The Apache Tomcat Servlet/JSP Container

Apache Tomcat 6.0

Apache Logo

Apache Tomcat 6.0

Changelog

Tomcat 6.0.18 (remm)
Cataina
fix42727Correctly handle request lines that are exact multiples of 4096 in length. Patch provided by Will Pugh.
fix 42678: Only ignore docBase it it really is a subdir of appBase. Patch provided by juergen. (markt)
fix 42722: Possible NPE in CGI Servlet. (markt)
update 45285: Look for annotations in class hierarchy. (markt)
fix Add additional checks for URI normalization. (remm)
Jasper
fix 42565: Make EL ternary expression without space before colon work. Patch provided by Lucas Galfaso. (markt)
Webapps
update 45323: Add note that context.xml files can only contain a single Context element. (markt)
Cluster
update 45317: Properly document and log the value of the state transfer timeout flag (fhanik)
Other
update 45332: Specify the correct encoding (the current Windows code page) rather than assuming UTF-8 when creating tomcat-users.xml with the Windows installer. (markt)
Tomcat 6.0.17 (remm)
General
update 45315: Add Unix support for NSIS. (remm)
Catalina
fix45272Put in work around for Internet Explorer not accepting a quoted Path: value using the Set-Cookie header (fhanik)
fix APR connector now adds connection to poller after using send file. (remm)
update Add ManagerBase session getLastAccessedTimestamp and getCreationTimestamp for better remote JMX access. (pero)
update Expose alwaysSend flag for message dispatch interceptor. (fhanik)
fix 29936: Create digesters and parsers earlier so we aren't using the webapp class loader when we create them. (markt)
fix 42662: Properly resolve reflection proxies during session replication. (fhanik)
fix 42750: Request line should be tolerant of multiple whitespaces. (markt/fhanik)
fix 42934: Change the order of events on context start so contextInitialized() event is fired before sessionDidActivate(). The spec isn't 100% clear on the required order but this seems more logical than the current behaviour. (markt)
fix 43079: Fix identification of suspicious URL patterns. Patch provided by John Kew. (markt)
fix 43080: Log suspicious URL patterns to the correct web app. (markt)
fix 43117: Setting an empty workDir could result in all of CATALINA_HOME being deleted. Patch provided by Takayuki Kaneko. (markt)
fix 43142: Don't assume a directory named xxx.war is a war file. (markt)
fix 43150: Allow Tomcat to start correctly when installed on a path that contains a # character. (markt)
add The fix for 43285 had the side-effct of coercing null values to zero. This side-effect has been made configurable with a system property, org.apache.el.parser.COERCE_TO_ZERO which defaults to true. Patch provided by Nils Eckert. (markt)
fix 43343: Correctly handle requesting a session we are in the middle of persisting. Based on a suggestion by Wade Chandler. (markt)
fix 43425: Make annotations spec compliant. Patch provided by Dain Sundstrom. (markt)
fix 43470: Fix various class cast exceptions. Based on a patch by Lucas Galfaso. (markt)
fix 43578: Fix startup when installation path contains a space. Patch provided by Ray Sauers. (markt)
fix 43683: Fix 404 that could occur if a Servlet is accessed while the context is reloading. (markt)
fixExtendedAccessLogValve cs-uri not print empty querystring. (pero)
update ServletContext.getResource("noslash/resource") only requires forward slash if STRICT_SERVLET_COMPLIANCE flag is set to true. This mimics the behavior of 6.0.15 and earlier. (fhanik)
fix 44021: Add support for using the # character to define multi-level contexts in WARs and directories in the appBase. (markt)
fix 44282: Fix TRACE level class loader logging message when a security manager is used. (markt)
fix 44337: Dir listing crashes if no readme-file present. (funkman)
fix If listener declared in web.xml, only add it once. (funkman)
fix Fix NPE when iterating through sessions for expiration. (fhanik/jim)
fix 44380: Don't scan non-file URLs for TLDs. Patch provided by Florent Benoit. (markt)
fix 44389: Fix memory leak that occurred if using a RequestDispatcher. Patch provided by Arto Huusko. (markt)
fix 44529: Correct handling of resource constraints so no roles (deny all) overrides no aoth-constraint (allow all). (markt)
fix 44562: HEAD requests cannot use includes. Patch provided by David Jencks. (markt)
fix 44595: Add possibility to request the QueueSize of an executor via JMX. (jfclere)
fix Fix CGI Servlet so it correctly reads the environment variables on Vista. (markt)
fix 44611: DirContextURLConnection didn't implement getHeaderFields(), getHeaderField(String name) was case sensitive and returned "" rather than null for header values that did not exist. Patch provided by Chris Hubick. (markt)
fix 44633: Provide a more helpful error message if a class can't be loaded due to a version error. (rjung/markt)
fix 44646: Correct various issues, including an ISE, in CometConnectionManagerValve. (markt)
fix 44673: ServletInputStream is no longer readable once closed. (markt)
fix Better handling of lack of permission for context specific logging. (markt)
fix Add permission required to read JDK logging config. (markt)
fix Update web.xml to reflect packaging of SSI and CGI. (markt)
fix Add missing access check for ThreadWithAttributes. (markt)
fix 44833: Correctly override StandardSession methods from DeltaSession. (fhanik)
fix 44943: Use the same engine name in server.xml comments to reduce copy and pastes issues. (markt)
fix 44988: Use Java5 syntax for debug options. Patch provided by Cedrik Lime. (markt)
fix 45101: Format header dates obtained from DirContextURLConnection as per the HTTP spec. Patch provided by Chris Hubick. (markt)
add A new valve, org.apache.catalina.valves.WebdavFixValve, that forces MS clients connecting to the WebDAV Servlet on port 80 to use a client that works rather than the default broken one. (markt)
fix 45195: Passing in null into setAttribute or removeAttribute cause NPE. (markt)
Coyote
update NIO: Fix bug in NIO sendfile, symptoms during heavy traffic is that connection don't get closed. For previous versions, one can disable sendfile to work around the problem. (fhanik)
update APR: Allow to specify the "random device" to use to collect the entropy. (jfclere)
update Fix NIO/SSL live lock during client disconnect. (fhanik)
fix Fix possible ArrayIndexOutOfBoundsException. Patch provided by Charles R Caldarale. (markt/jim)
update Add support for keystore types that do not need a file. Based on a patch by Bruno Harbulot. (markt)
update 43094: Allow specification of keystore providers. Based on a patch by Bruno Harbulot. (markt)
fix 43191: Make it possible to override the defaults with the compressableMimeType attribute. Based on a patch by Len Popp. (markt)
fix 44391: Correct handling of escaped values in SSI processing. (markt)
fix 44392: HTML entities now handled correctly in SSI processing. (markt)
fix 44558: Improve error message so address is included if binding fails. (markt)
fix 44494: Character input limited to 8KB. (remm)
fix 44620: Infinite loop in NIO connector. (markt)
fix 44785: Correctly document default maxThreads for AJP connector. (markt)
update Log errors for AJP signoffs at DEBUG level, since it is harmless if mod_jk has hung up the phone. (billbarker)
fix 44968: Provide more information when the load of a keystore fails. (markt)
Jasper
fix 31257: Quote endorsed dirs if they contain a space. (markt)
fix 42943: Make sure nested element is inside <jsp:text> element before throwing exception. (markt)
fix 43617: Correctly escape attribute values in tag files. Based on a patch by Lucas Galfaso. (markt)
fix 43656: Fix various numeric coercion bugs. Includes a patch by Nils Eckert and fixes related issues identified in a test case provided by Konstantin Kolinko. (markt)
fix 43741: Correctly handle dependencies for tag files in JARs. (markt)
fix 44408: Reduce synchronisation when evaluating EL expressions. Patch provided by Robert Andersson. (markt)
fix 44428: Fix possible NPE during serialization. (markt)
fix 44766: EL doesn't coerce custom Number subclasses. (markt)
fix 44877: Prevent collisions on tag pool names. (markt)
fix 44986: Make page encoding consistency checks case-insensitive. (markt)
fix 44994: Enable nested conditional expressions in JSP EL. Patch provided by James Manger. (markt)
fix 45015: You can't use an unescaped quote if you quote the value with that character. (markt/fhanik)
add Add HTML filtering of error messages for included resources in case the app has tried to include an unsafe URL that does not exist. This is really an app responsibility but the filtering has been added for XSS safety. (markt)
Webapps
update Update documentation to use correct version number, correct file paths and to use $CATALINA_BASE rather than $CATALINA_HOME where applicable. (markt/jim)
add Add a section on available system property configuration options. (markt)
fix Amend the JNDI datasource doc to reflect new value for no limit used by updated commons-pool and commons-DBCP. (markt)
fix 43333: Fix errors in sendfile documentation. (markt)
fix 43366: Provide backwards compatibility for manager sessions command. (markt)
fix 44541: Document packetSize attribute for AJP connector. (markt)
fix 44715: Document secret attribute for AJP connector. (markt)
fix Fix some links in the ROOT application that are broken if ROOT is renamed. (markt)
fix Align the Realm documentation so that both the configuration and the how-to are consistent. (markt)
fix 45277: Fix typo in logging docs. (markt)
Cluster
fix 45212: AbstractReplicatedMap.entrySet() now returns entries rather than vaules. (markt)
fix45279Properly close multicast socket.
update Fix session replication dead lock during non sticky load balancing. (fhanik)
Other
add Improve the Tests for unit tests for the cookie issues. (jfclere)
fix Fix build for JavaDoc. Patch provided by Stephen Bannasch. (markt)
fix 44955: Use correct location for endorsed directory in Windows installer. (markt)
Tomcat 6.0.16 (remm)
General
update Update commons-logging to version 1.1.1 and the NSIS installer to 2.34. (markt)
update Update to commons-pool version 1.4, native version 1.1.12 and update the download location for the commons libraries. (markt)
update Change chunked input parsing, always parse CRLF directly after a chunk has been received, except if data is not available. If data is not available for CRLF parsing, we run into BZ 11117, and must defer the parsing of CRLF to the next read event. This fixes the incorrect blocking when using CometProcessor and the draining data during the READ event where it before would block incorrectly waiting for the next chunk (fhanik)
update The CometProcessor interface now extends the javax.servlet.Servlet interface(fhanik)
fix Fix CVE-2007-5342 by limiting permissions granted to JULI. (markt)
update Fix handling of CometEvent.close when called during BEGIN event (fhanik)
fix 43594: Use setenv from CATALINA_BASE (if set) in preference to the one in CATALINA_HOME. Patch provided by Shaddy Baddah. (markt/jim)
fix 43692: Clean up unused entires from build scripts. Patch provided by Paul Shemansky. (markt)
fix 43775: Don't try to change line endings of binary files in the source distribution. (markt)
fix43846: Fix block simulated read and writes causing timeouts. Add non blocking parsing of HTTP request headers. Perf improvements(fhanik)
fix 43957: Service.bat doesn't configure logging correctly. Patch provided by Richard Fearn. (markt/jim)
update Cookie handling/parsing changes! The following behavior has been changed with regards to Tomcat's cookie handling a) Cookies containing control characters, except 0x09(HT), are rejected using an InvalidArgumentException
b) If cookies are not quoted, they will be quoted if they contain tspecials(ver0), tspecials2(ver1) characters
c) Escape character '\\' is allowed and respected as a escape character, will be unescaped during parsing
fix Cookie parsing of $Version regression from 6.0.15 has been fixed
fix The script that builds the windows installer was including additional files due to the way it processes recurrsive file selectors. The selectors have been modified to only include the intended files. (markt)
Catalina
fix Fix ManagerServlet.expireSessions throws Exceptions as iterate longer session lists at production servers. (pero)
fix38131: WatchedResource doesn't work if app is outside host appbase webapps. Patch provided by Peter Lynch (pero)
updateAdd -Dorg.apache.catalina.tribes.dns_lookups=false as default. The ability to turn off reverse DNS lookups for membership.(fhanik)
fix Set correct StandardManager.sessionCounter after reload/restart. (pero)
fix 42503: ServletContext.getResourceAsStream() could return stale data. Patch provided by Arvind Srinivasan. (funkman/jim)
fix 43236: When resetting the response, also reset the flags associated with using a writer or an output stream to allow the user to change character set after the reset. (markt)
fix 43241: Make ServletContext.getResourceAsStream() conform to the specification. Patch provided by John Kew. (markt)
fix 43530 : doc link fixes provided by Paul Shemansky (funkman)
fix 43675: Fix a possible logging related classloader leak. (markt)
fix43687 Remove conditional headers on Form Auth replay, since the UA (esp. FireFox) isn't expecting it.
fix 43706: WebDAV copy/move now returns 201 on success. Based on a patch by Panagiotis Astithas. (markt)
fix 43840: Include user principal if possible when serializing / de-serializing sessions. (markt)
fix 43868: MBean methods getInvoke and getSetter were broken. (markt)
fix 43887: Make error messages much more helpful when illegal Servlet names are used. Based on a patch provided by Mike Baranczak. (markt)
fix Fix a bug that causes CGI Servlet to fail when it is included. (markt)
update Improve the webDAV Servlet Javadocs to make clear that the WebDAV Servlet can not be used as the default servlet. (markt)
fix 43993: mime mapping for WS-Policy. Patch by Fabian Ritzmann (funkman)
fix 44041: Fix duplicate class definition under load. (markt)
fix 44084: JASSRealm was broken for application provided Principals. Patch provided by Noah Levitt. (markt)
fix 44223: Use the javax.net.ssl.trustStoreType setting if no explicit connector configuration is provided and the property is set. (markt/jim)
update 44268: Log a warning if a duplicate listener configuration is ignored. (markt/jim)
Coyote
fix 43622: Don't overwrite the min compression size set by the compression attribute with the default. (markt/jim)
fix 43839: URL based session tracking failed when a session cookie from a parent context was present. Based on a patch by Yuan Qingyun. (markt)
fix 43914: URLs in location headers should be encoded. Patch provided by Ivan Todoroski. (markt)
Jasper
fix 43285: Missing EL Coercion causes argument type mismatch. Patch provided by Bernhard Huemer. (funkman/jim)
fix 43675: Fix a possible logging related classloader leak. (markt)
fix 43702: Inner class files have unnecessarily long names. (markt)
fix 43743: Fix NPE when compiling nest tag files packaged in a JAR. (markt)
fix 43757: Rather than use string matching to work out the line in the JSP with the error, use the SMAP info and the knowledge that for a scriptlet there is a one to one line mapping. (markt/jim)
fix 43758: Fix NPE when scripting elements are empty. (markt)
fix 43909: Make sure locale maps to wrapped ELContext. Patch provided by Tuomas Kiviaho. (markt)
fix 43944: Fix a missing resource exception. (markt)
fix Improve docs for Jasper configuration. Put options in alphabetcial order, add some missing options, deprecate an unused one and address feedback about the page provided on the users list.
Webapps
fix 43173: Fix typo in logging documentation regarding location of logging.properties. (markt)
fix 43344: Fix typo in if.jsp example. Patch provided by Tim Nowaczyk. (markt)
fix 43468: Fix possible NPE when listing contexts in the Manager application. (markt)
fix 43515: Fix bug in Manager application that may have caused problems when listing contexts. Patch provided by Lucas Galfaso. (markt)
fix 43611: Provide an error message if user tries to upload a war for a context defined in server.xml rather than failing silently. (markt/jim)
fix 43800: Make relationship between APR and the native connector clearer. (markt)
fix 44088: Fix expire session button in manager. (markt)
fix 44094: Add a note about the side effects of configuring a context as privileged. (markt)
update Update JNDI documentation to refer to configuring contexts via context.xml rather than server.xml. (markt/jim)
Cluster
fix Fix FarmWarDeployer can be only configured as host subelement (pero)
fix Fix wrong && at ReplicationValve (pero)
update Add get/set methods for properties in the Tcp Failure detector. (fhanik/jim)
Tomcat 6.0.15 (remm)
General
updateFix the MD5 file contents in distribution
update Add ANT script to be able to publish signed Tomcat JAR's to ASF Maven repo (fhanik)
update Use Eclipse JDT 3.3.1. (pero)
Catalina
updateGuess java location from the PATH environment and improve fix for 37284
updateAdd NIO connector to server.xml parsing warning, remove Connector as exception case
fix43653: Fix SSL buffer mixup when response is unable to write more than socket buffer can handle
fix43643: If connector doesn't support external executor, display warning
fix43641: Property bind multicast address for cluster membership
fix42693: Fix JSP compiler bug
updateAdd mbean descriptor for virtual webapp loader
fix43487: Fix request processing stats
fix 43435: Don't iterate and relocate sessions if they are not part of the map.
fix 43356: Keystore parameter is relative to CATALINA_BASE, Truststore is either defined as parameter, javax.net.ssl.trustStore or if empty defaults to the keystore. SSL Client cert authentication changed from boolean to "true|false|want" (fhanik)
fix 30949: Improve previous fix. Ensure requests are re-cycled on cross-context includes and forwards when an exception occurs in the target page. (markt)
fix 42944: Correctly handle servlet mappings that use a '+' character as part of the url pattern. (markt)
fix 42951: Don't use CATALINA_OPTS when stopping Tomcat. This allows options for starting and stopping to be set on JAVA_OPTS and options for starting only to be set on CATALINA_OPTS. Without this fix, some startup options (eg the port for remote JMX) would cause stop to fail. Based on a fix suggested by Michael Vorburger. Port of r454193 (36976) from Tomcat 5.5.x. (markt,rjung)
add Validation of attributes and elements used in server.xml. (remm)
fix 43175: Fix typos in servlet XSD files. Patch provided by Takayuki Kaneko. (markt)
fix 43216: Set correct StandardSession#accessCount as StandardSession.ACTIVITY_CHECK is true. Patch provided by Takayuki Kaneko (pero)
add Made session createTime accessible for all SessionManager via JMX (pero)
update 43129: Support logging of all response header values at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero)
add Support logging of all response header values at ExtendedAccessLogValve (ex. add x-O(Set-Cookie) to your pattern). (pero)
add Support logging of current thread name at AccessLogValve (ex. add %I to your pattern). Usefull to compare access logging entry later with a stacktraces. (pero)
fix Improve large-file support (more then 4 Gb) at all AccessLogValves, backport from 5.5.25. (pero)
update Optimized JDBCAccessLogValve combined pattern request attribute access. (pero)
fix o.a.juli.ClassLoaderLogManager handle more then one system property replacement at file logging.properties. (pero)
fix 43338: Support '*' servlet-name mapping at filter-mapping. Patch provided by Keiichi Fujino. (pero)
fix 41797: CNFE/NPE thrown from function mapper when externalizing Patch by Tuomas Kiviaho- tuomas.kiviahos at ikis fi (funkman)
fix 43453: ClassCastException at org.apache.catalina.core.StandardContext.findStatusPage(int) (funkman)
fix Fix important vulnerability when webdav is enabled for write. (markt)
fix Call stopAwait in StandardServer.stop if port == -1. (pero)
fix 43668 Fix NPE when the outer most wrapper is a ServletRequest/ResponseWrapper, but not a HttpServletRequest/ResponseWrapper on a Forward. (billbarker)
Coyote
fix Harmonize with HTTP java.io code. Otherwise the socket is not closed.
fix In the APR connector, start accepting connections after fully starting the connector, to prevent possible exceptions due to non initialized fields. (remm)
update Cookie parser refactoring, submitted by John Kew. (remm)
fix Make cookie escaping / unescaping consistent. (markt)
fix 43479: Memory leak cleaning up sendfile connections, submitted by Chris Elving. (remm)
fix 42925: Add maintain for sendfile. (remm)
fix Fix explicit flush before response commit in the org.apache.jk AJP connector. (pero)
fix 43621 Fix possible Dos condition when using the experimental NIO/AJP Connector (billbarker)
Jasper
fix 37326: No error reported when an included page does not exist. (markt)
Webapps
fix Fix WebDAV Servlet so it works correctly with MS clients. (markt)
fix Fix CVE-2007-5461, an important information disclosure vulnerability in the WebDAV Servlet. Based on a patch by Marc Schoenefeld. (markt)
fix 42979: Update sample.war to include recent security fixes in the source code. (markt)
fix Minor connector doc fix. (jfclere)
Cluster
fix Set correct BioReceiver transfer buffer size. (pero)
Other
add Tests for unit tests for the cookie issues. (jfclere)
Tomcat 6.0.14 (remm)
General
docs Correct j.u.l log levels in JULI docs. (rjung)
Catalina
fix Handle special case of ROOT when re-loading webapp after ROOT.xml has been modified. In some circumstances the reloaded ROOT webapp had no associated resources. (markt)
fix Remove invalid attribute "encoding" of MBean MemoryUserDatabase, which lead to errors in the manager webapp JMXProxy output. (rjung)
fix 33774 Retry JNDI authentiction on ServiceUnavailableException as at least one provider throws this after an idle connection has been closed. (markt)
fix 39875: Fix BPE in RealmBase.init(). Port of yoavs's fix from Tomcat 5. (markt)
fix 41722: Make the role-link element optional (as required by the spec) when using a security-role-ref element. (markt)
fix 42361: Handle multi-part forms when saving requests during FORM authentication process. Patch provided by Peter Runge. (markt)
fix 42401: Update RUNNING.txt with better JRE/JDK information. (markt)
fix 42444: prevent NPE for AccessLogValve Patch provided by Nils Hammar (funkman)
fix 42449: JNDIRealm does not catch NullPointerException for Sun's LDAP provider (See bug for details) (funkman)
fix 42497: Ensure ETag header is present in a 304 response. Patch provided by Len Popp. (markt)
fix Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host Manager. Reported by Daiki Fukumori. (markt)
fix 42547: Fix NPE when a ResourceLink in context.xml tries to override an env-entry in web.xml. (markt)
fix Avoid some casting in ErrorReportValve (remm)
fix Fix persistence API annotation, submitted by Bill Burke (remm)
fix In Comet mode, if bytes are not read, send an error event (otherwise, fields referring to the connection could remain) (remm)
fix Fix Comet when running Tomcat with the security manager (remm)
Jasper
fix 39425 Add additional system property permission to catalina.policy for pre-compiled JSPs. (markt)
fix 42438 Duplicate temporary variables were created when jsp:attribute was used in conjunction with custom tags. Patch provided by Brian Lenz. (markt)
fix 42643 Prevent creation of duplicate JSP function mapper variables. (markt)
Coyote
fix Separate sequence increment from getter in ThreadPool to avoid misleading increments during monitoring via JMX. (rjung)
fix Add back missing socketBuffer attribute in the java.io HTTP connector (remm)
Webapps
fix Don't write error on System.out, use log() instead. (rjung)
fix 39813: Correct handling of new line characters in JMX attributes. Patch provided by R Bramley. Ported from tc5.5.x r415029. (markt,rjung)
fix 42459: Fix Tomcat Web Application Manager table error. (rjung)
fix Fix XSS security vulnerabilities (CVE-2007-2449) in the examples. Reported by Toshiharu Sugiyama. (markt)
Tomcat 6.0.13 (remm)
Catalina
fix More accurate available() method. (remm)
fix Add recycle check in the event object, since it is a facade like the others. (remm)
fix When processing a read event, enforce that the servlet consumes all available bytes. (remm)
update Add a flag in ContainerBase which could be used in embedded scenarios to avoid a double start of contexts (this problem generally occurs when adding contexts to a started host). (remm)
fix 42309: Ability to create a connector using a custom protocol specification for embedded. (fhanik)
fix Add SSL engine flag to AprLifecycleListener. (fhanik)
fix Improve event processing, so that an END event is generated when encountering EOF, and an ERROR is always generated on client disconnects. (remm)
fix Add declarations for the new XSD files. (remm)
Coyote
fix Add heartbeatBackgroundEnabled flag to SimpleTcpCluster. Enable this flag don't forget to disable the channel heartbeat thread (pero)
fix Possible memory leak when using comet, caused by adding the socket to the poller before cleaning up the connection tracking structure. (remm)
fix 42308: nextRequest recycles the request, which caused issues with statistics. (remm)
fix Fix non recycled comet flag in the APR connector. (remm)
Cluster
fix Add heartbeatBackgroundEnabled flag to SimpleTcpCluster. Enable this flag don't forget to disable the channel heartbeat thread (pero)
fix Method name cleanup. (fhanik)
Webapps
fix Some examples webapp fixes. Submitted by Frank McCown. (remm)
Tomcat 6.0.12 (remm)
General
fix License source headers. Submitted by Niall Pemberton. (remm)
Catalina
fix 42039 Log a stack trace if a servlet throws an UnavailableException. Patch provided by Kawasima Kazuh. (markt)
fix 41990 Add some additional mime-type mappings. (markt)
fix 41655 Fix message translations. Japanese translations provided by Suzuki Yuichiro. (markt)
add Add enabled attribute to AccessLogValve (pero)
fix 42085: Avoid adding handlers for the root logger twice when they are explicitly specified. (remm)
fix Reduce thread local manipulation in the request dispatcher. Submitted by Arvind Srinivasan. (remm)
fix Avoid keeping references to loggers tied to the webapp classloaders after a reload in a couple more places. (remm)
fix 42202: Fix container parsing of TLDs in webapps when Tomcat is installed in a URL encodable path. (remm)
Coyote
fix 42119 Fix return value for request.getCharacterEncoding() when Content-Type headers contain parameters other than charset. Patch by Leigh L Klotz Jr. (markt)
update Move away from using a thread local processor for the APR and java.io connectors, as this does not work well when using an executor. (remm)
fix Remove Comet timeout hack in the APR connector. Comet connections will now use the regular timeout or the keepalive timeout if specified. (remm)
Webapps
fix 42025: Update valve documentation to refer to correct regular expression implementation. (markt)
fix Fix various paths in the manager webapps (remm)
add Session viewer and editor for the HTML manager. Submitted by Cédrik Lime. (remm)
add Session handling tools for the manager. Submitted by Rainer Jung. (remm)
Jasper
fix 41869 TagData.getAttribute() should return TagData.REQUEST_TIME_VALUE when the attribute value is an EL expression. (markt)
fix 42071 Fix IllegalStateException on multiple requests to an unavailable JSP. Patch provided by Kawasima Kazuh. (markt)
fix After a JSP throws an UnavailableException allow it to be accessed once the unavailable period has expired. (markt)
Cluster
fix Add toString method to better logging session replication message at tribes MESSAGES (pero)
Tomcat 6.0.11 (remm)
General
update Update DBCP to 1.2.2, pool to 1.3, JDT to 3.2.2 and remove collections build dependency (pero, remm)
Catalina
fix Don't log pattern subtoken at ExtendedAccesLogValve (pero)
fix Add some missing JMX attributes for new AccessLogValve (pero)
fix 41786 Incorrect reference to catalina_home in catalina.sh/bat Patch provided by Mike Hanafey (fhanik)
fix 41703 SingleSignOnMessage invalid setter, patch provided by Nils Hammar (fhanik)
fix 41682 ClassCastException when logging is turned on (fhanik)
fix 41530 Don't log error messages when connector is stopped (fhanik)
fix 41166 Invalid handling when using replicated context (fhanik)
add Added SENDFILE support for the NIO connector. (fhanik)
add Added support for shared thread pools by adding in the <Executor> element as a nested element to the <Service> element. (fhanik)
fix 41666 Correct handling of boundary conditions for If-Unmodified-Since and If-Modified-Since headers. Patch provided by Suzuki Yuichiro. (markt)
fix 41739 Correct handling of servlets with a load-on-startup value of zero. These are now the first servlets to be started. (markt)
fix 41747 Correct example ant script for deploy task. (markt)
fix 41752 Correct error message on exception in MemoryRealm. (markt)
update 39883 Add documentation warning about using antiResourceLocking on a webapp outside the Host's appBase. (yoavs)
fix 40150 Ensure user and roll classnames are validated on startup. Patch by Tom. (yoavs)
update Refactor extend access log valve using the optimized access log valve. Submitted by Takayuki Kaneko. (remm)
fix Possible deadlock in classloading when defining packages. (remm)
fix Remove excessive syncing from listener support. (remm)
add Web services support. The actual factory implementations are implemented in the extras. Submitted by Fabien Carrion. (remm)
update Add logging to display APR capabilities on the platform. (remm)
fix Expose executors in JMX. (remm)
fix CRLF inside a URL pattern is always invalid. (remm)
fix Tweak startup time display. (remm)
fix Adjustments to handling exceptions with Comet. (remm)
fix If the event is closed asynchronously, generate an end event for cleanup on the next event. (remm)
fix Cleanup hello webapp from the docs and fix a XSS issue in the JSP. (remm)
fix Examples webapp cleanup. Submitted by Takayuki Kaneko and Markus Schönhaber. (remm)
fix 41289: Create configBase, since it is no longer created elsewhere. Submitted by Shiva Kumar H R. (remm)
Coyote
update Fixed NIO memory leak caused by the NioChannel cache not working properly.
update Added flag to enable/disable the usage of the pollers selector instead of a Selector pool when the serviet is reading/writing from the input/output streams The flag is -Dorg.apache.tomcat.util.net.NioSelectorShared=true
fix Requests with multiple content-length headers are now rejected. (markt)
add 41675 Add a couple of DEBUG-level logging statements to Http11Processors when sending error responses. Patch by Ralf Hauser. (yoavs)
fix Reuse digester used by the modeler. (remm)
update When the platform does not support deferred accept, put accepted sockets in the poller. (remm)
fix Fix problem with blocking reads for keepalive when using an executor (the number of busy threads is always 0). (remm)
update The poller now has good performance, so remove firstReadTimeout. (remm)
fix 42119 Fix return value for request.getCharacterEncoding() when Content-Type headers contain parameters other than charset. Patch by Leigh L Klotz Jr. (markt)
Webapps
fix Fix previous update to servlet 2.5 xsd to use correct declaration. (markt)
update Update host configuration document for new behaviour for directories in appBase. (markt)
update 39540 Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
Jasper
fix 41227 Add a bit of DEBUG-level logging to JspC so users know which file is being compiled. (yoavs)
update Remove some dead utility code, and refactor stream capture as part of the Ant compiler. (remm)
fix Support the trim directive of JSP 2.1 as an equivalent of Jasper's own parameter. (remm)
fix 41790: Close file stream used to read the Java source. (remm)
fix Fix reporting of errors which do not correspond to a portion of the JSP source. (remm)
fix Remove try/catch usage for annotation processing in classic tags. The usage of the log method might have been questionable as well. (remm)
fix Cleanup of the message that is displayed for compilation errors. (remm)
fix Skip BOM when reading a JSP file. (remm)
Tomcat 6.0.10 (remm)
Catalina
update Unify usage of security manager flag, submitted by Arvind Srinivasan. (remm)
fix Fix formatting of CGI variable SCRIPT_NAME. (markt)
fix 41521: Support * for servlet-name, submitted by Paul McMahan. (remm)
update Cache getServletContext value, submitted by Arvind Srinivasan. (remm)
fix Add options for handling special URL characters in paths, and disallow '\' and encoded '/' due to possible differences in behavior between Tomcat and a front end webserver. (remm)
fix Fix bad comparison for FORM processing, submitted by Anil Saldhana. (remm)
fix 41608 Make log levels consistent when Servlet.service() throws an exception. (markt)
Coyote
fix Reduce usage of MessageBytes.getLength(), submitted by Arvind Srinivasan. (remm)
Jasper
fix 41558: Don't call synced method on every request, submitted by Arvind Srinivasan. (remm)
fix Switch to a thread local page context pool. (remm)
Tomcat 6.0.9 (remm)
General
fix Use 2.5 xsd in Tomcat webapps. (markt)
fix Compression filter improvements, submitted by Eric Hedström. (markt)
Catalina
fix Properly return connector names. (remm)
fix Remove logging of the XML validation flag. (remm)
fix Correct error messages for context.xml. (markt)
fix 41217: Set secure flag correctly on SSO cookie, submitted by Chris Halstead. (markt)
fix 40524: request.getAuthType() now returns CLIENT_CERT rather than CLIENT-CERT. (markt)
fix 40526: Return support for JPDA_OPTS to catalina.bat and add a new option JPDA_SUSPEND, submitted by by Kurt Roy. (markt)
fix 41265: In embedded, remove the code that resets checkInterval values of zero to 300. (markt)
Coyote
fix 37869: Fix getting client certificate, submitted by Christophe Pierret. (remm)
fix 40960: Throw a timeout exception when getting a timeout rather than a generic IOE, submitted by Christophe Pierret. (remm)
Jasper
fix EL validation fixes for attributes. (remm)
fix 41327: Show full URI for a 404. (markt)
fix JspException now uses getCause() as the result for getRootCause(). (markt)
Cluster
fix 41466: When using the NioChannel and SecureNioChannel its important to use the channels buffers. (fhanik)
Tomcat 6.0.8 (remm)
Catalina
fix Make provided instances of RequestDispatcher thread safe. (markt)
add Optional development oriented loader implementation. (funkman)
add Optimized access log valve, submitted by Takayuki Kaneko. (remm)
fix Fix error messages when parsing context.xml that incorrectly referred to web.xml. (markt)
fix 41217: Set secure attribute on SSO cookie when cookie is created during a secure request. Patch provided by Chris Halstead. (markt)
fix 40524: HttpServletRequest.getAuthType() now returns CLIENT_CERT rather than CLIENT-CERT for certificate authentication as per the spec. Note that web.xml continues to use CLIENT-CERT to specify the certificate authentication should be used. (markt)
fix 41401: Add support for JPDA_OPTS to catalina.bat and add a JPDA_SUSPEND environment variable to both startup scripts. Patch provided by Kurt Roy. (markt)
Coyote
fix Use the tomcat-native-1.1.10 as recommended version. OpenSSL detection on some platforms was broken 1.1.8 will continue to work, although on some platforms there can be JVM crash if IPV6 is enabled and platform doesn't support IPV4 mapped addresses on IPV6 sockets.
Jasper
fix When displaying JSP source after an exception, handle included files. (markt)
fix Display the JSP source when a compilation error occurs and display the correct line number rather than start of a scriptlet block. (markt)
fix Fix NPE when processing dynamic attributes. (remm)
fix More accurate EL usage validation. (remm)
fix Fix regression for implicit taglib and page data version numbers. (remm)
fix 41265: Allow JspServlet checkInterval init parameter to be explicitly set to the stated default value of zero by removing the code that resets it to 300 if explicitly specified as zero. (markt)
fix 41327: Show full URI for a 404. Patch provided by Vijay. (markt)
Webapps
docs Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)
update Update all webapps to use the servlet 2.5 xsd. (markt)
fix 39572: Improvements to CompressionFilter example provided by Eric Hedström. (markt)
Tomcat 6.0.7 (remm)
General
fix Fix installer's bitmap (mturk)
Catalina
fix Refactor logging of errors which may occur when reading a post body (remm)
Coyote
fix 37869: Also use the SSL_INFO_CLIENT_CERT field if the chain is empty, submitted by Grzegorz Grzybek (remm)
Tomcat 6.0.6 (remm)
General
fix Fix tagging which did not include 6.0.5's changelog (remm)
Tomcat 6.0.5 (remm)
Catalina
fix 40585: Fix parameterised constructor for o.a.juli.FileHandler so parameters have an effect. (markt)
fix Escape invalid characters from request.getLocale. (markt, remm)
update Update required version for native to 1.1.8. (remm)
fix Do not log broken pipe errors which can occur when flushing the content of an error page. (remm)
Coyote
fix Fix firstReadTimeout behavior for the AJP connector. (remm)
Jasper
fix 41057: Make jsp:plugin output XHTML compliant. (markt)
Cluster
update Cluster interface cleanup. (fhanik)
update Refactoring to allow usage of executors. (fhanik)
Tomcat 6.0.4 (remm)
General
update Update to NSIS 2.22 (remm)
fix Fix regression in 6.0.3 with Windows wrapper (mturk)
Tomcat 6.0.3 (remm)
General
Catalina
fix 37509: Do not remove whitespace from the end of values defined in logging.properties files. (markt)
fix 38198: Add reference to Context documentation from Host documentation that explains how Context name is obtained from the Context filename. (markt)
fix 40844 Missing syncs in JDBCRealm. (markt)
fix 40901: Encode directory listing output. Based on a patch provided by Chris Halstead. (markt)
fix 40929: Correct JavaDoc for StandardClassLoader. (markt)
fix 41008: Allow POST to be used for indexed queries with CGI Servlet. Patch provided by Chris Halstead. (markt)
fix Fix usage of print on the servlet output stream if the processor never used a writer (fhanik)
fix Fix logic of sameSameObjects used to determine correct wrapping of request and response objects (fhanik)
fix Update TLD scan lists, and disable caching for now (remm)
update Add system property to WebappClassLoader to allow disabling setting references to null when stopping it (remm)
add Add clustered SSO code, submitted by Fabien Carrion (remm)
Coyote
fix 40860: Log exceptions and other problems during parameter processing. (markt)
update Enable JMX for trust store attributes for SSL connector. (markt)
update Port memory usage reduction changes to the java.io HTTP connector. (remm)
fix MessageBytes.setString(null) will remove the String value. (remm)
fix 41057: Caching large strings is not useful and takes too much memory, so don't cache these (remm)
update Add keepAliveTimeout attribute to most connectors (mturk, remm)
Jasper
fix Relax EL type validation for litterals. (remm)
fix Update some version numbers to 2.1. (funkman, remm)
fix Add xsds for JSP 2.1 (remm)
fix 41106: Update validation checks for EL to also include legacy 1.2 tags (remm)
Webapps
fix 40677: Update SSL documentation to indicate that PKCS11 keystores may be used. (markt)
Tomcat 6.0.2 (remm)
General
fix Various tweaks to distribution (remm, funkman)
update Update Tomcat native to 1.1.7 (mturk)
update Update to JDT 3.2.1 (remm)
Catalina
fix Fix EJB annotation interface (remm)
Coyote
fix Fix passing of the keystore password for the NIO connector (fhanik)
Tomcat 6.0.1 (remm)
General
fix 37439, 40823: Documentation cleanup (markt)
Catalina
update Refactor exception processing using Throwable.getCause to improve exception chaining (remm)
add Remove dead code involving the Logger (funkman)
fix 37458: Fix some exceptions which could happen during classloading (markt)
fix 40817: Fix CGI path (markt)
fix 34956: Add the possibility to enforce usage of request and response wrapper objects (markt)
Jasper
update Many fixes for JSP 2.1 compliance, invloving tag files handling, deferred expressions validation, bom encoding support (remm)
Coyote
update Many HTTP NIO connector fixes and refactorings (fhanik)
update HTTP NIO connector performance improvements (fhanik)
update Add packetSize option for the classic AJP connector (jfclere)
update Implement explicit flushing in AJP (mturk)
Tomcat 6.0.0 (remm)
Catalina
add SSLEngine attribute added to the AprLifecycleListener(fhanik)
add Add API for Comet IO handling (remm, fhanik)
add Servlet 2.5 support (remm)
Jasper
add JSP 2.1 support (jhook, remm)
add Unifed EL 2.1 support (jhook)
Coyote
add SSLEnabled attribute required for SSL to be turned on, on all HTTP connectors (fhanik)
update Memory usage reduction for the HTTP connectors, except java.io (remm)
update Modeler update to use dynamic mbeans rather than model mbeans, which consume more resources (costin)
Cluster
add New cluster configuration and new documentation (fhanik)
Webapps

Copyright © 1999-2008, Apache Software Foundation