| products/sources/formale sprachen/Java/apache-tomcat-10.1.16-src/webapps/docs/ |
|
Quellcode-Bibliothek© Kompilation durch diese Firma[Weder Korrektheit noch Funktionsfähigkeit der Software werden zugesichert.]Datei: tip56.html Sprache: XMLOriginal von: Apache© |
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <!DOCTYPE document [ <!ENTITY project SYSTEM "project.xml"> <!-- DTD is used to validate changelog structure at build time. BZ 64931. --> <!ELEMENT document (project?, properties, body)> <!ATTLIST document url CDATA #REQUIRED> <!-- body and title are used both in project.xml and in this document --> <!ELEMENT body ANY> <!ELEMENT title (#PCDATA)> <!-- Elements of project.xml --> <!ELEMENT project (title, logo, body)> <!ATTLIST project name CDATA #REQUIRED> <!ATTLIST project href CDATA #REQUIRED> <!ELEMENT logo (#PCDATA)> <!ATTLIST logo href CDATA #REQUIRED> <!ELEMENT menu (item+)> <!ATTLIST menu name CDATA #REQUIRED> <!ELEMENT item EMPTY> <!ATTLIST item name CDATA #REQUIRED> <!ATTLIST item href CDATA #REQUIRED> <!-- Elements of this document --> <!ELEMENT properties (author*, title, no-comments) > <!ELEMENT author (#PCDATA)> <!ATTLIST author email CDATA #IMPLIED> <!ELEMENT no-comments EMPTY> <!ELEMENT section (subsection)*> <!ATTLIST section name CDATA #REQUIRED> <!ATTLIST section rtext CDATA #IMPLIED> <!ELEMENT subsection (changelog+)> <!ATTLIST subsection name CDATA #REQUIRED> <!ELEMENT changelog (add|update|fix|scode|docs|design)*> <!ELEMENT add ANY> <!ELEMENT update ANY> <!ELEMENT fix ANY> <!ELEMENT scode ANY> <!ELEMENT docs ANY> <!ELEMENT design ANY> <!ELEMENT bug (#PCDATA)> <!ELEMENT rev (#PCDATA)> <!ELEMENT pr (#PCDATA)> <!-- Random HTML markup tags. Add more here as needed. --> <!ELEMENT a (#PCDATA)> <!ATTLIST a href CDATA #REQUIRED> <!ATTLIST a rel CDATA #IMPLIED> <!ELEMENT b (#PCDATA)> <!ELEMENT code (#PCDATA)> <!ELEMENT em (#PCDATA)> <!ELEMENT strong (#PCDATA)> <!ELEMENT tt (#PCDATA)> ]> <?xml-stylesheet type="text/xsl" href="tomcat-docs.xsl"?> <document url="changelog.html"> &project; <properties> <title>Changelog</title> <no-comments /> </properties> <body> <!-- Subsection ordering: General, Catalina, Coyote, Jasper, Cluster, WebSocket, Web applications, Extras, Tribes, jdbc-pool, Other Item Ordering: Fixes having an issue number are sorted by their number, ascending. There is no ordering by add/update/fix/scode/docs/design. Other fixed issues are added to the end of the list, chronologically. They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> <section name="Tomcat 10.1.16 (schultz)" rtext=""> <subsection name="Catalina"> <changelog> <fix> <bug>67667</bug>: <code>TLSCertificateReloadListener</code> prints unreadable rendering of <code>X509Certificate#getNotAfter()</code>. (michaelo) </fix> <update> The status servlet included in the manager webapp can now output statistics as JSON, using the <code>JSON=true</code> URL parameter. (remm) </update> <update> Optionally allow ServiceBindingPropertySource to trim a trailing newline from a file containing a property-value. (schultz) </update> <fix> <bug>67793</bug>: Ensure the original session timeout is restored after FORM authentication if the user refreshes a page during the FORM authentication process. Based on a suggestion by Mircea Butmalai. (markt) </fix> <update> <bug>67926</bug>: <code>PEMFile</code> prints unidentifiable string representation of ASN.1 OIDs. (michaelo) </update> <fix> <bug>66875</bug>: Ensure that setting the request attribute <code>jakarta.servlet.error.exception</code> is not sufficient to trigger error handling for the current request and response. (markt) </fix> <fix> <bug>68054</bug>: Avoid some file canonicalization calls introduced by the fix for <bug>65433</bug>. (remm) </fix> <fix> <bug>68089</bug>: Improve performance of request attribute access for <code>ApplicationHttpRequest</code> and <code>ApplicationRequest</code>. (markt) </fix> <fix> Use a 400 status code to report an error due to a bad request (e.g. an invalid trailer header) rather than a 500 status code. (markt) </fix> <fix> Ensure that an <code>IOException</code> during the reading of the request triggers always error handling, regardless of whether the application swallows the exception. (markt) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <add> <bug>66670</bug>: Add <code>SSLHostConfig#certificateKeyPasswordFile</code> and <code>SSLHostConfig#certificateKeystorePasswordFile</code>. (michaelo) </add> <add> When calling <code>SSLHostConfigCertificate.setCertificateKeystore(ks)</code>, automatically call <code>setCertificateKeystoreType(ks.getType())</code>. (markt) </add> <fix> <bug>67628</bug>: Clarify how the <code>ciphers</code> attribute of the <code>SSLHostConfig</code> is used. (markt) </fix> <fix> <bug>67666</bug>: Ensure TLS connectors using PEM files either work with the <code>TLSCertificateReloadListener</code> or, in the rare case that they do not, log a warning on Connector start. (markt) </fix> <fix> <bug>67675</bug>: Support a wider range of KDF and ciphers for PEM files than the combinations supported by the JVM by default. Specifically, support the OpenSSL default of HmacSHA256 and DES-EDE3-CBC. (markt) </fix> <fix> <bug>67927</bug>: Reloading TLS configuration can cause the Connector to refuse new connections or the JVM to crash. (markt) </fix> <fix> <bug>67938</bug>: Correct handling of large TLS client hello messages that were causing the TLS handshake to fail. (markt) </fix> <fix> <bug>68026</bug>: Convert selected <code>MessageByte</code> values to String when first accessed to speed up subsequent accesses and reduce garbage collection. (markt) </fix> </changelog> </subsection> <subsection name="Jasper"> <changelog> <fix> <bug>68068</bug>: Performance improvement for EL. Based on a suggestion by John Engebretson. (markt) </fix> </changelog> </subsection> <subsection name="WebSocket"> <changelog> <fix> Correct missing metadata in the MANIFEST of the for WebSocket client API JAR file. (markt) </fix> </changelog> </subsection> <subsection name="Web applications"> <changelog> <fix> <bug>68035</bug>: Correct a regression in the fix for <bug>56248</bug> that prevented deployment via the Manager of a WAR or directory that was already present in the <code>appBase</code> or a context file that was already present in the <code>xmlBase</code>. (markt) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <add> <bug>67538</bug>: Make use of Ant's <javaversion /> taskto enfore the mininum Java build version. (michaelo) </add> <update> Update Checkstyle to 10.12.4. (markt) </update> <update> Update JaCoCo to 0.8.11. (markt) </update> <update> Update SpotBugs to 4.8.0. (markt) </update> <update> Update BND to 7.0.0. (markt) </update> <update> The minimum Java version required to build Tomcat has been raised to Java 17. (markt) </update> <update> Update the OWB module to Apache OpenWebBeans 4.0.0. (remm) </update> </changelog> </subsection> </section> <section name="Tomcat 10.1.15 (schultz)" rtext="2023-10-16"> <subsection name="Coyote"> <changelog> <fix> <bug>67670</bug>: Fix regression with HTTP compression after code refactoring. (remm) </fix> </changelog> </subsection> <subsection name="jdbc-pool"> <changelog> <fix> <bug>67664</bug>: Correct a regression in the clean-up of unnecessary use of fully qualified class names in 10.1.14 that broke the jdbc-pool. (markt) </fix> </changelog> </subsection> </section> <section name="Tomcat 10.1.14 (schultz)" rtext="2023-10-10"> <subsection name="Catalina"> <changelog> <add> <bug>65770</bug>: Provide a lifecycle listener that will automatically reload TLS configurations a set time before the certificate is due to expire. This is intended to be used with third-party tools that regularly renew TLS certificates. (markt) </add> <fix> Fix handling of an error reading a context descriptor on deployment. (remm) </fix> <fix> Fix rewrite rule qsd (query string discard) being ignored if qsa was also use, while it should instead take precedence. (remm) </fix> <fix> <bug>67472</bug>: Send fewer CORS-related headers when CORS is not actually being engaged. (schultz) </fix> <add> Improve handling of failures within <code>recycle()</code> methods. (markt) </add> </changelog> </subsection> <subsection name="Coyote"> <changelog> <fix> <bug>67198</bug>: Ensure that the AJP connector attribute <code>tomcatAuthorization</code> takes precedence over the <code>tomcatAuthentication</code> attribute when processing an <code>auth_type</code> attribute received from a proxy server. (markt) </fix> <fix> <bug>67235</bug>: Fix a <code>NullPointerException</code> when an <code>AsyncListener</code> handles an error with a dispatch rather than a complete. (markt) </fix> <fix> When an error occurs during asynchronous processing, ensure that the error handling process is only triggered once per asynchronous cycle. (markt) </fix> <fix> Fix logic issue trying to match no argument method in IntropectionUtil. (remm) </fix> <fix> Improve thread safety around readNotify and writeNotify in the NIO2 endpoint. (remm) </fix> <fix> Avoid rare thread safety issue accessing message digest map. (remm) </fix> <fix> Improve statistics collection for upgraded connections under load. (remm) </fix> <fix> Align validation of HTTP trailer fields with standard fields. (markt) </fix> <fix> Improvements to HTTP/2 overhead protection. (markt) </fix> </changelog> </subsection> <subsection name="Jasper"> <changelog> <fix> <bug>67080</bug>: Improve performance of EL expressions in JSPs that use implicit objects. Based on suggestions by John Engebretson, Anurag Dubey and Christopher Schultz. (markt) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <update> Update the internal fork of Apache Commons FileUpload to 7a8c324 (2023-09-16, 1.x-SNAPSHOT). Due to significant refactoring in the 2.x branch requiring additional Commons IO dependencies, Tomcat has switched to tracking the 1.x branch. (markt) </update> <add> Add the <code>Bundle-License</code> header to the JAR manifest for all Tomcat JARs. (markt) </add> <update> Update UnboundID to 6.0.9. (markt) </update> <update> Update Checkstyle to 10.12.3. (markt) </update> <update> Update Tomcat Native to 2.0.6. (markt) </update> <update> Update Commons Pool to 2.12.0. (markt) </update> <fix> <bug>67611</bug>: Correct the download link in BUILDING.txt. (lihan) </fix> <add> Improvements to French translations. (remm) </add> <add> Improvements to Japanese translations by tak7iji. (markt) </add> <add> Improvements to Russian translations by usmazat. (markt) </add> </changelog> </subsection> </section> <section name="Tomcat 10.1.13 (markt)" rtext="2023-08-25"> <subsection name="Catalina"> <changelog> <fix> If an application or library sets both a non-500 error code and the <code>jakarta.servlet.error.exception</code> request attribute, use the provided error code during error page processing rather than assuming an error code of 500. (markt) </fix> <fix> Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. (martk) </fix> <fix> Avoid protocol relative redirects in FORM authentication. (markt) </fix> </changelog> </subsection> <subsection name="Web applications"> <changelog> <fix> Documentation. Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. (martk) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <add> Improvements to Chinese translations. (lihan) </add> <add> Improvements to French translations. (remm) </add> <add> Improvements to Japanese translations by tak7iji. (markt) </add> </changelog> </subsection> </section> <section name="Tomcat 10.1.12 (markt)" rtext="2023-08-14"> <subsection name="Catalina"> <changelog> <fix> <bug>66680</bug>: When serializing a session during the session presistence process, do not log a warning that null Principals are not serializable. Pull request <pr>638</pr> provided by tsryo. (markt) </fix> <fix> Catch <code>NamingException</code> in <code>JNDIRealm#getPrincipal</code>. It is used in Java up to 17 to signal closed connections. (fschumacher) </fix> <fix> <bug>66822</bug>: Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance. (markt) </fix> <fix> The parts count should also lower the actual <code>maxParameterCount</code> used for parsing parameters if parts are parsed first. (remm) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <fix> Correct a regression introduced in 10.1.11 and use the correct constant when constructing the default value for the <code>certificateKeystoreFile</code> attribute of an <code>SSLHostConfigCertificate</code> instance. (markt) </fix> <scode> Refactor HTTP/2 implementation to reduce pinning when using virtual threads. (markt) </scode> <fix> Pass through ciphers referring to an OpenSSL profile, such as <code>PROFILE=SYSTEM</code> instead of producing an error trying to parse it. (remm) </fix> <fix> <bug>66841</bug>: Ensure that <code>AsyncListener.onError()</code> is called after an error during asynchronous processing with HTTP/2. (markt) </fix> <fix> <bug>66842</bug>: When using asynchronous I/O (the default), include DATA frames when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. (markt) </fix> <fix> Correct a race condition that could cause spurious RST messages to be sent after the response had been written to an HTTP/2 stream. (markt) </fix> </changelog> </subsection> <subsection name="WebSocket"> <changelog> <fix> <bug>66681</bug>: Fix a <code>NullPointerException</code> when flushing batched messages with compression enabled using <code>permessage-deflate</code>. (markt) </fix> </changelog> </subsection> <subsection name="jdbc-pool"> <changelog> <fix> Fix the <code>releaseIdleCounter</code> does not increment when testAllIdle releases them. Pull request <pr>241</pr> provided by Arun Chaitanya Miriappalli (lihan) </fix> <fix> Fix the <code>ConnectionState</code> state will be inconsistent with actual state on the connection when an exception occurs while writing. Pull request <pr>643</pr> provided by Wenjun Xiao. (lihan) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <update> Update NSIS to 3.0.9. (markt) </update> <update> Update Checkstyle to 10.12.2. (markt) </update> <add> Improvements to French translations. (remm) </add> <add> Improvements to Japanese translations. Contributed by tak7iji and Shirayuking. (markt) </add> <fix> <bug>66829</bug>: Fix quoting so users can use the <code>_RUNJAVA</code> environment variable as intended on Windows when the path to the Java executable contains spaces. (markt) </fix> <fix> <bug>66834</bug>: Correct the OSGi contract references in the manifest files to refer to the Jakarta EE contract names rather than the Java EE contract names. (markt) </fix> <update> Update Tomcat Native to 2.0.5. (markt) </update> </changelog> </subsection> </section> <section name="Tomcat 10.1.11 (schultz)" rtext="2023-07-10"> <subsection name="Catalina"> <changelog> <add> <bug>59232</bug>: Add <code>org.apache.catalina.core.ContextNamingInfoListener</code>, a listener which creates context naming information environment entries. (michaelo) </add> <add> <bug>66665</bug>: Add <code>org.apache.catalina.core.PropertiesRoleMappingListener</code>, a listener which populates the context's role mapping from a properties file. (michaelo) </add> <fix> Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately crafted to allow it even when <code>allowLinking</code> was set to <code>false</code>. (markt) </fix> <update> Add utlity config file resource lookup on <code>Context</code> to allow looking up resources from the webapp (prefixed with <code>webapp:</code>) and make the resource lookup API more visible. (remm) </update> <fix> Fix potential database connection leaks in <code>DataSourceUserDatabase</code> identified by Coverity Scan. (markt) </fix> <fix> Make parsing of <code>ExtendedAccessLogValve</code> patterns more robust. (markt) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <fix> <bug>66627</bug>: Restore the documented behaviour of <code>MessageBytes.getType()</code> that it returns the type of the original content rather than reflecting the most recent conversion. (markt) </fix> <fix> <bug>66635</bug>: Correct certificate logging on start-up so it differentiates between keystore based keys/certificates and PEM file based keys/certificates and logs the relevant information for each. (markt) </fix> <fix> Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from the Poller to be missed resuting in a timeout rather than the expected read or write. (markt) </fix> <fix> Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait. (markt) </fix> </changelog> </subsection> <subsection name="WebSocket"> <changelog> <fix> Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown. (markt) </fix> <fix> Correct a regression in the fix for <bug>66574</bug> that meant the WebSocket session could return false for <code>onOpen()</code> before the <code>onClose()</code> event had been completed. (markt) </fix> </changelog> </subsection> <subsection name="Web applications"> <changelog> <add> Documentation. Expand the security guidance to cover the embedded use case and add notes on the uses made of the <code>java.io.tmpdir</code> system property. (markt) </add> <fix> <bug>66662</bug>: Documentation. Fix a typo in the name of the <strong>algorithms</strong> attribute in the configuration section for the Digest authentication valve. Pull request <pr>629</pr> provided by gohilmca. (markt) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <add> Include the Windows specific binary distributions in the files uploaded to Maven Central. (markt) </add> <add> Improvements to French translations. (remm) </add> <add> Improvements to Japanese translations. Contributed by tak7iji. (markt) </add> <update> Update UnboundID to 6.0.9. (markt) </update> <update> Update Checkstyle to 10.12.1. (markt) </update> <update> Update BND to 6.4.1. (markt) </update> <update> Update JSign to 5.0. (markt/rjung) </update> <fix> Align documentation for maxParameterCount to match hard-coded defaults. Contributed by Michal Sobkiewicz. (schultz) </fix> </changelog> </subsection> </section> <section name="Tomcat 10.1.10 (schultz)" rtext="2023-06-12"> <subsection name="Catalina"> <changelog> <scode> Move the management of the utility executor from the <code>init()</code>/<code>destroy()</code> methods of components to the <code>start()</code>/<code>stop()</code> methods. (markt) </scode> <add> Add <code>org.apache.catalina.core.StandardVirtualThreadExecutor</code>, a virtual thread based executor that may be used with one or more Connectors to process requests received by those Connectors using virtual threads. This Executor requires a minimum Java version of Java 21. (markt) </add> <fix> <bug>66513</bug>: Add a per session Semaphore to the <code>PersistentValve</code> that ensures that, within a single Tomcat instance, there is no more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses the Valve and the reason if a request fails to obtain the per session Semaphore. (markt) </fix> <fix> <bug>66609</bug>: Ensure that the default servlet correctly escapes file names in directory listings when using XML output. Based on pull request <pr>621</pr> by Alex Kachanov. (markt) </fix> <add> <bug>66618</bug>: Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting in the XSLT. Pull request <pr>622</pr> by Alex Kachanov. (markt) </add> <fix> <bug>66621</bug>: Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock. (markt) </fix> <fix> <bug>66622</bug>: Deprecate the <code>xssProtectionEnabled</code> setting from the <code>HttpHeaderSecurityFilter</code> and change the default value to <code>false</code> as support for the associated HTTP header has been removed from all major browsers. (markt) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <update> Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined in RFC 7540. (markt) </update> <fix> <bug>66602</bug>: not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload. Pull request #619 by ledefe. (lihan) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <update> Update to Commons Daemon 1.3.4. (markt) </update> <add> Improvements to French translations. (remm) </add> <update> Update Checkstyle to 10.12.0. (markt) </update> <update> Update the packaged version of the Apache Tomcat Native Library to 2.0.4 to pick up the Windows binaries built with with OpenSSL 3.0.9. (markt) </update> </changelog> </subsection> </section> <section name="Tomcat 10.1.9 (schultz)" rtext="2023-05-19"> <subsection name="Catalina"> <changelog> <fix> <bug>66567</bug>: Fix missing <code>IllegalArgumentException</code> after the Tomcat code was converted to using URI instead of URL. (remm) </fix> <fix> Escape timestamp output in <code>AccessLogValve</code> if a <code>SimpleDateFormat</code> is used which contains verbatim characters that need escaping. (rjung) </fix> <update> Change output of vertical tab in <code>AccessLogValve</code> from <code>\v</code> to <code>\u000b</code>. (rjung) </update> <update> Improve performance of escaping in <code>AccessLogValve</code> roughly by a factor of two. (rjung) </update> <update> Improve <code>JsonAccessLogValve</code>: support more patterns like for headers and attributes. Those will be logged as sub objects. (rjung) </update> <fix> <pr>613</pr>: Fix possible partial corrupted file copies when using file locking protection or the manager servlet. Submitted by Jack Shirazi. (remm) </fix> <add> Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks. (isapir) </add> </changelog> </subsection> <subsection name="Coyote"> <changelog> <add> Add support for a new character set, <code>gb18030-2022</code> - introduced in Java 21, to the character set caching mechanism. (markt) </add> <fix> Fix an edge case in HTTP header parsing and ensure that HTTP headers without names are treated as invalid. (markt) </fix> <update> Deprecate the HTTP Connector settings <code>rejectIllegalHeader</code> and <code>allowHostHeaderMismatch</code> as they have been removed in Tomcat 11 onwards. (markt) </update> <fix> <bug>66591</bug>: Fix a regression introduced in the fix for <bug>66512</bug> that meant that an AJP Send Headers was not sent for responses where no HTTP headers were set. (markt) </fix> </changelog> </subsection> <subsection name="Jasper"> <changelog> <fix> <bug>66582</bug>: Account for EL having stricter requirements for static imports than JSPs when adding JSP static imports to the EL context. (markt) </fix> </changelog> </subsection> <subsection name="WebSocket"> <changelog> <fix> <bug>66574</bug>: Refactor WebSocket session close to remove the lock on the <code>SocketWrapper</code> which was a potential cause of deadlocks if the application code used simulated blocking. (markt) </fix> <fix> <bug>66575</bug>: Avoid unchecked use of the backing array of a buffer provided by the user in the compression transformation. (remm) </fix> <fix> Improve exception handling when flushing batched messages during WebSocket session close. (markt) </fix> <fix> <bug>66581</bug>: Update <code>AsyncChannelGroupUtil</code> to align it with the current defaults for AsynchronousChannelGroup. Pull request <pr>612</pr> by Matthew Painter. (markt) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <add> Improvements to French translations. (remm) </add> <add> Improvements to Chinese translations. (lihan) </add> <update> Update Checkstyle to 10.10.0. (markt) </update> <update> Update Jacoco to 0.8.10. (markt) </update> <update> Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.7. (markt) </update> </changelog> </subsection> </section> <section name="Tomcat 10.1.8 (schultz)" rtext="2023-04-19"> <subsection name="Catalina"> <changelog> <fix> <bug>65995</bug>: Implement RFC 9239 and use <code>text/javascript</code> as the media type for JavaScript rather than <code>application/javascript</code>. (markt) </fix> <add> Add an access log valve that uses a json format. Based on pull request <pr>539</pr> provided by Thomas Meyer. (remm) </add> <add> Harden the FORM authentication process against DoS attacks by using a reduced session timeout if the FORM authentication process creates a session. The duration of this timeout is configured by the <code>authenticationSessionTimeout</code> attribute of the FORM authenticator. (markt) </add> <fix> <bug>66527</bug>: Correct the Javadoc for the <code>Tomcat.addWebapp()</code> methods that incorrectly stated that the <code>docBase</code> parameter could be a relative path. (markt) </fix> <fix> <bug>66524</bug> Correct eviction ordering in WebResource cache to by LRU as intended. (schultz) </fix> <update> Use server.xml to reduce the default value of <code>maxParameterCount</code> from 10,000 to 1,000. If not configured in server.xml, the default remains 10,000. (markt) </update> <add> Update Digest authentication support to align with RFC 7616. This adds a new configuration attribute, <code>algorithms</code>, to the <code>DigestAuthenticator</code> with a default of <code>SHA-256,MD5</code>. (markt) </add> <update> Add support code for custom user attributes in <code>RealmBase</code>. Based on code from <pr>473</pr> by Carsten Klein. (remm) </update> <fix> Expand the set of HTTP request headers considered sensitive that should be skipped when generating a response to a <code>TRACE</code> request. This aligns with 11.0.x. (markt) </fix> <fix> <bug>66541</bug>: Improve handling for cached resources for resources that use custom URL schemes. The scheme specific <code>equals()</code> and <code>hashCode()</code> algorithms, if present, will now be used for URLs for these resources. This addresses a potential performance issue with some OSGi custom URL schemes that can trigger potentially slow DNS lookups in some configurations. Based on a patch provided by Tom Whitmore. (markt) </fix> <fix> When using a custom session manager deployed as part of the web application, avoid <code>ClassNotFoundException</code>s when validating session IDs extracted from requests. (markt) </fix> <fix> <bug>66543</bug>: Give <code>StandardContext#fireRequestDestroyEvent</code> its own log message. (fschumacher) </fix> <fix> <bug>66554</bug>: Initialize Random during server initialization to avoid possible JVM thread creation in the webapp context on some platforms. (remm) </fix> <update> Make the server utility executor available to webapps using a Servlet context attribute named <code>org.apache.tomcat.util.threads.ScheduledThreadPoolExecutor</code>. (remm) </update> </changelog> </subsection> <subsection name="Coyote"> <changelog> <fix> JSON filter should support specific escaping for common special characters as defined in RFC 8259. Based on code submitted by Thomas Meyer. (remm) </fix> <fix> <bug>66511</bug>: Fix <code>GzipOutputFilter</code> (used for compressed HTTP responses) when used with direct buffers. Patch suggested by Arjen Poutsma. (markt) </fix> <fix> <bug>66512</bug>: Align AJP handling of invalid HTTP response headers (they are now removed from the response) with HTTP. (markt) </fix> <fix> <bug>66530</bug>: Correct a regression in the fix for bug <bug>66442</bug> that meant that streams without a response body did not decrement the active stream count when completing leading to <code>ERR_HTTP2_SERVER_REFUSED_STREAM</code> for some connections. (markt) </fix> </changelog> </subsection> <subsection name="Jasper"> <changelog> <fix> Fix bug that meant some instances of coercing a <code>LambdaExpression</code> to a functional interface invocation failed. (markt) </fix> <fix> <bug>66536</bug>: Fix parsing of tag files that meant that tag directives could be ignored for some tag files. (markt) </fix> </changelog> </subsection> <subsection name="Cluster"> <changelog> <fix> <bug>66535</bug>: Redefine the <code>maxValidTime</code> attribute of <code>FarmWarDeployer</code> to be the maximum time allowed between receiving parts of a transferred file before the transfer is cancelled and the associated resources cleaned-up. A new warning message will be logged if the file transfer is cancelled. (markt) </fix> </changelog> </subsection> <subsection name="WebSocket"> <changelog> <fix> <bug>66508</bug>: When using WebSocket with NIO2, avoid waiting for a timeout before sending the close frame if an I/O error occurs during a write. (markt) </fix> <fix> <bug>66548</bug>: Expand the validation of the value of the <code>Sec-Websocket-Key</code> header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used. (markt) </fix> </changelog> </subsection> <subsection name="Web applications"> <changelog> <fix> <bug>66542</bug>: Documentation. Update the JNDI documentation to replace references to JavaMail with references to Jakarta Mail. (markt) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <add> Improvements to French translations. (remm) </add> <add> Improvements to Japanese translations. Contributed by Shirayuking and tak7iji. (markt) </add> <add> Improvements to Chinese translations. Contributed by totoo. (markt) </add> <scode> Refactor code using <code>MD5Encoder</code> to use <code>HexUtils.toHexString()</code>. (markt) </scode> <fix> <bug>66507</bug>: Fix a bug that <code>$JAVA_OPTS</code> is not passed to the jvm in <code>catalina.sh</code> when calling <code>version</code>. Patch suggested by Eric Hamilton. (lihan) </fix> <update> Update the internal fork of Commons DBCP to f131286 (2023-03-08, 2.10.0-SNAPSHOT). This corrects a regression introduced in 10.1.5. (markt) </update> <fix> Improve the error messages if <code>JRE_HOME</code> or <code>JAVA_HOME</code> are not set correctly. On windows, align the handling of <code>JRE_HOME</code> and <code>JAVA_HOME</code> for the start-up scripts and the service install script. (markt) </fix> <update> Update to the Eclipse JDT compiler 4.27. (markt) </update> <update> Update UnboundID to 6.0.8. (markt) </update> <update> Update Checkstyle to 10.9.3. (markt) </update> <update> Update Jacoco to 0.8.9. (markt) </update> <fix> Enhance PEMFile to load from an InputStream. Patch provided by Romain Manni-Bucau. (schultz) </fix> </changelog> </subsection> </section> <section name="Tomcat 10.1.7 (schultz)" rtext="2023-03-03"> <subsection name="General"> <changelog> <fix> Fix a bug that memory allocation is larger than limit in <code>SynchronizedStack</code> to reduce memory footprint. (lihan) </fix> </changelog> </subsection> <subsection name="Catalina"> <changelog> <add> Add support for <code>txt:</code> and <code>rnd:</code> rewrite map types from mod_rewrite. Based on a pull request <pr>591</pr> provided by Dimitrios Soumis. (remm) </add> <update> Provide a more appropriate response (501 rather than 400) when rejecting an HTTP request using the CONNECT method. (markt) </update> <fix> <bug>66488</bug>: Correct a regression introduced in the fix for bug <bug>66196</bug> that meant that the HTTP headers and/or request line could get corrupted (one part overwriting another part) within a single request. (markt) </fix> <fix> <bug>66491</bug>: Revert the switch to using the ServiceLoader mechanism to load the custom URL protocol handlers that Tomcat uses. The original system property based approach has been restored. (markt) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <add> Add a check for the validity of the scheme pseudo-header in HTTP/2. (markt) </add> <fix> <bug>66482</bug>: Restore inline state after async operation in NIO2, to account the fact that unexpected exceptions are sometimes thrown by the implementation. Patch submitted by zhougang. (remm) </fix> </changelog> </subsection> </section> <section name="Tomcat 10.1.6 (schultz)" rtext="2023-02-24"> <subsection name="Catalina"> <changelog> <fix> Allow a Valve to access cookies from a request that cannot be mapped to a Context. (markt) </fix> <fix> <bug>66438</bug>: Correct names of Jakarta modules in JPMS metadata. (markt) </fix> <update> Switch to using the ServiceLoader mechanism to load the custom URL protocol handlers that Tomcat uses. (markt) </update> <fix> Avoid possible ISE when scanning from bad JAR URLs, to restore the previous behavior following the removal of Java 9+ reflection code which caught the ISE. (remm) </fix> <fix> Refactor uses of <code>String.replaceAll()</code> to use <code>String.replace()</code> where regular expressions where not being used. Pull request <pr>581</pr> provided by Andrei Briukhov. (markt) </fix> <add> Add error report valve that allows redirecting to of proxying from an external web server. Based on code and ideas from pull request <pr>506</pr> provided by Max Fortun. (remm) </add> <add> <bug>66470</bug>: Add the Shared Address Space defined by RFC 6598 (100.64.0.0/10) to the regular expression used to identify internal proxies for the <code>RemoteIpFilter</code> and <code>RemoteIpValve</code>. (markt) </add> <fix> <bug>66471</bug>: Fix JSessionId secure attribute missing When <code>RemoteIpFilter</code> determines that this request was submitted via a secure channel. (lihan) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <add> Log basic information for each configured TLS certificate when Tomcat starts. (markt) </add> <fix> <bug>66442</bug>: When an HTTP/2 response must not include a body, ensure that the end of stream flag is set on the headers frame and that no data frame is sent. (markt) </fix> <fix> <bug>66455</bug>: Fix the cause of a potential <code>ClassCastException</code> when processing a <code>WINDOW_UPDATE</code> frame on an HTTP/2 connection where the flow control window for the overall connection has been exhausted. (markt) </fix> <fix> Fix a regression introduced in 10.1.0-M17 that prevented HTTP/2 connections from timing out when using a Connector configured with <code>useAsyncIO=true</code> (the default). (markt) </fix> <add> Provided dedicated loggers (<code>org.apache.tomcat.util.net.NioEndpoint.certificate</code> / <code>org.apache.tomcat.util.net.Nio2Endpoint.certificate</code>) for logging of configured TLS certificates. (markt) </add> </changelog> </subsection> <subsection name="Jasper"> <changelog> <fix> <bug>66419</bug>: Fix calls from expression language to a method that accepts varargs when only one argument was passed. (markt) </fix> <fix> <bug>66441</bug>: Make imports of static fields in JSPs visible to any EL expressions used on the page. (markt) </fix> </changelog> </subsection> <subsection name="Web applications"> <changelog> <fix> <bug>66429</bug>: Documentation. Limit access to the documentation web application to localhost by default. (markt) </fix> <fix> <bug>66429</bug>: Examples. Limit access to the examples web application to localhost by default. (markt) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <update> Update BND to 6.4.0. (markt) </update> <add> Improvements to Korean translations. (woonsan) </add> <update> Update the packaged version of the Apache Tomcat Native Library to 2.0.3 to pick up the Windows binaries built with with OpenSSL 3.0.8. (markt) </update> </changelog> </subsection> </section> <section name="Tomcat 10.1.5 (markt)" rtext="2023-01-13"> <subsection name="Catalina"> <changelog> <fix> <bug>66388</bug>: Correct a regression in the refactoring that replaced the use of the <code>URL</code> constructors. The regression broke lookups for resources that contained one or more characters in their name that required escaping when used in a URI path. (markt) </fix> <fix> <bug>66392</bug>: Change the default value of <code>AccessLogValve</code>'s file encoding to UTF-8 and update documentation. (lihan) </fix> <fix> <bug>66393</bug>: Align <code>ExtendedAccessLogValve</code>'s x-P(XXX) with the documentation. (lihan) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <fix> When resetting an HTTP/2 stream because the final response has been generated before the request has been fully read, use the HTTP/2 error code <code>NO_ERROR</code> so that client does not discard the response. Based on a suggestion by Lorenzo Dalla Vecchia. (markt) </fix> <fix> <bug>66385</bug>: Correct a bug in HTTP/2 where a non-blocking read for a new frame with the NIO2 connector was incorrectly made using the read timeout leading to unexpected stream closure. (markt) </fix> </changelog> </subsection> <subsection name="Jasper"> <changelog> <fix> <bug>66370</bug>: Change the default of the <code>org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED</code> system property to <code>true</code> unless the EL library is running on Tomcat in which case the default remains <code>false</code> as the EL library is already called from within a privileged block and skipping the unnecessary privileged block improves performance. (markt) </fix> <add> Add support for specifying Java 21 (with the value <code>21</code>) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will used. (markt) </add> </changelog> </subsection> <subsection name="Other"> <changelog> <update> Update the internal fork of Apache Commons BCEL to 2ee2bff (2023-01-03, 6.7.1-SNAPSHOT). (markt) </update> <update> Update the internal fork of Apache Commons Codec to 3eafd6c (2023-01-03, 1.16-SNAPSHOT). (markt) </update> <update> Update the internal fork of Apache Commons FileUpload to 34eb241 (2023-01-03, 2.0-SNAPSHOT). (markt) </update> <update> Update the internal fork of Apache Commons DBCP to f131286 (2023-01-03, 2.10.0-SNAPSHOT). (markt) </update> <add> Improvements to Japanese translations. Contributed by Shirayuking. (markt) </add> <add> Improvements to Portuguese translations. Contributed by Guilherme Custódio. (markt) </add> <update> Update to the Eclipse JDT compiler 4.26. (markt) </update> <update> Update Checkstyle to 10.6.0. (markt) </update> <update> Update Unboundid to 6.0.7. (markt) </update> <update> Update SpotBugs to 4.7.3. (markt) </update> </changelog> </subsection> </section> <section name="Tomcat 10.1.4 (markt)" rtext="2022-12-09"> <subsection name="Other"> <changelog> <update> Update the packaged version of the Apache Tomcat Migration Tool for Jakarta EE to 1.0.6. (markt) </update> </changelog> </subsection> </section> <section name="Tomcat 10.1.3 (markt)" rtext="not released"> <subsection name="Catalina"> <changelog> <fix> Correct the default implementation of <code>HttpServletRequest.isTrailerFieldsReady()</code> to return <code>true</code> so it is consistent with the default implementation of <code>HttpServletRequest.getTrailerFields()</code> and with the Servlet API provided by the Jakarta EE project. (markt) </fix> <fix> Refactor <code>WebappLoader</code> so it only has a runtime dependency on the migration tool for Jakarta EE if configured to use the converter as classes are loaded. (markt) </fix> <fix> Improve the behavior of the credential handler attribute that is set in the Servlet context so that it actually reflects what is used during authentication. (remm) </fix> <fix> <bug>66359</bug>: Update javadoc for RemoteIpValve and RemoteIpFilter with correct <code>protocolHeader</code> default value of "X-Forwarded-Proto". (lihan) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <fix> When an HTTP/2 stream was reset, the current active stream count was not reduced. If enough resets occurred on a connection, the current active stream count limit was reached and no new streams could be created on that connection. (markt) </fix> </changelog> </subsection> <subsection name="Web applications"> <changelog> <fix> <bug>66348</bug>: Update the JARs listed in the class loader documentation and note which ones are optional. (markt) </fix> <fix> Documentation. Replace references in the application developer's guide to CVS with more general references to a source code control system. (markt) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <scode> Refactor code base to replace use of URL constructors. While they are deprecated in Java 20 onwards, the reasons for deprecation are valid for all versions so move away from them now. (markt) </scode> <scode> Refine the Tomcat native image metadata to avoid including unintended non-Tomcat resources. Pull request <pr>569</pr> provided by Sébastien Deleuze. (markt) </scode> <update> Update the internal fork of Apache Commons BCEL to b015e90 (2022-11-28, 6.7.0-RC1). (markt) </update> <update> Update the internal fork of Apache Commons Codec to ae32a3f (2022-11-29, 1.16-SNAPSHOT). (markt) </update> <update> Update to Commons Daemon 1.3.3. (markt) </update> <update> Update the internal fork of Apache Commons FileUpload to aa8eff6 (2022-11-29, 2.0-SNAPSHOT). (markt) </update> <add> Improvements to Japanese translations. Contributed by Shirayuking and tak7iji. (markt) </add> </changelog> </subsection> </section> <section name="Tomcat 10.1.2 (markt)" rtext="2022-11-14"> <subsection name="Catalina"> <changelog> <add> <bug>66209</bug>: Add a configuration option to allow bloom filters used to index JAR files to be retained for the lifetime of the web application. Prior to this addition, the indexes were always flushed by the periodic calls to <code>WebResourceRoot.gc()</code>. As part of this addition, configuration of archive indexing moves from <code>Context</code> to <code>WebResourceRoot</code>. Based on a patch provided by Rahul Jaisimha. (markt) </add> <fix> <bug>66330</bug>: Correct a regression introduced when fixing <bug>62897</bug> that meant any value configured for <code>skipMemoryLeakChecksOnJvmShutdown</code> on the <code>Context</code> was ignored and the default was always used. (markt) </fix> <fix> <bug>66331</bug>: Fix a regression in refactoring for <code>Stack</code> on the <code>SystemLogHandler</code> which caught incorrect exception. (lihan) </fix> <fix> <bug>66338</bug>: Fix a regression that caused a nuance in refactoring for <code>ErrorReportValve</code>. (lihan) </fix> <fix> Escape values used to construct output for the <code>JsonErrorReportValve</code> to ensure that it always outputs valid JSON. (markt) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <fix> Correct the date format used with the expires attribute of HTTP cookies. A single space rather than a single dash should be used to separate the day, month and year components to be compliant with RFC 6265. (markt) </fix> <add> Include the name of the current stream state in the error message when a stream is cancelled due to an attempt to write to the stream when it is in a state that does not permit writes. (markt) </add> <scode> NIO writes never return -1 so refactor <code>CLOSED_NIO_CHANNEL</code> not to do so and remove checks for this return value. Based on <pr>562</pr> by tianshuang. (markt) </scode> <scode> Remove unnecessary code that exposed the <code>asyncTimeout</code> to components that never used it. (markt) </scode> </changelog> </subsection> <subsection name="Jasper"> <changelog> <fix> <bug>66294</bug>: Make the use of a privileged block to obtain the thread context class loader added to address <bug>62080</bug> optional and disabled by default. This is now controlled by the <code>org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED</code> system property. (markt) </fix> <fix> <bug>66317</bug>: Fix for Lambda coercion security manager missing privileges. Based on pull request #557 by Isaac Rivera Rivas (lihan) </fix> <fix> <bug>66325</bug>: Fix concurrency issue in evaluation of expression language containing lambda expressions. (markt) </fix> </changelog> </subsection> <subsection name="jdbc-pool"> <changelog> <fix> <bug>66346</bug>: Ensure all JDBC pool JARs are reproducible. Pull request <pr>566</pr> provided by John Neffenger. (markt) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <update> Update to Commons Daemon 1.3.2. (markt) </update> <fix> <bug>66323</bug>: Move module start up parameters from <code>JDK_JAVA_OPTIONS</code> to <code>JAVA_OPTS</code> now that the minimum Java version is 11 and these options are always required. (markt) </fix> <add> Improvements to Chinese translations. Contributed by DigitalCat and lihan. (markt) </add> <add> Improvements to French translations. Contributed by Mathieu Bouchard. (markt) </add> <add> Improvements to Japanese translations. Contributed by Shirayuking. (markt) </add> <fix> Correct a regression in the removal of the APR connector that broke Graal native image support. Pull request <pr>564</pr> provided by Sébastien Deleuze. (markt) </fix> <update> Update the packaged version of the Apache Tomcat Native Library to 2.0.2 to pick up the Windows binaries built with with OpenSSL 3.0.7. (markt) </update> <update> Update the packaged version of the Apache Tomcat Migration Tool for Jakarta EE to 1.0.5. (markt) </update> </changelog> </subsection> </section> <section name="Tomcat 10.1.1 (markt)" rtext="2022-10-11"> <subsection name="Catalina"> <changelog> <fix> Update the <code>RewriteValve</code> to perform pattern matching using dotall mode to avoid unexpected behaviour if the URL includes encoded line terminators. (markt) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <fix> <bug>66276</bug>: Fix incorrect class cast when adding a descendant of HTTP/2 streams. (lihan) </fix> <fix> <bug>66281</bug>: Fix unexpected timeouts that may appear as client disconnections when using HTTP/2 and NIO2. (markt) </fix> <fix> Enforce the requirement of RFC 7230 onwards that a request with a malformed <code>content-length</code> header should always be rejected with a 400 response. (markt) </fix> </changelog> </subsection> <subsection name="Jasper"> <changelog> <fix> <bug>66277</bug>: Fix regressions in refactoring from <code>Stack</code> <code>ArrayDeque</code>. </fix> <add> Add support for specifying Java 20 (with the value <code>20</code>) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will used. (markt) </add> </changelog> </subsection> <subsection name="Web applications"> <changelog> <fix> Documentation. Document the <code>nonceRequestParameterName</code> attribute for the <code>CsrfPreventionFilter</code>. Based on <pr>553</pr> by Mert Ülkgün. (markt) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <update> Update to the Eclipse JDT compiler 4.23. (markt) </update> <update> Update Objenesis to 3.2. (markt) </update> <update> Update UnboundID to 6.0.6. (markt) </update> <update> Update Checkstyle to 10.3.4. (markt) </update> <update> Update JaCoCo to 0.8.8. (markt) </update> <update> Update SpotBugs to 4.7.2. (markt) </update> <update> Update JSign to 4.2. (markt) </update> <update> Update Derby to 10.16.1.1. (markt) </update> <add> Improvements to Chinese translations. (markt) </add> <add> Improvements to Czech translations. (markt) </add> <add> Improvements to French translations. (remm) </add> <add> Improvements to Japanese translations. Contributed by tak7iji and Shirayuking. (markt) </add> <add> Improvements to Korean translations. (markt) </add> <add> Improvements to Spanish translations. (markt) </add> </changelog> </subsection> </section> <section name="Tomcat 10.1.0 (markt)" rtext="2022-09-26"> <subsection name="Coyote"> <changelog> <update> Update Panama OpenSSL code for the extensive Java 20 changes. (remm) </update> <fix> Fix a regression in refactoring for Hashtables which caused mbeans to lose many of their attributes. (remm) </fix> </changelog> </subsection> <subsection name="Jasper"> <changelog> <add> <bug>66203</bug>: Log an error message when the JSP compiler is unable to create the output directory for the generated code. (markt) </add> </changelog> </subsection> <subsection name="Other"> <changelog> <add> Further automation to the build process to reduce the number of manual steps that release managers must perform. (markt) </add> </changelog> </subsection> </section> <section name="Tomcat 10.1.0-M20 (markt)" rtext="not released"> <subsection name="Coyote"> <changelog> <fix> Prepare OpenSSL Panama module for Java 20 API changes. (remm) </fix> </changelog> </subsection> <subsection name="Other"> <changelog> <update> Update the Apache Tomcat migration tool for Jakarta EE library to 1.0.4. (markt) </update> </changelog> </subsection> </section> <section name="Tomcat 10.1.0-M19 (markt)" rtext="not released"> <subsection name="Coyote"> <changelog> <fix> Correct a regression in the previous fix for <bug>66236</bug>. (markt) </fix> </changelog> </subsection> </section> <section name="Tomcat 10.1.0-M18 (markt)" rtext="not released"> <subsection name="Catalina"> <changelog> <fix> Correct handling of HTTP TRACE requests where there are multiple instances of an HTTP header with the same name. (markt) </fix> <fix> Implement the requirements of RFC 7231 and do not include sensitive headers in responses to HTTP TRACE requests. (markt) </fix> <fix> Implement the clarification in RFC 9110 that the units in HTTP range specifiers are case insensitive. (markt) </fix> <fix> Properly-escape role and group information when writing MemoryUserDatabase to an XML file. (schultz) </fix> <fix> Move control of XML-export logic from individual support classes into MemoryUserDatabase.save(). Deprecate and discontinue use of MemoryUser, MemoryRole, and MemoryGroup classes. (schultz) </fix> <fix> <bug>66183</bug>: When logging cookie values in an access log valve and there are multiple cookies with the same name, log all cookie values rather than just the first. Based on pull request <pr>541</pr> by Han Li. (markt) </fix> <fix> <bug>66184</bug>: Ensure that JULI root loggers have a default level of <code>INFO</code>. Pull request <pr>533</pr> provided by Piotr P. Karwasz. (markt) </fix> <fix> Improve handling of stack overflow errors when parsing SSI expressions. (markt) </fix> <fix> <bug>66120</bug>: Enable FORM authentication to work correctly if session persistence and restoration occurs during the authentication process. (markt) </fix> <fix> <bug>66233</bug>: Include an error message when sending a 400 response because a request has too many cookies. (markt) </fix> <fix> When web application deployment fails due to JARs with duplicate fragment names, improve the error message by listing the JARs that contain the duplicates. Based on pull request <pr>535</pr> by Mads Rolsdorph. (markt) </fix> <fix> Replace logging thread for JULI's AsyncFileHandler with anexecutor to protect against failure of the logging thread. Based on pull request <pr>545</pr> by Piotr P. Karwasz. (markt) </fix> </changelog> </subsection> <subsection name="Coyote"> <changelog> <fix> Avoid potential NPE by skipping duplicate accept check when using a Unix Domain Socket. Based on <pr>532</pr> by Han Li. (markt) </fix> <fix> Address an edge case in HTTP header parsing that allowed CRCRLF to be used as a valid line terminator. (markt) </fix> <fix> Ensure HTTP/2 requests that include connection specific headers are rejected. (markt) </fix> <fix> When processing HTTP/2 requests, allow a <code>host</code> header to be used in place of an <code>:authority</code> header. (markt) </fix> <fix> When processing HTTP/2 requests, allow a <code>host</code> header and an <code>:authority</code> header to be present providing they are consistent. (markt) </fix> <fix> When processing HTTP/2 requests, reject requests containing multiple <code>host</code> headers. (markt) </fix> <fix> Make parsing of invalid filename directives in <code>Content-Disposition</code> headers more robust. Invalid filename directives will now be ignored rather than triggering a 500 response. (markt) </fix> <fix> <bug>66194</bug>: Log HTTP/2 stream closures (usually caused by client errors) via a <code>UserDataHelper</code> to broadly align it with the behaviour of HTTP/1.1 for parsing issues and exceeding limits. (markt) </fix> <fix> <bug>66196</bug>: Align HTTP/1.1 with HTTP/2 and throw an exception when attempting to commit a response with an header value that includes one or more characters with a code point above 255. (markt) </fix> <fix> <bug>66236</bug>: Implement support for the special values zero and minus one when configuring <code>maxSavePostSize</code> for a Connector when used in conjunction with TLS renegotiation. (markt) </fix> <fix> <bug>66240</bug>: Avoid int overflow when parsing octets by limiting the maximum value to 255. Based on a PR <pr>548</pr> by Stefan Mayr. (lihan) </fix> <fix> <pr>550</pr>: Correctly handle case where a Servlet responds to a request with an expectation with a 2xx response without reading the request body. Pull request provided by Malay Shah. (markt) </fix> <fix> <pr>551</pr>: Avoid potential IndexOutOfBoundsException by fixing incorrect check when matching HTTP/2 preface. Submitted by 刘文章. (lihan) </fix> </changelog> </subsection> <subsection name="Jasper"> <changelog> <fix> Improve handling of stack overflow errors when parsing EL expressions. (markt) </fix> <fix> Correct parsing of integer and floating point literals in EL expressions --> -------------------- --> maximum size reached --> -------------------- ¤ Dauer der Verarbeitung: 0.62 Sekunden (vorverarbeitet) ¤ |
Haftungshinweis
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:Die farbliche Syntaxdarstellung ist noch experimentell.Bot Zugriff |
