Author: markt
Date: Thu Oct 6 07:52:28 2016
New Revision: 1763510
URL: http://svn.apache.org/viewvc?rev=1763510&view=rev
Log:
Copy the 9.0.0.M1 to M4 change log entries to the 8.5.x changelog to make it
easier for people to find the changes in 8..x compared to 8.0.x
Modified:
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1763510&r1=1763509&r2=1763510&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Thu Oct 6 07:52:28 2016
@@ -1307,14 +1307,738 @@
</subsection>
</section>
<section name="Tomcat 8.5.0" rtext="2016-03-24">
+ <subsection name="General">
+ <changelog>
+ <update>
+ Remove support for Comet. (markt)
+ </update>
+ <update>
+ Tighten up the default file permissions for the <code>.tar.gz</code>
+ distribution so no files or directories are world readable by default.
+ Configure Tomcat to run with a default umask of <code>0027</code> which
+ may be overridden by setting <code>UMASK</code> in
+ <code>setenv.sh</code>. (markt)
+ </update>
+ <update>
+ Remove native code (Windows Service Wrapper, APR/native connector)
+ support for Windows Itanium. (markt)
+ </update>
+ </changelog>
+ </subsection>
+ <subsection name="Catalina">
+ <changelog>
+ <update>
+ The default HTTP cookie parser has been changed to
+ <code>org.apache.tomcat.util.http.Rfc6265CookieProcessor</code>.
(markt)
+ </update>
+ <scode>
+ Refactor creation of <code>MapperListener</code> to ensure that the
+ <code>Mapper</code> used is the <code>Mapper</code> associated with the
+ <code>Service</code> for which the listener was created. (markt)
+ </scode>
+ <add>
+ Move the functionality that provides redirects for context roots and
+ directories where a trailing <code>/</code> is added from the Mapper to
+ the <code>DefaultServlet</code>. This enables such requests to be
+ processed by any configured Valves and Filters before the redirect is
+ made. This behaviour is configurable via the
+ <code>mapperContextRootRedirectEnabled</code> and
+ <code>mapperDirectoryRedirectEnabled</code> attributes of the Context
+ which may be used to restore the previous behaviour. (markt)
+ </add>
+ <scode>
+ Refactor <code>Service.getContainer()</code> to return an
+ <code>Engine</code> rather than a <code>Container</code>. (markt)
+ </scode>
+ <fix>
+ <bug>34319</bug>: Only load those keys in
+ <code>StoreBase.processExpire</code> from JDBCStore that are old enough
+ to be expired. Based on a patch by Tom Anderson. (fschumacher)
+ </fix>
+ <add>
+ <bug>58351</bug>: Make the server build date and server version number
+ accessible via JMX. Patch provided by Huxing Zhang. (markt)
+ </add>
+ <add>
+ <bug>56917</bug>: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later
+ redirects to use relative URIs. This is controlled by a new attribute
+ <code>useRelativeRedirects</code> on the <strong>Context</strong> and
+ defaults to <code>true</code>. (markt)
+ </add>
+ <fix>
+ <bug>58629</bug>: Allow an embedded Tomcat instance to start when the
+ <code>Service</code> has no <code>Engine</code> configured. (markt)
+ </fix>
+ <fix>
+ Correctly notify the MapperListener associated with a Service if the
+ Engine for that Service is changed. (markt)
+ </fix>
+ <add>
+ Make a web application's CredentialHandler available through a context
+ attribute. This allows a web application to use the same algorithm
+ for validating or generating new stored credentials from cleartext
+ ones. (schultz)
+ </add>
+ <fix>
+ <bug>58635</bug>: Enable break points to be set within agent code when
+ running Tomcat with a Java agent. Based on a patch by Huxing Zhang.
+ (markt)
+ </fix>
+ <fix>
+ Fixed potential NPE in <code>HostConfig</code> while deploying an
+ application. Issue reported by coverity scan. (violetagg)
+ </fix>
+ <fix>
+ <bug>58655</bug>: Fix an <code> IllegalStateException</code> when
+ calling <code>HttpServletResponse.sendRedirect()</code> with the
+ <code>RemoteIpFilter</code>. This was caused by trying to correctly
+ generate the absolute URI for the redirect. With the fix for
+ <bug>56917</bug>, redirects may now be relative making the
+ <code>sendRedirect()</code> implementation for the
+ <code>RemoteIpFilter</code> much simpler. This also addresses issues
+ where the redirect may not have behaved as expected when redirecting
+ from http to https to from https to http. (markt)
+ </fix>
+ <fix>
+ <bug>58657</bug>: Exceptions in a Servlet 3.1 <code>ReadListener</code>
+ or <code>WriteListener</code> do not need to be immediately fatal to
the
+ connection. Allow an error response to be written. (markt)
+ </fix>
+ <fix>
+ Correct implementation of
+ <code>validateClientProvidedNewSessionId</code> so client provided
+ session IDs may be rejected if validation is enabled. (markt)
+ </fix>
+ <fix>
+ <bug>58701</bug>: Reset the <code>instanceInitialized</code> field in
+ <code>StandardWrapper</code> when unloading a Servlet so that a new
+ instance may be correctly initialized. (markt)
+ </fix>
+ <update>
+ Add a new flag <code>aprPreferred</code> to the Apr listener. if set to
+ <code>false</code>, when using the connector defaults, it will use
+ NIO + OpenSSL if tomcat-native is available, rather than the APR
+ connector. (remm)
+ </update>
+ <fix>
+ Add path parameter handling to
+ <code>HttpServletRequest.getContextPath()</code>. This is a follow-up
to
+ the fix for <bug>57215</bug>. (markt)
+ </fix>
+ <fix>
+ <bug>58692</bug>: Make <code>StandardJarScanner</code> more robust. Log
+ a warning if a class path entry cannot be scanned rather than
triggering
+ the failure of the web application. Includes a test case written by
+ Derek Abdine. (markt)
+ </fix>
+ <fix>
+ <bug>58702</bug>: Ensure an access log entry is generated if the client
+ aborts the connection. (markt)
+ </fix>
+ <fix>
+ Fixed various issues reported by Findbugs. (violetagg)
+ </fix>
+ <fix>
+ <bug>58735</bug>: Add support for the <code>X-XSS-Protection</code>
+ header to the <code>HttpHeaderSecurityFilter</code>. Patch provided by
+ Jacopo Cappellato. (markt)
+ </fix>
+ <fix>
+ Add the <code>StatusManagerServlet</code> to the list of Servlets that
+ can only be loaded by privileged applications. (markt)
+ </fix>
+ <fix>
+ Simplify code and fix messages in
+ <code>org.apache.catalina.core.DefaultInstanceManager</code> class.
+ (kkolinko)
+ </fix>
+ <fix>
+ <bug>58751</bug>: Correctly handle the case where an
+ <code>AsyncListener</code> dispatches to a Servlet on an asynchronous
+ timeout and the Servlet uses <code>sendError()</code> to trigger an
+ error page. Includes a test case based on code provided by Andy
+ Wilkinson.(markt)
+ </fix>
+ <fix>
+ Ensure that the proper file encoding, if specified, will be used when
+ a readme file is served by DefaultServlet. (violetagg)
+ </fix>
+ <fix>
+ Fix declaration of <code>localPort</code> attribute of Connector MBean:
+ it is read-only. (kkolinko)
+ </fix>
+ <fix>
+ <bug>58766</bug>: Make skipping non-class files during annotation
+ scanning faster by checking the file name first. Improve debug logging.
+ (kkolinko)
+ </fix>
+ <fix>
+ <bug>58768</bug>: Log a warning if a redirect fails because of an
+ invalid location. (markt)
+ </fix>
+ <scode>
+ <bug>58827</bug>: Remove remains of JSR-77 implementation. (markt)
+ </scode>
+ <fix>
+ <bug>58836</bug>: Correctly merge query string parameters when
+ processing a forwarded request where the target includes a query string
+ that contains a parameter with no value. (markt/kkolinko)
+ </fix>
+ <fix>
+ Make sure that shared Digester is reset in an unlikely error case
+ in <code>HostConfig.deployWAR()</code>. (kkolinko)
+ </fix>
+ <add>
+ Extend the feature available in the cluster session manager
+ implementations that enables session attribute replication to be
+ filtered based on attribute name to all session manager
implementations.
+ Note that configuration attribute name has changed from
+ <code>sessionAttributeFilter</code> to
+ <code>sessionAttributeNameFilter</code>. Apply the filter on load as
+ well as unload to ensure that configuration changes made while the web
+ application is stopped are applied to any persisted data. (markt)
+ </add>
+ <add>
+ Extend the session attribute filtering options to include filtering
+ based on the implementation class of the value and optional
+ <code>WARN</code> level logging if an attribute is filtered. These
+ options are available for all of the Manager implementations that ship
+ with Tomcat. When a <code>SecurityManager</code> is used filtering will
+ be enabled by default. (markt)
+ </add>
+ <scode>
+ Remove <code>distributable</code> and <code>maxInactiveInterval</code>
+ from the <code>Manager</code> interface because the attributes are
never
+ used. The equivalent attributes from the <code>Context</code> always
+ take precedence. (markt)
+ </scode>
+ <fix>
+ <bug>58867</bug>: Improve checking on Host start for WAR files that
have
+ been modified while Tomcat has stopped and re-expand them if
+ <code>unpackWARs</code> is <code>true</code>. (markt)
+ </fix>
+ <fix>
+ <bug>58900</bug>: Correctly undeploy symlinked resources and prevent an
+ infinite cycle of deploy / undeploy. (markt)
+ </fix>
+ <fix>
+ Protect initialization of <code>ResourceLinkFactory</code> when
+ running with a SecurityManager. (kkolinko)
+ </fix>
+ <fix>
+ Correct a thread safety issue in the filtering of session attributes
+ based on the implementing class name of the value object. (markt)
+ </fix>
+ <fix>
+ Fix class loader decision on the delegation for class loading and
+ resource lookup and make it faster too. (rjung)
+ </fix>
+ <fix>
+ <bug>58905</bug>: Ensure that <code>Tomcat.silence()</code> silences
the
+ correct logger and respects the current setting. (markt)
+ </fix>
+ <fix>
+ <bug>58946</bug>: Ensure that the request parameter map remains
+ immutable when processing via a RequestDispatcher. (markt)
+ </fix>
+ <fix>
+ Ensure that <code>/WEB-INF/classes</code> is never processed as a web
+ fragment. (markt)
+ </fix>
+ <update>
+ Switch default connector when native is installed. Unless configured
+ otherwise, the NIO endpoint will be used by default. If SSL is
+ configured, OpenSSL will be used rather than JSSE. (remm)
+ </update>
+ <fix>
+ Correct a regression in the fix for <bug>58867</bug>. When configuring
a
+ Context to use an external directory for the <code>docBase</code>, and
+ that directory happens to be located along side the original WAR, use
+ the directory as the <code>docBase</code> rather than expanding the
+ WAR into the <code>appBase</code> and using the newly created expanded
+ directory as the <code>docBase</code>. (markt)
+ </fix>
+ <add>
+ <bug>58988</bug>: Special characters in the substitutions for the
+ RewriteValve can now be quoted with a backslash. (fschumacher)
+ </add>
+ <fix>
+ <bug>58999</bug>: Fix class and resource name filtering in
+ WebappClassLoader. It throws a StringIndexOutOfBoundsException if the
+ name is exactly "org" or "javax". (rjung)
+ </fix>
+ <add>
+ Add JASPIC (JSR-196) support. (markt)
+ </add>
+ <add>
+ Make checking for var and map replacement in RewriteValve a bit
stricter
+ and correct detection of colon in var replacement. (fschumacher)
+ </add>
+ <fix>
+ Refactor the web application class loader to reduce the impact of JAR
+ scanning on the memory footprint of the web application. (markt)
+ </fix>
+ <fix>
+ Fix some resource leaks in the error handling for accessing files from
+ JARs and WARs. (markt)
+ </fix>
+ <fix>
+ Refactor the JAR and JAR-in-WAR resource handling to reduce the memory
+ footprint of the web application. (markt)
+ </fix>
+ <fix>
+ Refactor the web.xml parsing so a new parser is created every time the
+ web application starts rather than creating and caching the parser when
+ the Context is created. This enables the parser to take account of
+ modified Context configuration parameters and reduces (slightly) the
+ memory footprint of a running Tomcat instance. (markt)
+ </fix>
+ <update>
+ Switch the web application class loader to the
+ <code>ParallelWebappClassLoader</code> by default. (markt)
+ </update>
+ <fix>
+ <bug>57809</bug>: Remove the custom context attribute that held the
+ effective web.xml. Components needing access to configuration
+ information may access it via the Servlet API. (markt)
+ </fix>
+ <fix>
+ Refactor JAR scanning to reduce memory footprint. (markt)
+ </fix>
+ <fix>
+ <bug>59001</bug>: Correctly handle the case when Tomcat is installed on
+ a path where one of the segments ends in an exclamation mark. (markt)
+ </fix>
+ <fix>
+ Expand the fix for <bug>59001</bug> to cover the special sequences used
+ in Tomcat's custom jar:war: URLs. (markt)
+ </fix>
+ <fix>
+ <bug>59043</bug>: Avoid warning while expiring sessions associated with
+ a single sign on if <code>HttpServletRequest.logout()</code> is used.
+ (markt)
+ </fix>
+ <fix>
+ <bug>59054</bug>: Ensure that using the
+ <code>CrawlerSessionManagerValve</code> in a distributed environment
+ does not trigger an error when the Valve registers itself in the
+ session. (markt)
+ </fix>
+ <fix>
+ Add socket properties support to storeconfig. (remm)
+ </fix>
+ <fix>
+ Fix incorrect parsing of the NE and NC flags in rewrite rules. (remm)
+ </fix>
+ <fix>
+ <bug>59065</bug>: Correct the timing of the check for colons in paths
+ on non-Windows systems implemented in <code>catalina.sh</code> so it
+ works correctly with Cygwin. Patch provided by Ed Randall. (markt)
+ </fix>
+ <fix>
+ When a Host is configured with an appBase that does not exist, create
+ the appBase before trying to expand an external WAR file into it.
+ (markt)
+ </fix>
+ <fix>
+ <bug>59115</bug>: When using the Servlet 3.0 file upload, the submitted
+ file name may be provided as a token or a quoted-string. If a
+ quoted-string, unquote the string before returning it to the user.
+ (markt)
+ </fix>
+ <fix>
+ <bug>59123</bug>: Close <code>NamingEnumeration</code> objects used by
+ the <code>JNDIRealm</code> once they are no longer required.
+ (fschumacher/markt)
+ </fix>
+ <add>
+ Implement the proposed Servlet 4.0 API to provide mapping type
+ information for the current request. (markt)
+ </add>
+ <fix>
+ <bug>59138</bug>: Correct a false positive warning for ThreadLocal
+ related memory leaks when the key class but not the value class has
been
+ loaded by the web application class loader. (markt)
+ </fix>
+ <add>
+ <bug>59017</bug>: Make the pre-compressed file support in the Default
+ Servlet generic so any compression may be used rather than just gzip.
+ Patch provided by Mikko Tiihonen. (markt)
+ </add>
+ <fix>
+ <bug>59145</bug>: Don't log an invalid warning when a user logs out of
+ a session associated with SSO. (markt)
+ </fix>
+ <fix>
+ <bug>59150</bug>: Add an additional flag on APR listener to allow
+ disabling automatic use of OpenSSL. (remm)
+ </fix>
+ <fix>
+ <bug>59151</bug>: Fix a regression in the fix for <bug>56917</bug> that
+ added additional (and arguably unnecessary) validation to the provided
+ redirect location. (markt)
+ </fix>
+ <fix>
+ <bug>59154</bug>: Fix a <code>NullPointerException</code> in the
+ <code>JAASMemoryLoginModule</code> resulting from the introduction of
+ the <code>CredentialHandler</code> to <code>Realm</code>s.
+ (schultz/markt)
+ </fix>
+ </changelog>
+ </subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <update>
+ Remove support for the HTTP BIO and AJP BIO connectors. (markt)
+ </update>
+ <scode>
+ Refactor HTTP upgrade and AJP implementations to reduce duplication.
+ (markt)
+ </scode>
+ <add>
+ Add support for HPACK header encoding and decoding, contributed
+ by Stuart Douglas. (remm)
+ </add>
+ <add>
+ <bug>57108</bug>: Add support for Server Name Indication (SNI). There
+ has been significant changes to the SSL configuration in server.xml to
+ support this. (markt)
+ </add>
+ <add>
+ Add SSL engine for JSSE backed by OpenSSL. Includes ALPN support.
+ Based on code contributed by Numa de Montmollin and derived from code
+ developed by Twitter and Netty. (remm)
+ </add>
+ <fix>
+ RFC 7230 states that clients should ignore reason phrases in HTTP/1.1
+ response messages. Since the reason phrase is optional, Tomcat no
longer
+ sends it. As a result the system property
+ <code>org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER</code> is no
+ longer used and has been removed. (markt)
+ </fix>
+ <update>
+ The minimum required Tomcat Native version has been increased to 1.2.2.
+ The 1.2.x branch includes ALPN and SNI support which are required for
+ HTTP/2. (markt)
+ </update>
+ <add>
+ Add support for HTTP/2 including server push. (markt)
+ </add>
+ <fix>
+ <bug>58621</bug>: The certificate chain cannot be set using the main
+ certificate attribute, so restore the certificate chain property.
(remm)
+ </fix>
+ <fix>
+ Allow a new SSL config type where a connector can use either JSSE or
+ OpenSSL. Both could be allowed, but it would likely create support
+ issues. This type is used by the OpenSSL implementation for NIOx.
(remm)
+ </fix>
+ <fix>
+ Improve upgrade context classloader handling by using Context.bind and
+ unbind. (remm)
+ </fix>
+ <add>
+ Improve OpenSSL keystore/truststore configuration by using the code
+ from the JSSE implementation. (remm, jfclere)
+ </add>
+ <fix>
+ Fix a potential loop when a client drops the connection unexpectedly.
+ (markt)
+ </fix>
+ <add>
+ OpenSSL renegotiation support for client certificate authentication.
+ (remm)
+ </add>
+ <fix>
+ Fix NIO connector renegotiation. (remm)
+ </fix>
+ <fix>
+ <bug>58659</bug>: Fix a potential deadlock during HTTP/2 processing
when
+ the connection window size is limited. (markt)
+ </fix>
+ <fix>
+ Correct an NPE when listing the enabled ciphers (e.g. via the Manager
+ web application) for a TLS enabled APR/native connector. (markt)
+ </fix>
+ <add>
+ New configuration option <code>ajpFlush</code> for the AJP connectors
+ to disable the sending of AJP flush packets. (rjung)
+ </add>
+ <fix>
+ Handle the case in the NIO connector where the required TLS buffer
sizes
+ increase after the connection has been initiated. (markt)
+ </fix>
+ <fix>
+ Handle the case in the NIO2 connector where the required TLS buffer
+ sizes increase after the connection has been initiated. (markt/remm)
+ </fix>
+ <fix>
+ Bad processing of handshake errors in NIO2. (remm)
+ </fix>
+ <fix>
+ Use JSSE session configuration options with OpenSSL. (remm)
+ </fix>
+ <fix>
+ <bug>59015</bug>: Fix potential cause of endless APR Poller loop during
+ shutdown if the Poller experiences an error during the shutdown
process.
+ (markt)
+ </fix>
+ <fix>
+ Align cipher aliases for <code>kECDHE</code> and <code>ECDHE</code>
with
+ the current OpenSSL implementation. (markt)
+ </fix>
+ <fix>
+ <bug>59081</bug>: Retain the user defined cipher order when defining
+ ciphers. (markt)
+ </fix>
+ <fix>
+ <bug>59089</bug>: Correctly ignore HTTP headers that include non-token
+ characters in the header name. (markt)
+ </fix>
+ </changelog>
+ </subsection>
+ <subsection name="Jasper">
+ <changelog>
+ <fix>
+ <bug>57136#c25</bug>: Change default value of
+ <code>quoteAttributeEL</code> setting in Jasper to be <code>true</code>
+ for better compatibility with other implementations and older versions
+ of Tomcat. Add command line option <code>-no-quoteAttributeEL</code> in
+ JspC. (kkolinko)
+ </fix>
+ <fix>
+ Fix handling of missing messages in
+ <code>org.apache.el.util.MessageFactory</code>. (violetagg)
+ </fix>
+ <update>
+ Update to the Eclipse JDT Compiler 4.5.1. (markt)
+ </update>
+ <fix>
+ <bug>57583</bug>: Improve the performance of
+ <code>javax.servlet.jsp.el.ScopedAttributeELResolver</code> when
+ resolving attributes that do not exist. This improvement only works
when
+ Jasper is used with Tomcat's EL implementation. (markt)
+ </fix>
+ </changelog>
+ </subsection>
+ <subsection name="Cluster">
+ <changelog>
+ <fix>
+ Enable an explicit configuration of local member in the static cluster
+ membership. (kfujino)
+ </fix>
+ <fix>
+ Fix potential integer overflow in <code>DeltaSession</code>.
+ Reported by coverity scan. (fschumacher)
+ </fix>
+ <fix>
+ In order to avoid that the heartbeat thread and the background thread
to
+ run <code>Channel.heartbeat</code> simultaneously, if
+ <code>heartbeatBackgroundEnabled</code> of
<code>SimpleTcpCluster</code>
+ set to <code>true</code>, ensure that the heartbeat thread does not
+ start. (kfujino)
+ </fix>
+ </changelog>
+ </subsection>
+ <subsection name="WebSocket">
+ <changelog>
+ <add>
+ <bug>55006</bug>: The WebSocket client now honors the
+ <code>java.net.java.net.ProxySelector</code> configuration (using the
+ HTTP type) when establishing WebSocket connections to servers. Based on
+ a patch by Niki Dokovski. (markt)
+ </add>
+ <fix>
+ <bug>57489</bug>: Ensure <code>onClose()</code> is called when a
+ WebSocket connection is closed even if the sending of the close message
+ fails. Includes test cases by Barry Coughlan. (markt)
+ </fix>
+ <fix>
+ <bug>58624</bug>: Correct a potential deadlock if the WebSocket
+ connection is closed when a message write is in progress. (markt)
+ </fix>
+ <fix>
+ Fix a timing issue on session close that could result in an exception
+ being thrown for an incomplete message even through the message was
+ completed. (markt)
+ </fix>
+ <fix>
+ Correctly handle compression of partial messages when the final message
+ fragment has a zero length payload. (markt)
+ </fix>
+ <fix>
+ <bug>59119</bug>: Correct read logic for WebSocket client when using
+ secure connections. (markt)
+ </fix>
+ <fix>
+ <bug>59134</bug>: Correct client connect logic for secure connections
+ made through a proxy. (markt)
+ </fix>
+ </changelog>
+ </subsection>
+ <subsection name="Web applications">
+ <changelog>
+ <fix>
+ <bug>48674</bug>: Implement an option within the Host Manager web
+ application to persist the current configuration. Based on a patch by
+ Coty Sutherland. (markt)
+ </fix>
+ <fix>
+ <bug>58631</bug>: Correct the continuation character use in the Windows
+ Service How-To page of the documentation web application. (markt)
+ </fix>
+ <fix>
+ Correct the SSL documentation for deprecated attributes to point to the
+ correct, new location for attributes related to individual
certificates.
+ (markt)
+ </fix>
+ <fix>
+ Correct some typos in the JNDI resources How-To. (markt)
+ </fix>
+ <fix>
+ Don't create session unnecessarily in the Manager application. (markt)
+ </fix>
+ <fix>
+ Don't create session unnecessarily in the Host Manager application.
+ (markt)
+ </fix>
+ <fix>
+ <bug>58723</bug>: Clarify documentation and error messages for the text
+ interface of the manager to make clear that version must be used with
+ path when referencing contexts deployed using parallel deployment.
+ (markt)
+ </fix>
+ <add>
+ Document <code>test.threads</code> option in BUILDING.txt. (kkolinko)
+ </add>
+ <fix>
+ Correct an error in the documentation of the expected behaviour for
+ automatic deployment. If a WAR is updated and an expanded directory is
+ present, the directory will always be deleted and recreated by
expanding
+ the WAR if <code>unpackWARs</code> is <code>true</code>. (markt)
+ </fix>
+ <fix>
+ <bug>58935</bug>: Remove incorrect references in the documentation to
+ using <code>jar:file:</code> URLs with the Manager application. (markt)
+ </fix>
+ <fix>
+ Correct the description of the
+ <code>ServletRequest.getServerPort()</code> in Proxy How-To.
+ Issue reported via comments.apache.org. (violetagg)
+ </fix>
+ <add>
+ The Manager and Host Manager applications are now only accessible via
+ <code>localhost</code> by default. (markt)
+ </add>
+ </changelog>
+ </subsection>
+ <subsection name="Tribes">
+ <changelog>
+ <fix>
+ Clarify the handling of Copy message and Copy nodes. (kfujino)
+ </fix>
+ <fix>
+ Ensure that the static member is registered to the add suspect list
even
+ if the static member that is registered to the remove suspect list has
+ disappeared. (kfujino)
+ </fix>
+ <fix>
+ When using a static cluster, add the members that have been cached in
+ the membership service to the map members list in order to ensure that
+ the map member is a static member. (kfujino)
+ </fix>
+ <fix>
+ Add support for the startup notification of local members in the static
+ cluster. (kfujino)
+ </fix>
+ <fix>
+ Ignore the unnecessary member remove operation from different domain.
+ (kfujino)
+ </fix>
+ <fix>
+ Add support for the shutdown notification of local members in the
static
+ cluster. (kfujino)
+ </fix>
+ <fix>
+ If promoting a proxy node to a primary node when getting a session,
+ notify the change of the new primary node to the original backup node.
+ (kfujino)
+ </fix>
+ </changelog>
+ </subsection>
+ <subsection name="jdbc-pool">
+ <changelog>
+ <fix>
+ Correct evaluation of system property
+ <code>org.apache.tomcat.jdbc.pool.onlyAttemptCurrentClassLoader</code>.
+ It was basically ignored before. Reported by coverity scan.
(fschumacher)
+ </fix>
+ <fix>
+ Fix potential integer overflow in <code>ConnectionPool</code> and
+ <code>PooledConnection</code>. Reported by coverity scan. (fschumacher)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<add>
- The Tomcat 8.5.x branch was created from the Tomcat 9.0.0.M4 tag.
- Changes were applied to restore Java 7 compatibility and to align the
- specification APIs with Servlet 3.1, JSP 2.3, EL 3.0, WebSocket 1.1 and
- JASPIC 1.1.
+ Allow to configure multiple JUnit test class patterns with the build
+ property <code>test.name</code> and document the property in
+ BUILDING.txt. (rjung)
+ </add>
+ <add>
+ Support the use of the <code>threads</code> attribute on Ant's
+ junit task. Note that using this with a value of greater than one will
+ disable Cobertura code coverage. (markt)
</add>
+ <update>
+ Update optional Checkstyle library to 6.14.1. (kkolinko)
+ </update>
+ <update>
+ Update the packaged version of the Tomcat Native Library to 1.2.4 to
+ pick up the Windows binaries that are based on OpenSSL 1.0.2e and APR
+ 1.5.1. (markt)
+ </update>
+ <update>
+ Update the NSIS Installer used to build the Windows Installers to
+ version 2.50. (markt/kkolinko)
+ </update>
+ <update>
+ Update the internal fork of Commons BCEL to r1725718 to align with the
+ refactoring for BCEL 6, the next major BCEL release. (markt)
+ </update>
+ <update>
+ Update the internal fork of Commons DBCP 2 to r1725730 (2.1.1 plus
+ additional fixes). (markt)
+ </update>
+ <update>
+ Update the internal fork of Commons Pool 2 to r1725738 (2.4.2 plus
+ additional fixes). (markt)
+ </update>
+ <update>
+ Update the internal fork of Commons Codec to r1725746 (1.9 plus
+ additional fixes). (markt)
+ </update>
+ <fix>
+ <bug>58283</bug>: Change the default download location for libraries
+ during the build process from <code>/usr/share/java</code> to
+ <code>${user.home}/temp</code>. Patch provided by Ahmed Hosni. (markt)
+ </fix>
+ <fix>
+ <bug>59031</bug>: When using the Windows uninstaller, do not remove the
+ contents of any directories that have been symlinked into the Tomcat
+ directory structure. (markt)
+ </fix>
+ <update>
+ Update the packaged version of the Tomcat Native Library to 1.2.5 to
+ pick up the Windows binaries that are based on OpenSSL 1.0.2g and APR
+ 1.5.1. (markt)
+ </update>
+ <update>
+ Modify the default <code>tomcat-users.xml</code> file to make it harder
+ for users to configure the entries intended for use with the examples
+ web application for the Manager application. (markt)
+ </update>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
