \
starting on Java 6. (markt)
Other
add Enable the unit tests to execute in parallel. (markt)
Tomcat 7.0.95 (violetagg) not released
Catalina
add 43548: Add an XML schema for the tomcat-users.xml file. (markt)
fix 63324: Refactor the CrawlerSessionManagerValve so that the object \
placed in the session is compatible with session serialization with mem-cached. \
Patch provided by Martin Lemanski. (markt)
fix 63531: Refactor authenticators so that the session last accessed \
time is not updated if the cache attribute is set to false and FORM \
authentication is not being used. (markt)
add 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter \
(michaelo)
fix Fix a potential resource leak when executing CGI scripts from a WAR \
file. Identified by Coverity scan. (markt)
fix Fix a potential concurrency issue in the StringCache identified by \
Coverity scan. (markt)
fix Fix a potential concurrency issue in the main Sendfile thread of the \
APR connector. Identified by Coverity scan. (markt)
fix Fix a potential resource leak on some exception paths in the \
DataSourceRealm. Identified by Coverity scan. (markt)
fix Fix a potential resource leak on an exception path when parsing JSP \
files. Identified by Coverity scan. (markt)
fix Fix a potential resource leak when a JNDI lookup returns an object \
of an in compatible class. Identified by Coverity scan. (markt)
code Refactor ManagerServlet to avoid loading classes when filtering \
JNDI resources for resources of a specified type. (markt)
fix Avoid a NullPointerException when a Context is defined in server.xml \
with a docBase but not the optional path. (markt)
fix Ensure that the default servlet reads the entire global XSLT file if \
one is defined. Identified by Coverity Scan. (markt)
fix Avoid potential NullPointerException when generating an HTTP Allow \
header. Identified by Coverity Scan. (markt)
add Remove any fragment included in the target path used to obtain a \
RequestDispatcher. The requested target path is logged as a warning since this \
is an application error. (markt)
update Modify the Default and WebDAV Servlets so that a 405 status code \
is returned for PUT and DELETE requests when disabled via the readonly \
initialisation parameter.
fix Align the contents of the Allow header with the response code for \
the Default and WebDAV Servlets. For any given resource a method that returns a \
405 status code will not be listed in the Allow header and a method listed in \
the Allow header will not return a 405 status code. (markt)
fix Correct two failing tests from the Litmus test suite for WebDAV when \
copying/moving a file over a collection. (markt)
update Update the recommended minimum Tomcat Native version to 1.2.23. \
(markt)
fix If an unhandled exception occurs on a asynchronous thread started \
via AsyncContext.start(Runnable), process it using the standard error page \
mechanism. (markt)
Coyote
code Refactor Hostname validation to improve performance. Patch provided \
by Uwe Hees. (markt)
fix Fix to avoid the possibility of long poll times for individual \
pollers when using multiple pollers with APR. (markt)
fix Refactor the fix for 63205 so it only applies when using PKCS12 \
keystores as regressions have been reported with some other keystore types. \
(markt)
Jasper
add Include file names in error messages if SMAP processor is unable to \
delete or rename a class file during SMAP generation. (markt)
fix Improvements to varargs handling in the Java UEL implementation. (markt)
Cluster
fix 62841: Refactor the DeltaRequest serialization to reduce the window \
during which the DeltaSession is locked and to remove a potential cause of \
deadlocks during serialization. (markt)
fix 63441: Further streamline the processing of session creation \
messages in the DeltaManager to reduce the possibility of a session update \
message being processed before the session has been created. (markt)
WebSocket
fix 63521: As required by the WebSocket specification, if a POJO that is \
deployed as a result of the SCI scan for annotated POJOs is subsequently \
deployed via the programmatic API ignore the programmatic deployment. (markt)
Tribes
fix Treat NoRouteToHostException the same way as SocketTimeoutException \
when checking the health of group members. This avoids a SEVERE log message \
every time the check is performed when the host associated with a group member \
is not powered on. (markt)
Other
fix 55969: Tighten up the security of the Apache Tomcat installation \
created by the Windows installer. Change the default shutdown port used by the \
Windows installer from 8005 to -1 (disabled). Limit access to the chosen \
installation directory to local administrators, Local System and Local Service. \
(markt)
add 59871: Add a property (timeFormat) to JULI's OneLineFormatter to \
enable the format of the time stamp used in log messages to be configured. \
(markt)
update 63310: Update to Commons Daemon 1.2.0. This provides improved \
support for Java 11. This also changes the user configured by the Windows \
installer for the Windows service from Local System to the lower privileged \
Local Service. (markt)
fix 63335: Ensure that stack traces written by the OneLineFormatter are \
fully indented. The entire stack trace is now indented by an additional TAB \
character. (markt)
fix When using the OneLineFormatter, don't print a blank line in the log \
after printing a stack trace. (markt)
fix Use the test command to check for terminal availability rather than \
the tty command since the tty based test fails on non-English locales. Patch \
provided by Radosław Józwik. (markt)
update Update JUnit to version 4.12. (markt)
update Update optional WSDL dependency to 1.6.3. (markt)
update Update Checkstyle to version 8.22. (markt)
Tomcat 7.0.94 (markt) released 2019-04-12
Catalina
fix 63196: Provide a default (X-Forwarded-Proto) for the protocolHeader \
attribute of the RemoteIpFilter and RemoteIpValve. (markt)
add 63206: Add a new attribute to Context - createUploadTargets which, \
if true enables Tomcat to create the temporary upload location used by a Servlet \
if the location specified by the Servlet does not already exist. The default \
value is false. (markt)
fix 63213: Ensure the correct escaping of group names when searching for \
nested groups when the JNDIRealm is configured with roleNested set to true. \
(markt)
fix 63235: Refactor Charset cache to reduce start time. (markt)
fix 63236: Use String.intern() as suggested by Phillip Webb to reduce \
memory wasted due to String duplication. This changes saves ~245k when starting \
a clean installation. With additional thanks to YourKit Java profiler for \
helping to track down the wasted memory and the root causes. (markt)
fix 63246: Fix a potential NullPointerException when calling \
AsyncContext.dispatch(). (markt)
fix 63249: Use a consistent log level (WARN) when logging the failure to \
register or deregister a JMX Bean. (markt)
fix 63249: Use a consistent log level (ERROR) when logging the \
LifecycleException associated with the failure to start or stop a component. \
(markt)
fix When the SSI directive fsize is used with an invalid target, return \
a file size of - rather than 1k. (markt)
fix 63251: Implement a work-around for a known JRE bug (JDK-8194653) \
that may cause a dead-lock when Tomcat starts. (markt)
fix Ensure that the JarScanner correctly tests whether JARs found on the \
class path should be skipped when running on Java 9 or later. (markt)
fix 63275: When using a RequestDispatcher ensure that \
HttpServletRequest.getContextPath() returns an encoded path in the dispatched \
request. (markt)
fix 63286: Document the differences in behaviour between the LogFormat \
directive in httpd and the pattern attribute in the AccessLogValve for %D and \
%T. (markt)
fix 63311: Add support for https URLs to the local resolver within \
Tomcat used to resolve standard XML DTDs and schemas when Tomcat is configured \
to validate XML configuration files such as web.xml. (markt)
fix Encode the output of the SSI printenv command. This is the fix for \
CVE-2019-0221. (markt)
code Use constants for SSI encoding values. (markt)
add When the CGI Servlet is configured with enableCmdLineArguments set \
to true, limit the encoded form of the individual command line arguments to \
those values allowed by RFC 3875. This restriction may be relaxed by the use of \
the new initialisation parameter cmdLineArgumentsEncoded. (markt)
add When the CGI Servlet is configured with enableCmdLineArguments set \
to true, limit the decoded form of the individual command line arguments to \
known safe values when running on Windows. This restriction may be relaxed by \
the use of the new initialisation parameter cmdLineArgumentsDecoded. This is the \
fix for CVE-2019-0232. (markt)
update Change the default for the enableCmdLineArguments parameter of \
the CGI servlet from true to false as additional hardening against \
CVE-2019-0232. (markt)
Coyote
fix 63194: Fix failing unit test so TLS1.3 client authentication tests \
work correctly when using Java 11 onwards and the APR/Native connector. (markt)
add 63205: Add a work-around for a known JRE KeyStore loading bug. (markt)
Jasper
add Add support for specifying Java 11 (with the value 11) as the \
compiler source and/or compiler target for JSP compilation. (markt)
add Add support for specifying Java 12 (with the value 12) and Java 13 \
(with the value 13) as the compiler source and/or compiler target for JSP \
compilation. If used with an ECJ version that does not support these values, a \
warning will be logged and the latest supported version will used. Based on a \
patch by Thomas Collignon. (markt)
Web applications
fix 63184: Expand the SSI documentation to provide more information on \
the supported directives and their attributes. Patch provided by \
nightwatchcyber. (markt)
jdbc-pool
fix 63320: Ensure that StatementCache caches statements that include \
arrays in arguments. (kfujino)
Other
code Copy Apache Commons DBCP 1.4 and Apache Commons Pool 1.5.7 source \
code into the Tomcat 7.0.x tree to enable additional fixes to be pulled in. \
(markt)
fix Update the copy of Apache Commons DBCP 1.4.x and Apache Commons pool \
1.5.x to the latest source code as of 2019-03-15 to pick up multiple bug fixes \
including 58338. (markt)
code Update the copy of Apache Commons Pool to 1.6.x to pick up the \
generics changes. (markt)
add Add JDBC 4.1 support to the default database connection pool \
provided by Tomcat. (markt)
update Switch from Checkstyle to the JRE6 backport and update to version \
8.17. This allows Tomcat 7 to use the newer configuration format (required by \
Gump that uses the latest Checkstyle snapshot) while still building with Java 6. \
(markt)
|
| 2019-03-26 21:56:23 by Ryo ONODERA | Files touched by this commit (3) |
Log message: Update to 7.0.93 Changelog: Update the packaged version of the Tomcat Native Library to 1.2.21 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1a and to pick up the memory leak fixes when using NIO/NIO2 with OpenSSL. |
New packages: