./www/apache-tomcat7, Implementation of Java Servlet and JavaServer Pages technologies

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 7.0.99, Package name: apache-tomcat-7.0.99, Maintainer: pkgsrc-users

Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.

Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.

Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.


Required to run:
[lang/openjdk11]

Required to build:
[pkgtools/cwrappers]

Master sites: (Expand)

SHA1: ccc5cf61b663242ab0bb1890b5ed0ee6198fc0ba
RMD160: ebf5853d684deaa92ce26d4271af208bc221aa8e
Filesize: 9362.896 KB

Version history: (Expand)


CVS history: (Expand)


   2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046)
Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
   2020-01-13 08:37:46 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
apache-tomcat7: Update to 7.0.99

Changelog:
Tomcat 7.0.99 (violetagg)

    Catalina

        add	63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and \ 
friends. (michaelo)
        add	63937: Add a new attribute to the standard Authenticator \ 
implementations, allowCorsPreflight, that allows the Authenticators to be \ 
configured to allow CORS preflight requests to bypass authentication as required \ 
by the CORS specification. (markt)
        fix	63939: Correct the same origin check in the CORS filter. An origin \ 
with an explicit default port is now considered to be the same as an origin \ 
without a default port and origins are now compared in a case-sensitive manner \ 
as required by the CORS specification. (markt)
        fix	63950: Fix timing issue in TestAsyncContextStateChanges test that \ 
caused it to hang indefinitely. (markt)
        fix	63982: CombinedRealm makes assumptions about principal \ 
implementation (michaelo)
        code	Add a unit test for the session FileStore implementation and \ 
refactor loops in FileStore to use the ForEach style. Pull request provided by \ 
Govinda Sakhare. (markt)
        fix	Refactor FORM authentication to reduce duplicate code and to ensure \ 
that the authenticated Principal is not cached in the session when caching is \ 
disabled. (markt)
        update	Do not store username and password as session notes during \ 
authentication if they are not needed. (kkolinko)

    Coyote

        fix	63932: By default, do not compress content that has a strong ETag. \ 
This behaviour is configuration for the HTTP/1.1 connectors via the new \ 
Connector attribute noCompressionStrongETag. (markt)

    WebSocket

        fix	Ensure a very unlikely concurrency issue is avoided when writing \ 
WebSocket messages. (markt)

    Web applications

        add	Add the ability to set and display session attributes in the JSP \ 
FORM authentication example to demonstrate session persistence across restarts \ 
for authenticated sessions. (markt)

    Other

        fix	Correct the fix for 63815 (quoting the use of CATALINA_OPTS and \ 
JAVA_OPTS when used in shell scripts to avoid the expansion of *) as it caused \ 
various regressions, particularly with daemon.sh. (markt)
        add	Expand the search made by the Windows installer for a suitable Java \ 
installation to include the 64-bit JDK registry entries and the JAVA_HOME \ 
environment variable. Pull request provided by Alexander Norz. (markt)
        add	Expand the coverage of the German translations provided with Apache \ 
Tomcat. Contribution provided by Jens. (markt)
        add	Expand the coverage of the French translations provided with Apache \ 
Tomcat. (remm)
        add	Expand the coverage of the Japanese translations provided with \ 
Apache Tomcat. (markt)
        add	Expand the coverage of the Korean translations provided with Apache \ 
Tomcat. (woonsan)
        add	Expand the coverage of the Chinese translations provided with Apache \ 
Tomcat. Contributions provided by lins and 磊. (markt)
        add	Update the internal fork of Apache Commons BCEL to ff6941e \ 
(2019-12-06, 6.4.2-dev). Code clean-up only. (markt)
        add	Update the internal fork of Apache Commons Codec to 9637dd4 \ 
(2019-12-06, 1.14-SNAPSHOT). Code clean-up and a fix for CODEC-265. (markt)
        add	Update the internal fork of Apache Commons FileUpload to 2317552 \ 
(2019-12-06, 2.0-SNAPSHOT). Refactoring. (markt)

Tomcat 7.0.98 (violetagg)	not released

    Catalina

        fix	63832: Properly mark container as FAILED when a JVM error occurs on \ 
stop. (remm)
        fix	Make a best efforts attempt to clean-up if a request fails during \ 
processing due to an OutOfMemoryException. (markt)
        update	63905 Clean up Tomcat CSS. (michaelo)
        fix	Refactor JMX remote RMI registry creation. (remm)

    Coyote

        fix	63814: Do not set server socket timeout with negative values in NIO. \ 
(remm)
        fix	Ensure that ServletRequest.isAsyncStarted() returns false once \ 
AsyncContext.complete() or AsyncContext.dispatch() has been called during \ 
AsyncListener.onTimeout() or AsyncListener.onError(). (markt)
        fix	63816 and 63817: Correctly handle I/O errors after asynchronous \ 
processing has been started but before the container thread that started \ 
asynchronous processing has completed processing the current request/response. \ 
(markt)
        fix	63825: When processing the Expect and Connection HTTP headers \ 
looking for a specific token, be stricter in ensuring that the exact token is \ 
present. (markt)
        fix	63829: Improve the check of the Content-Encoding header when looking \ 
to see if Tomcat is serving pre-compressed content. Ensure that only a full \ 
token is matched and that the match is case insensitive. (markt)
        fix	63836: Ensure that the memory reserved for the OOME parachute is \ 
released when the NIO endpoint is stopped. (markt)
        fix	63864: Refactor parsing of the transfer-encoding request header to \ 
use the shared parsing code and reduce duplication. (markt)
        code	Refactor the APR poller to always use a single pollset now that the \ 
Windows operating systems that required multiple smaller pollsets to be used are \ 
no longer supported. (markt)

    Jasper

        fix	63897: Capture the timestamp of a JSP for the purposes of \ 
modification tracking before the JSP is compiled to prevent a race condition if \ 
the JSP is modified during compilation. Patch provided by Karl von Randow. \ 
(markt)
        fix	Fiible to end users. (markt)

    WebSocket

        fix	63913: Wrap any NullPointerExceptions throw by the Inflater or \ 
Deflater used by the PerMessageDeflate extension in an IOException so that the \ 
error can be caught and handled by the WebSocket error hanion web application. \ 
(markt)

    Other

        fix	63815: Quote the use of CATALINA_OPTS and JAVA_OPTS when used in \ 
shell scripts to avoid the expansion of *. Note that any newlines present in \ 
CATALINA_OPTS and/or JAVA_OPTS will no longer removed. (marke generification of \ 
the copied Commons DBCP 1.x code that caused a NullPointerException if a \ 
DataSource was configured with a database that did not exist. Patch provided by \ 
Guoxiong Li. (markt)
        fix	63838: Suppress reflexive access warnings when ruhe French \ 
translations provided with Apache Tomcat. (remm)
        add	Expand the coverage and quality of the Korean translations provided \ 
with Apache Tomcat. (woonsan)
        add	Expand the coverage and quality of the Simplified Chinese \ 
translations proeader to the RemoteIpFilter and RemoteIpValve. (markt)
        add	62496: Add option to write auth information (remote user/auth type) \ 
to response headers. (michaelo)
        fix	63550: Only try the alternateURL in the JNDIRealm if one has been \ 
specified.    update	63627: Implement more fine-grained handling in \ 
RealmBase.authenticate(GSSContext, boolean). (michaelo)
        fix	Avoid a NullPointerException in the CrawlerSessionManagerValve if no \ 
ROOT Context is deployed and a request does not map to any of the other deployed \ 
Contexts. Patch provided by Jop Zinkweg. (markt)
        fix	63636: Context.findRoleMapping() never called in \ 
StandardWrapper.findSecurityReference(). (michaelo)
        fix	Fix a crash on shutdown with the APR/native connector when a \ 
blocking I/O operation was still in progress when the connector stopped. (markt)
        fix	63684: Wrapper never passed to RealmBase.hasRole() for given \ 
security constraints. (michaelo)
        fix	Avoid a potential NullPointerException on Service stop if a Service \ 
is embedded directly (i.e. with no Server) in an application and JNDI is \ 
enabled. Patch provided by S. Ali Tokmen. (markt)
        add	Add a new PropertySource implementation, EnvironmentPropertySource, \ 
that can be used to do property replacement in configuration files with \ 
environment variables. Based on a pull request provided by Thomas Meyer. (markt)
        fix	63758: Include the XML schema for the tomcat-users.xml file in the \ 
binary distributions. (markt)
        fix	63778: When running on Java 7, use the correct signature to look up \ 
the DatabaseMetaData.getPseudoColumns() method and avoid the \ 
NullPointerExceptions caused by using the wrong method. Add error logging to \ 
detect similar bugs. Based on a pull request by liguoxiong. (markt)

    Coyote

        fix	63571: Use the implementation default for JSSE TLS session cache \ 
size. (markt)
        fix	63578: Improve handling of invalid requests so that 400 responses \ 
are returned to the client rather than 500 responses. (markt)
        code	Remove the code in the sendfile poller that ensured smaller \ 
pollsets were used with older, no longer supported versions of Windows that \ 
could not support larger pollsets. (markt)
        fix	63737: Correct various issues when parsing the accept-encoding \ 
header to determine if gzip encoding is supported including only parsing the \ 
first header found. (markt)
        fix	63766: Ensure Processor objects are recycled when processing an HTTP \ 
upgrade connection that terminates before processing switches to the Processor \ 
for the upgraded protocol. (markt)

    Jasper

        fix	63781: When performing various checks related to the visibility of \ 
classes, fields an methods in the EL implementation, also check that the \ 
containing module has been exported. (markt)

    Web Socket

        fix	63753: Ensure that the Host header in a Web Socket HTTP upgrade \ 
request only contains a port if a non-default port is being used. (markt)
        fix	When running on Java 9 and above, don't attempt to instantiate \ 
WebSocket Endpoints found in modules that are not exported. (markt)

    Web applications

        fix	Correct the source code links on the index page for the ROOT web \ 
application to point to Git rather than Subversion. (markt)
        fix	Fix various issues with the Javadoc generated for the documentation \ 
web application to enable release builds to be built with Java 10 onwards. \ 
(markt)
        fix	Fix a large number of Javadoc and documentation typos. Patch \ 
provided by KangZhiDong. (markt)
        fix	Spelling and formatting corrections for the cluster how-to. Pull \ 
request provided by Bill Mitchell. (markt)
        docs	Add Javadoc for the Common Annotations API implementation. (markt)

    jdbc-pool

        fix	When connections are validated without an explicit validation query, \ 
ensure that any transactions opened by the validation process are committed. \ 
Patch provided by Pascal Davoust. (markt)

    Other

        fix	55620: Partial fix. Prevent Tomcat from starting when $CATALINA_HOME \ 
and/or $CATALINA_BASE contains a semi-colon on Windows or a colon on \ 
Linux/FreeBSD/etc. (markt)
        fix	62140: Additional usage documentation in comments for \ 
catalina.[bat|sh]. (markt)
        add	63285: Add an option to service.bat so that when installing a \ 
Windows service, the name of the executables used by the Windows service may be \ 
changed to match the service name. This makes the installation behaviour \ 
consistent with the Windows installer. The original executable names will be \ 
restored when the Windows service is removed. The renaming can be enabled by \ 
using the new --rename option after the service name. (markt)
        update	63625: Update to Commons Daemon 1.2.1. This corrects several \ 
regressions in Commons Daemon 1.2.0, most notably the Windows Service crashing \ 
on start when using 32-bit JVMs. (markt)
        update	63634: Align setproxy target in build.xml with 8.5/9.0. (michaelo)
        add	Limit the default JPDA (remote debugging interface) listen address \ 
to localhost:8000. (markt)
        update	Tighten up the default file permissions for the .tar.gz \ 
distribution so no files or directories are world readable by default. Configure \ 
Tomcat to run with a default umask of 0027 which may be overridden by setting \ 
UMASK in setenv.sh. (markt)
        fix	Allow customization of service.bat, such as heap memory size, \ 
service startup mode and JVM args. (isapir)
        update	Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) \ 
to pick up the fix for CODEC-134. (markt)
        update	63648: Update the test TLS keys and certificates used in the test \ 
suite to replace the keys and certificates that are about to expire. (markt)
        fix	Back-port various corrections and improvements to the English \ 
versions of the i18n messages. (markt)
        fix	Back-port various corrections and improvements to the Spanish i18n \ 
messages. (markt)
        fix	Back-port various corrections and improvements to the French i18n \ 
messages. (markt)
        fix	Back-port various corrections and improvements to the Japanese i18n \ 
messages. (markt)
        fix	Back-port various corrections and improvements to the Russian i18n \ 
messages. (markt)
        add	Include the available German translations in the standard Tomcat \ 
distribution. Back-port additions and updates to the German i18n messages. \ 
(markt)
        add	Add Korean translations to the standard Tomcat distribution. (markt)
        add	Add simplified Chinese translations to the standard Tomcat \ 
distribution. (markt)
        fix	Fix JSSE_OPTS quoting in catalina.bat. Contributed by Peter Uhnak. \ 
(fschumacher)
        fix	Remove unused i18n messages and associated translations. Patch \ 
provided by KangZhiDong. (markt)
        code	Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was \ 
only used for unit tests in org.apache.tomcat.util.net.TesterSupport and has \ 
been moved there. (rjung)
        fix	When performing a silent install with the Windows Installer, ensure \ 
that the registry entries are added to the 64-bit registry when using a 64-bit \ 
JVM. (markt)
        fix	63759: When installing Tomcat with the Windows installer, grant \ 
sufficient privileges to enable the uninstaller to execute when user account \ 
control is active. (markt)
        add	Use a build property to define the minimum supported Java version \ 
and use that build property to reduce the number of edits required to update the \ 
minimum supported Java version. (markt)
        update	63767: Update to Commons Daemon 1.2.2. This corrects a regression \ 
in Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on \ 
start when running on an operating system that had not been fully updated. \ 
(markt)

Tomcat 7.0.96 (violetagg)	released 2019-07-29

    Catalina

        fix	63579: Correct parsing of malformed OPTIONS requests and reject them \ 
with a 400 response rather than triggering an internal error that results in a \ 
500 response. (markt)

    Coyote

        fix	Correct parsing of invalid host names that contain bytes in the \ 
range 128 to 255 and reject them with a 400 response rather than triggering an \ 
internal error that results in a 500 response. (markt)

    WebSocket

        fix	Correct a regression that prevented a default Tomcat 7 install from \ 
starting on Java 6. (markt)

    Other

        add	Enable the unit tests to execute in parallel. (markt)

Tomcat 7.0.95 (violetagg)	not released

    Catalina

        add	43548: Add an XML schema for the tomcat-users.xml file. (markt)
        fix	63324: Refactor the CrawlerSessionManagerValve so that the object \ 
placed in the session is compatible with session serialization with mem-cached. \ 
Patch provided by Martin Lemanski. (markt)
        fix	63531: Refactor authenticators so that the session last accessed \ 
time is not updated if the cache attribute is set to false and FORM \ 
authentication is not being used. (markt)
        add	63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter \ 
(michaelo)
        fix	Fix a potential resource leak when executing CGI scripts from a WAR \ 
file. Identified by Coverity scan. (markt)
        fix	Fix a potential concurrency issue in the StringCache identified by \ 
Coverity scan. (markt)
        fix	Fix a potential concurrency issue in the main Sendfile thread of the \ 
APR connector. Identified by Coverity scan. (markt)
        fix	Fix a potential resource leak on some exception paths in the \ 
DataSourceRealm. Identified by Coverity scan. (markt)
        fix	Fix a potential resource leak on an exception path when parsing JSP \ 
files. Identified by Coverity scan. (markt)
        fix	Fix a potential resource leak when a JNDI lookup returns an object \ 
of an in compatible class. Identified by Coverity scan. (markt)
        code	Refactor ManagerServlet to avoid loading classes when filtering \ 
JNDI resources for resources of a specified type. (markt)
        fix	Avoid a NullPointerException when a Context is defined in server.xml \ 
with a docBase but not the optional path. (markt)
        fix	Ensure that the default servlet reads the entire global XSLT file if \ 
one is defined. Identified by Coverity Scan. (markt)
        fix	Avoid potential NullPointerException when generating an HTTP Allow \ 
header. Identified by Coverity Scan. (markt)
        add	Remove any fragment included in the target path used to obtain a \ 
RequestDispatcher. The requested target path is logged as a warning since this \ 
is an application error. (markt)
        update	Modify the Default and WebDAV Servlets so that a 405 status code \ 
is returned for PUT and DELETE requests when disabled via the readonly \ 
initialisation parameter.
        fix	Align the contents of the Allow header with the response code for \ 
the Default and WebDAV Servlets. For any given resource a method that returns a \ 
405 status code will not be listed in the Allow header and a method listed in \ 
the Allow header will not return a 405 status code. (markt)
        fix	Correct two failing tests from the Litmus test suite for WebDAV when \ 
copying/moving a file over a collection. (markt)
        update	Update the recommended minimum Tomcat Native version to 1.2.23. \ 
(markt)
        fix	If an unhandled exception occurs on a asynchronous thread started \ 
via AsyncContext.start(Runnable), process it using the standard error page \ 
mechanism. (markt)

    Coyote

        code	Refactor Hostname validation to improve performance. Patch provided \ 
by Uwe Hees. (markt)
        fix	Fix to avoid the possibility of long poll times for individual \ 
pollers when using multiple pollers with APR. (markt)
        fix	Refactor the fix for 63205 so it only applies when using PKCS12 \ 
keystores as regressions have been reported with some other keystore types. \ 
(markt)

    Jasper

        add	Include file names in error messages if SMAP processor is unable to \ 
delete or rename a class file during SMAP generation. (markt)
        fix	Improvements to varargs handling in the Java UEL implementation. (markt)

    Cluster

        fix	62841: Refactor the DeltaRequest serialization to reduce the window \ 
during which the DeltaSession is locked and to remove a potential cause of \ 
deadlocks during serialization. (markt)
        fix	63441: Further streamline the processing of session creation \ 
messages in the DeltaManager to reduce the possibility of a session update \ 
message being processed before the session has been created. (markt)

    WebSocket

        fix	63521: As required by the WebSocket specification, if a POJO that is \ 
deployed as a result of the SCI scan for annotated POJOs is subsequently \ 
deployed via the programmatic API ignore the programmatic deployment. (markt)

    Tribes

        fix	Treat NoRouteToHostException the same way as SocketTimeoutException \ 
when checking the health of group members. This avoids a SEVERE log message \ 
every time the check is performed when the host associated with a group member \ 
is not powered on. (markt)

    Other

        fix	55969: Tighten up the security of the Apache Tomcat installation \ 
created by the Windows installer. Change the default shutdown port used by the \ 
Windows installer from 8005 to -1 (disabled). Limit access to the chosen \ 
installation directory to local administrators, Local System and Local Service. \ 
(markt)
        add	59871: Add a property (timeFormat) to JULI's OneLineFormatter to \ 
enable the format of the time stamp used in log messages to be configured. \ 
(markt)
        update	63310: Update to Commons Daemon 1.2.0. This provides improved \ 
support for Java 11. This also changes the user configured by the Windows \ 
installer for the Windows service from Local System to the lower privileged \ 
Local Service. (markt)
        fix	63335: Ensure that stack traces written by the OneLineFormatter are \ 
fully indented. The entire stack trace is now indented by an additional TAB \ 
character. (markt)
        fix	When using the OneLineFormatter, don't print a blank line in the log \ 
after printing a stack trace. (markt)
        fix	Use the test command to check for terminal availability rather than \ 
the tty command since the tty based test fails on non-English locales. Patch \ 
provided by Radosław Józwik. (markt)
        update	Update JUnit to version 4.12. (markt)
        update	Update optional WSDL dependency to 1.6.3. (markt)
        update	Update Checkstyle to version 8.22. (markt)

Tomcat 7.0.94 (markt)	released 2019-04-12

    Catalina

        fix	63196: Provide a default (X-Forwarded-Proto) for the protocolHeader \ 
attribute of the RemoteIpFilter and RemoteIpValve. (markt)
        add	63206: Add a new attribute to Context - createUploadTargets which, \ 
if true enables Tomcat to create the temporary upload location used by a Servlet \ 
if the location specified by the Servlet does not already exist. The default \ 
value is false. (markt)
        fix	63213: Ensure the correct escaping of group names when searching for \ 
nested groups when the JNDIRealm is configured with roleNested set to true. \ 
(markt)
        fix	63235: Refactor Charset cache to reduce start time. (markt)
        fix	63236: Use String.intern() as suggested by Phillip Webb to reduce \ 
memory wasted due to String duplication. This changes saves ~245k when starting \ 
a clean installation. With additional thanks to YourKit Java profiler for \ 
helping to track down the wasted memory and the root causes. (markt)
        fix	63246: Fix a potential NullPointerException when calling \ 
AsyncContext.dispatch(). (markt)
        fix	63249: Use a consistent log level (WARN) when logging the failure to \ 
register or deregister a JMX Bean. (markt)
        fix	63249: Use a consistent log level (ERROR) when logging the \ 
LifecycleException associated with the failure to start or stop a component. \ 
(markt)
        fix	When the SSI directive fsize is used with an invalid target, return \ 
a file size of - rather than 1k. (markt)
        fix	63251: Implement a work-around for a known JRE bug (JDK-8194653) \ 
that may cause a dead-lock when Tomcat starts. (markt)
        fix	Ensure that the JarScanner correctly tests whether JARs found on the \ 
class path should be skipped when running on Java 9 or later. (markt)
        fix	63275: When using a RequestDispatcher ensure that \ 
HttpServletRequest.getContextPath() returns an encoded path in the dispatched \ 
request. (markt)
        fix	63286: Document the differences in behaviour between the LogFormat \ 
directive in httpd and the pattern attribute in the AccessLogValve for %D and \ 
%T. (markt)
        fix	63311: Add support for https URLs to the local resolver within \ 
Tomcat used to resolve standard XML DTDs and schemas when Tomcat is configured \ 
to validate XML configuration files such as web.xml. (markt)
        fix	Encode the output of the SSI printenv command. This is the fix for \ 
CVE-2019-0221. (markt)
        code	Use constants for SSI encoding values. (markt)
        add	When the CGI Servlet is configured with enableCmdLineArguments set \ 
to true, limit the encoded form of the individual command line arguments to \ 
those values allowed by RFC 3875. This restriction may be relaxed by the use of \ 
the new initialisation parameter cmdLineArgumentsEncoded. (markt)
        add	When the CGI Servlet is configured with enableCmdLineArguments set \ 
to true, limit the decoded form of the individual command line arguments to \ 
known safe values when running on Windows. This restriction may be relaxed by \ 
the use of the new initialisation parameter cmdLineArgumentsDecoded. This is the \ 
fix for CVE-2019-0232. (markt)
        update	Change the default for the enableCmdLineArguments parameter of \ 
the CGI servlet from true to false as additional hardening against \ 
CVE-2019-0232. (markt)

    Coyote

        fix	63194: Fix failing unit test so TLS1.3 client authentication tests \ 
work correctly when using Java 11 onwards and the APR/Native connector. (markt)
        add	63205: Add a work-around for a known JRE KeyStore loading bug. (markt)

    Jasper

        add	Add support for specifying Java 11 (with the value 11) as the \ 
compiler source and/or compiler target for JSP compilation. (markt)
        add	Add support for specifying Java 12 (with the value 12) and Java 13 \ 
(with the value 13) as the compiler source and/or compiler target for JSP \ 
compilation. If used with an ECJ version that does not support these values, a \ 
warning will be logged and the latest supported version will used. Based on a \ 
patch by Thomas Collignon. (markt)

    Web applications

        fix	63184: Expand the SSI documentation to provide more information on \ 
the supported directives and their attributes. Patch provided by \ 
nightwatchcyber. (markt)

    jdbc-pool

        fix	63320: Ensure that StatementCache caches statements that include \ 
arrays in arguments. (kfujino)

    Other

        code	Copy Apache Commons DBCP 1.4 and Apache Commons Pool 1.5.7 source \ 
code into the Tomcat 7.0.x tree to enable additional fixes to be pulled in. \ 
(markt)
        fix	Update the copy of Apache Commons DBCP 1.4.x and Apache Commons pool \ 
1.5.x to the latest source code as of 2019-03-15 to pick up multiple bug fixes \ 
including 58338. (markt)
        code	Update the copy of Apache Commons Pool to 1.6.x to pick up the \ 
generics changes. (markt)
        add	Add JDBC 4.1 support to the default database connection pool \ 
provided by Tomcat. (markt)
        update	Switch from Checkstyle to the JRE6 backport and update to version \ 
8.17. This allows Tomcat 7 to use the newer configuration format (required by \ 
Gump that uses the latest Checkstyle snapshot) while still building with Java 6. \ 
(markt)
   2019-03-26 21:56:23 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 7.0.93

Changelog:
Update the packaged version of the Tomcat Native Library to 1.2.21
to pick up the latest Windows binaries built with APR 1.6.5 and
OpenSSL 1.1.1a and to pick up the memory leak fixes when using
NIO/NIO2 with OpenSSL.
   2019-01-22 15:46:49 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 7.0.92

Changelog:
Tomcat 7.0.92 (violetagg)

    Catalina

        fix	Add documentation about the files context.xml.default and \ 
web.xml.default that can be used to customize conf/context.xml and conf/web.xml \ 
on a per host basis. (fschumacher)
        fix	Ensure that a canonical path is always used for the docBase of a \ 
Context to ensure consistent behaviour. (markt)
        fix	62788: Add explicit logging configuration to write log files using \ 
UTF-8 to align with Tomcat's use of UTF-8 by default elsewhere. (markt)
        fix	62797: Pass throwable to keep client aborts with status 200 rather \ 
than 500. Patch submitted by zikfat. (remm)
        fix	62809: Correct a regression in the implementation of DIGEST \ 
authentication support for the Deployer Ant tasks (bug 45832) that prevented the \ 
DeployTask from working when authentication was required. (markt)
        update	Update the recommended minimum Tomcat Native version to 1.2.18. \ 
(markt)
        add	Ignore an attribute named source on Context elements provided by \ 
StandardContext. This is to suppress warnings generated by the Eclipse / Tomcat \ 
integration provided by Eclipse. Based on a patch by mdfst13. (markt)
        add	62830: Added JniLifeCycleListener and static methods \ 
Library.loadLibrary(libraryName) and Library.load(filename) to load a native \ 
library by a shared class loader so that more than one Webapp can use it. \ 
(isapir)
        fix	Correct a typo in the Spanish resource files. Patch provided by \ 
Diego Agulló. (markt)
        fix	62868: Order the Enumeration<URL> provided by \ 
WebappClassLoaderBase.getResources(String) according to the setting of the \ 
delegate flag. (markt)

    Coyote

        add	Add TLSv1.3 to the default protocols and to the all alias for JSSE \ 
based TLS connectors when running on a JVM that supports TLS version 1.3. One \ 
such JVM is OpenJDK version 11. (rjung)
        fix	62739: Do not reject requests with an empty HTTP Host header. Such \ 
requests are unusual but not invalid. Patch provided by Michael Orr. (markt)
        add	62748: Add TLS 1.3 support for the APR/Native connector. (schultz/markt)
        fix	62791: Remove an unnecessary check in the NIO TLS implementation \ 
that prevented from secure WebSocket connections from being established. (markt)

    Jasper

        fix	62674: Correct a regression in the stand-alone JSP compiler utility, \ 
JspC, caused by the fix for 53492, that caused the JSP compiler to hang. (markt)
        fix	62721: Correct generation of web.xml header when using JspC. (markt)
        fix	Fix a regression in the TLD whitespace parsing fix that broke \ 
parsing when whitespace was present between the method name and the parameters. \ 
(markt)
        fix	62757: Correct a regression in the fix for 62603 that caused \ 
NullPointerExceptions when compiling tag files on first access when development \ 
mode was disabled and background compilation was enabled. Based on a patch by \ 
Jordi Llach. (markt)
        fix	62808: Fix a regression in the TLD whitespace parsing fix that broke \ 
parsing when new lines were present in the method signature. (markt)

    WebSocket

        fix	62731: Make the URI returned by HandshakeRequest.getRequestURI() and \ 
Session.getRequestURI() absolute so that the scheme, host and port are \ 
accessible. (markt)

    Web applications

        fix	62761: Correct the advanced CORS example in the Filter documentation \ 
to use a valid configuration. (markt)
        fix	62786: Add a note to the Context documentation to explain that, by \ 
default, settings for a Context element defined in server.xml will be \ 
overwritten by settings specified in a default context file such as \ 
conf/context.xml. (markt)
        fix	Create a little visual separation between the Undeploy button and \ 
the other buttons in the Manager application. Patch provided by Łukasz Jąder. \ 
(markt)

    Other

        update	Update the packaged version of the Tomcat Native Library to \ 
1.2.18 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL \ 
1.1.1. (markt)

Tomcat 7.0.91 (violetagg)	released 2018-09-19

    Catalina

        add	61692: Add the ability to control which HTTP methods are handled by \ 
the CGI Servlet via a new initialization parameter cgiMethods. (markt)
        fix	Ensure that the HTTP Vary header is set correctly when using the \ 
CORS filter and improve the cacheability of requests that pass through the COPRS \ 
filter. (markt)
        fix	62527: Revert restriction of JNDI to the java: namespace. (remm)
        add	Introduce a new class - MultiThrowable - to report exceptions when \ 
multiple actions are taken where each action may throw an exception but all \ 
actions are taken before any errors are reported. Use this new class when \ 
reporting multiple container (e.g. web application) failures during start. \ 
(markt)
        fix	Correctly decode URL paths (+ should not be decoded to a space in \ 
the path) in the RequestDispatcher and the web application class loader. (markt)
        add	62559: Add jaxb-*.jar to the list of JARs ignored by \ 
StandardJarScanner. (markt)
        add	62560: Add oraclepki.jar to the list of JARs ignored by \ 
StandardJarScanner. (markt)
        add	62607: Return a non-zero exit code from catalina.[bat|sh] run if \ 
Tomcat fails to start. (markt)
        code	Remove ServletException from declaration of \ 
Tomcat.addWebapp(String,String) since it is never thrown. Patch provided by \ 
Tzafrir. (markt)
        fix	Use short circuit logic to prevent potential NPE in CorsFilter. \ 
(fschumacher)
        code	Simplify construction of appName from container name in JAASRealm. \ 
(fschumacher)
        fix	Improve the handling of path parameters when working with Requestt \ 
type multipart/form-data to servlets with a @MultipartConfig annotation \ 
regardless of HTTP method. (markt)
        fix	62669: When using the SSIFilter and a resource does not specify a \ 
content type, do not force the content type to application/x-octet-s a redirect \ 
to a directory in the Default Servlet, avoid generating a protocol relative \ 
redirect. (markt)

    Coyote

        fix	Refactor code that adds an additional header name to the Vary HTTP \ 
response header to use a common utility method that addresses several additional \ 
edge cases. (markt)
        fix	62526: Correctly handle PKCS12 format key stores when the key store \ 
password is configured to be the empty string. Note that Java 6 does not support \ 
PKCS12 key stores configured to use a store password of the empty string. \ 
(markt)
        fix	62670: Adjust the memory leak protection for the DriverManager so \ 
that JDBC drivers located in $CATALINA_HOME/lib and $CATALINA_BASE/lib are \ 
loaded via the service loader mechanism when the protection is enabled. (markt)
        fix	62685: Correct an error in host name validation parsing that did not \ 
allow a fully qualified domain name to terminate with a period. Patch provided \ 
by AG. (markt)

    Jasper

        fix	53011: When pre-compiling with JspC, report all compilation errors \ 
rather than stopping after the first error. A new option -failFast can be used \ 
to restore the previous behaviour of stopping after the first error. Based on a \ 
patch provided by Marc Pompl. (markt)
        add	53492: Make the Java file generation process multi-threaded. By \ 
default, one thread will be used per core. Based on a patch by Dan Fabulich. \ 
(markt)
        fix	62603: Fix a potential race condition when development mode is \ 
disabled and background compilation checks are enabled. It was possible that \ 
some updates would not take effect and/or ClassNotFoundExceptions would occur. \ 
(markt)
        fix	Correct the JSP version in the X-PoweredBy HTTP header generated \ 
when the xpoweredBy option is enabled. (markt)
        fix	62662: Fix the corruption of web.xml output during JSP compilation \ 
caused by the fix for 53492. Patch provided by Bernhard Frauendienst. (markt)
        fix	Correct parsing of XML whitespace in TLD function signatures that \ 
incorrectly only looked for the space character. (markt)

    WebSocket

        fix	62596: Remove the limit on the size of the initial HTTP upgrade \ 
request used to establish the web socket connection. (markt)

    Web applications

        add	62558: Add Russian translations for the Manager and Host Manager web \ 
applications. Based on a patch by Ivan Krasnov. (markt)
        add	62561: Add advanced class loader configuration information regarding \ 
the use of the Server and Shared class loaders to the documentation web \ 
application. (markt)
        add	Expand the information in the documentation web application \ 
regarding the use of CATALINA_HOME and CATALINA_BASE. Patch provided by Marek \ 
Czernek. (markt)
        fix	62652: Make it clearer that the version of DBCP that is packaged in \ 
Tomcat 7.0.x is DBCP 1. (markt)
        add	62666: Expand internationalisation support in the Manager \ 
application to include the server status page and provide Russian translations \ 
in addition to English. Patch provided by Artem Chebykin. (markt)
        fix	62676: Expand the CORS filter documentation to make it clear that \ 
explicit configuration is required to enable support for cross-origin requests. \ 
(markt)

    Tribes

        fix	Ensures that the specified rxBufSize is correctly set to receiver \ 
buffer size. (kfujino)

    Other

        fix	Fixed spelling. Patch provided by Jimmy Casey via GitHub. (violetagg)
        fix	Correct various spelling errors throughout the source code and \ 
documentation. Patch provided by Kazuhiro Sera. (markt)
   2018-09-28 00:35:14 by Tobias Nygren | Files touched by this commit (1)
Log message:
apache-tomcat7: fix PLIST
   2018-07-26 00:03:30 by Zafer Aydogan | Files touched by this commit (2) | Package updated
Log message:
Update to 7.0.90

Changelog:
Tomcat 7.0.90 (violetagg)
Catalina
	fix	62498: Correct a regression in the fix for CVE-2017-12617 that caused \ 
request failures for some requests when using the VirtualDirContext. (markt)
	fix	Delete reference to removed class that prevented Tomcat from starting when \ 
running under a security manager. (markt)

Tomcat 7.0.89 (violetagg)	not released
Catalina
	fix	JNDI resources that are defined with injection targets but no value are now \ 
treated as if the resource is not defined. (markt)
	fix	Ensure that JNDI names used for <lookup-name> entries in web.xml and \ 
for lookup elements of @Resource annotations specify a name with an explicit \ 
java: namespace. (markt)
	add	51953: Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to \ 
allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges \ 
are defined using CIDR notation. Based on a patch by Francis Galiegue. (markt)
	fix	62343: Make CORS filter defaults more secure. This is the fix for \ 
CVE-2018-8014. (markt)
	fix	Make all loggers associated with Tomcat provided Filters non-static to \ 
ensure that log messages are not lost when a web application is reloaded. \ 
(markt)
	fix	Correct the manifest for the annotations-api.jar. The JAR implements the \ 
Common Annotations API 1.1 and the manifest should reflect that. (markt)
	fix	Switch to non-static loggers where there is a possibility of a logger \ 
becoming associated with a web application class loader causing log messages to \ 
be lost if the web application is stopped. (markt)
	add	62389: Add the IPv6 loopback address to the default internalProxies regular \ 
expression. Patch by Craig Andrews. (markt)
	fix	In the RemoteIpValve and RemoteIpFilter, correctly handle the case when the \ 
request passes through one or more trustedProxies but no internalProxies. Based \ 
on a patch by zhanhb. (markt)
	fix	Correct the logic in MBeanFactory.removeConnector() to ensure that the \ 
correct Connector is removed when there are multiple Connectors using different \ 
addresses but the same port. (markt)
	fix	Make JAASRealm mis-configuration more obvious by requiring the \ 
authenticated Subject to include at least one Principal of a type specified by \ 
userClassNames. (markt)
	fix	62476: Use GMT timezone for the value of Expires header as required by HTTP \ 
specification (RFC 7231, 7234). (kkolinko)
   2018-03-23 14:00:17 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 7.0.85

Changelog:
Tomcat 7.0.85 (violetagg)

    Catalina
        fix	Prevent a stack trace being written to standard out when running on \ 
Java 10 due to changes in the LogManager implementation. (markt)
        fix	Avoid duplicate load attempts if one has been made already. (remm)
        fix	Avoid NPE in ThreadLocalLeakPreventionListener if there is no \ 
Engine. (remm)
        fix	58143: Fix calling classloading transformers broken in 7.0.70 by the \ 
fix for 59619. This was observed when using Spring weaving. (rjung)
        fix	62000: When a JNDI reference cannot be resolved, ensure that the \ 
root cause exception is reported rather than swallowed. (markt)
        fix	62036: When caching an authenticated user Principal in the session \ 
when the web application is configured with the NonLoginAuthenticator, cache the \ 
internal Principal object rather than the user facing Principal object as Tomcat \ 
requires the internal object to correctly process later authorization checks. \ 
(markt)
        fix	62067: Correctly apply security constraints mapped to the context \ 
root using a URL pattern of "". (markt)
        fix	When using Tomcat embedded, only perform Authenticator configuration \ 
once during web application start. (markt)
        fix	Process all ServletSecurity annotations at web application start \ 
rather than at servlet load time to ensure constraints are applied consistently. \ 
(markt)
        fix	Minor optimization when calling class tranformers. (rjung)

    Web applications
        add	48672: Add documentation for the Host Manager web application. Patch \ 
provided by Marek Czernek. (markt)

    Other
        update	Update the NSIS Installer used to build the Windows installer to \ 
version 3.03. (kkolinko)
   2018-02-01 00:27:43 by Zafer Aydogan | Files touched by this commit (3) | Package updated
Log message:
Update to 7.0.84

Notable changes:
 - Use a loop to preload anonymous inner classes when running under a \ 
SecurityManager, to be safe for future changes in the code or using a different \ 
compiler. (kkolinko)
 -  Implement a small optimisation to how JAR URLs are processed to reduce the \ 
storage of duplicate String objects in memory. Patch provided by Dmitri Blinov. \ 
(markt)

Full changelog:
 https://tomcat.apache.org/tomcat-7.0-doc/changelog.html