JBoss, a division of Red HatJBoss.org - Community driven.
Printer Friendly Version

Changelog

JBoss Web 2.1.2.GA (remm)

General

update NSIS 2.43. (remm)

Catalina

fix 38553: A lack of certs is normal if the user doesn't have a trusted cert. Return 401, not 400 in this case. (markt)
fix 46606: Max depth limit configurable in WebDAV Servlet. (markt)
fix 38570: Fix checking of appBase against docBase. (markt)
fix 39013: Fix appBase test when deleting resources. (markt)
fix Status code for redirect rule in rewrite valve. (jfclere)

Coyote

fix HTTP/1.0 handling differed from the old org.apache.jk connector. (remm)
fix Optimize date format for v0 cookies. (markt)

Jasper

fix 46564: More case insensitive comparison of encodings. (markt)
fix Validator code cleanup. (markt)
fix 38197: Take account of jsp:attribute elements when naming tag pools. (markt)

JBoss Web 2.1.2.CR1 (remm)

General

update NSIS 2.41. (remm)

Catalina

fix 46011: Make Principal accessible (if set) via Subject.getSubject(AccessController.getContext()) when processing filters. Based on a patch provided by tsveg1. (markt)
fix 42707: Adding host aliases should be dynamic. (markt)
update JNDI realm feature additions. (rjung)
fix 42747: Harmonize handling of context.xml between war and exploded folder. (markt)
fix 42673: In SSI, correctly handle includes with multi-level contexts. Patch provided by Peter Jodeleit. (markt)
fix If throwing an exception for a non serializable attribute, mention the attribute name in the exception. (mturk)
fix Create configBase also when dealing with directory deployment. (markt)
fix Pass attribute changes to the executor to allow dynamic configuration. (markt)
fix 42077: In javax.el iterators, don't return null elements. Based on a patch by Mathias Broekelmann. (markt)
fix Possible NPE on shutdown of ClusterListener. (remm)
fix InstanceManager security manager fixes. (markt)
add Add a log formatter which logs on one line. (markt)
update JBWEB-129: Support substitution for cookies and env flags in RewriteRule, and map the env flag to request attributes. (remm)
update Support multiple env flags in RewriteRule. (remm)
update Support all cookie flags in RewriteRule. (remm)
fix Remove useless normalization when getting a request dispatcher through a request, and refactor normalization to use the implementation in RequestUtil. (remm, markt)
fix Filter not found URI in default servlet. (remm)
fix 46304: Cache event methods when security is enabled. (markt)
fix 46261: Handling for / in context path. (markt)
fix Filter out negative ports on shutdown, so no connection attempt at all. (remm)
fix 23066: Rare NPE when loading a class. Submitted by Konstantin Kolinko. (markt)

Coyote

fix JSSE configuration for SSL sessions. (markt)
fix Preload fast date format in HTTP connector. (remm)

Jasper

fix EL security manager fixes. (markt)
fix 36923: If EL is disabled, handle as template text. (markt)
fix 46462: Compatibility with ASF projects which use JSP. (markt)
fix 46381: Coerce EL to String rather than Object when concatenating. (markt)
fix 37515: Add options for 1.6 and 1.7 source and target to JDT compiler. (markt)
fix 46471: Use jar url and tag file path to uniquely ID a tag file to prevent naming clashes. (markt)

JBoss Web 2.1.1.GA (remm)

General

update NSIS 2.40. (remm)
update JBoss Native 2.0.6. (remm)
update Eclipse JDT 3.4.1. (remm)

Catalina

fix 45785: Add a check in the loader in addition to the fix for JBAS-4965. (markt)
fix 45823: Log missing request headers as - not null. Based on a patch by Per Landberg. (markt)
fix 45441: Correctly map filters for FORWARD and INCLUDE. (remm)
fix 45419: Set Accept-Ranges for static resources served by DefaultServlet. (markt)
add Bayeux support using a BayeuxServlet written as an event driven servlet. (remm, fhanik)
add LockOutRealm to lock out users after a number of failed authentication attempts. (markt)
fix Fix SSI HTML replacement bug. (markt)
fix Tighten up the max size for content caching (which is often useless due to sendfile). (markt, remm)
fix Sync date format usage in SSI. (markt)
fix 45906: Another ETag improvement. Patch provided by Chris Hubick. (remm)
fix CGI servlet generics cleanup. (markt)
fix Better nested context handling. (markt)
fix The default annotation name should be based on the class in which the annotation was found. (markt)
fix 46075: Don't create ByteArrayOutputStream at maximum possible size. (markt)
fix 46096: Support annotation processing whilst running under a security manager. (markt)
fix 46085: Date handling in sessions should use int offsets, and longs can get corrupted. (remm)
fix 46105: Set query string URI encoding when replaying request. (markt)
fix Only reset the buffer and usage of IS or writer when forwarding to a custom error page. (markt, remm)
fix Remove verbose attribute value logging during session passivation. (remm)
fix Specific error message for webapps that fail to start. (fhanik)

Coyote

add Package renamed JSON library. (remm)
fix IntrospectionUtils.replaceProperties should return the original String if no substitutions are needed. (remm)
fix 45026: AJP should not use an empty reason phrase, due to httpd 2 having a problem with that at the moment. (rjung)
fix Allow AJP to read large body packets, up to the configured packet size. (remm)
fix Remove date tool class, since it has sync issues. (markt, remm)
add Add AJP support for certificate chains. (billbarker)
fix Null out socket in java.io HTTP connector. (fhanik)
fix Handling for invalid AJP messages. (remm)
fix New maxThreads default to 200, up from 40. (remm, fhanik)
fix 46077: Add configuration for deferAccept flag. (remm)
fix Add maxThreads warning. (markt)
fix Cleanup some type oddities in MimeHeaders. (remm)
fix Refactor generation of the READ event which follows a BEGIN into the HTTP protocol handler. (remm)
fix JBWEB-124, JBWEB-125: APR instability fixes involving asynchronous resume() calls. (remm)
fix Fix timeout processing in many cases. (remm)

Jasper

fix 45427: Correct parsing of quoted stings in EL. (markt)
fix Optimize EL parser lookahead. (markt)
fix Fix bad EL exception cast. (rjung)
fix 45451: Testing for this threw up all sorts of other failures around use of \${...} These should all now be fixed. The two pass parsing means we can do away with the previous 'replace with unused unicode character' trick. (markt)
fix Remove unused code in ELSupport. (markt)
fix Ascii parsing bug. (markt)
fix Fix regression in Big* types handling. Patch provided by Nils Eckert. (markt)
fix 46047: Include jar in path for dependencies if they are in a JAR. Patch provided by Cédric Mailleux. (markt)

Others

fix JBWEB-122: Fix exception when using SSL and HTTP variables. (jfclere)

JBoss Web 2.1.1.CR7 (remm)

Catalina

fix JBAS-5917: Fix error handling starting one of the core components, and harmonize lifecycle checks of StandardPipeline with the other components. (remm)
fix 45628: JARs without dependencies should always be fulfilled. (markt)
fix 45735: More consistent getETag. (remm)
fix Better logging of security exceptions reading logging configuration. (rjung)
add Add a special CombinedRealm which can aggregate authentication from multiple realms. (markt)

Coyote

fix Fix a rare problem identifying AJP body packets that should be dropped. (jfclere)

Jasper

fix Sync with EL parser from Tomcat, to fix a number of complex expressions. (remm)
fix 45691: Fix possible duplicates variable names. (markt)
fix 45666: Fir infinite loop on include. (markt)
fix Rebuild EL parser with JavaCC 4.1. (remm)

JBoss Web 2.1.1.CR6 (remm)

General

update NSIS 2.39. (remm)

Catalina

fix 45453: Sync getPrincipal in JDBCRealm. (markt)
add JBWEB-107: Servlet 3.0 style session cookie configuration. (remm)
add New embedded API (startup.Tomcat class). (remm)
add 45576: Add DIGEST support to the JAAS Realm. (markt)
fix 45585: Allow Tomcat to start if using $CATALINA_BASE but not JULI. Patch based on a suggestion by Ian Ward Comfort. (markt)
fix The JAAS Realm did not assign roles to authenticated users. (markt)
add 41407: Add support for CLIENT-CERT to the JASS Realm. (markt)
fix NPE on shutdown when an error occurs starting connectors. (remm)

Coyote

fix Consider that a normal request is Comet (it is possible to get a resume before officially going into Comet mode). (remm)
fix Add configuration checks for java.io SSL. (markt)

Jasper

add JBWEB-108: Experimental support for JCI. (remm)

JBoss Web 2.1.1.CR5 (remm)

General

fix 45332: Don't assume UTF-8 and use the correct encoding when generating tomcat-users.xml from the Windows installer. (markt)
update NSIS 2.38. (remm)
update JBoss Native 2.0.4. (remm)
update Commons Collections 3.2.1. (remm)
update Eclipse JDT 3.4. (remm)

Catalina

fix JBAS-4965: Ignore exploded JARs in extension validator to avoid classcast. (remm)
fix 45285: Look for annotations up the class hierarchy. (markt)
fix Concurrency issues on ClusterListener.status with multiple engines. (jfclere)
fix 42678: Only ignore docBase it it really is a subdir of appBase. (markt)
fix 42722: Fix possible NPE in CGI. (markt)
fix org.jboss.web should be loaded as container classes. (remm)
fix 42727: Handle request lines that are exact multiples of 4096 in length. Patch provided by Will Pugh. (markt)
fix Instance manager checks were not done properly. (remm)
fix Prevent various possible character encoding hacks. (remm)
fix JBWEB-16: Add new catalina.work system property to use as the optional base for work folders. (remm)

Jasper

fix 42565: EL ternary expression without space before colon now works. Patch provided by Lucas Galfaso. (markt)
fix JBWEB-98: Remove mandatory usage of URLClassLoader for better integration with AS. (remm)
fix JBWEB-110: Remove the per request logging of everything in JSP Servlet, which caused i18n issues. (remm)
update Add a system property to disable injection for tags. (remm)

Native

fix Remove system.out. (jfclere)

JBoss Web 2.1.1.CR4 (remm)

General

update Update to NSIS 2.37. (remm)
update Update to JDT 3.3.3. (remm)

Catalina

update ClusterListener will automatically generate a JVMRoute in most cases. (remm)
update Register ClusterListener in JMX. (remm)
fix Improve fault recovery of ClusterListener. (remm)
update Add JMX callbacks to refresh configuration, enable and disable all contexts. (remm)
update Add all CONFIG parameters to the cluster listener as fields. (remm)
fix 43683: If the context is reloaded, the classloader will have changed so need to reset it. (markt)
fix 45101: Format dates for header value from DirContextURLConnection using HTTP format. Patch provided by Chris Hubick. (markt)
fix Avoid overriding existing system properties. (remm)
update Add security to ClusterListener using SSL and possible client certificate usage. (remm)
update Add HTTP/1.0 keep-alive to ClusterListener. (remm)
add Add a new valve that works-around the broken MS WedDAV client. (markt)
fix Fix XSS in the host manager. (markt)
add Add discovery of httpd servers to ClusterListener. (remm)
fix Possible NPE when logging on shutdown. (fhanik)
fix 45195: NPE when calling getAttribute(null). (markt)
fix 43683: There was a short period where the context didn't appear in the mapper that resulted in some more 404s. (markt)
fix Allow to start several JBossWEB on one machine with multiple IP. (jfclere)
fix JBAS-5645: Fix FORM issues with body. (jfclere)
fix Better information if native library fails to load. (jfclere)
fix JBAS-5636: In DELAY_CONNECTOR_STARTUP mode, also let the embedding server control stopping the connectors. (remm)
fix JBAS-5671: Check the right child is passed when removing it. (remm)
fix Extract the query string before normalization when getting a request dispatcher. (remm)
update Update the Comet API names to org.jboss.servlet.http. (remm)

Coyote

update 43094: Allow specification of keystore providers. Based on a patch by Bruno Harbulot. (markt)
fix After completing an asynchronous sendfile, the socket should be placed in the main poller rather than assigned to a worker (where it would block). (remm)
fix Close the connection if there's an attempt to pipeline requests when using Comet or an asynchronous sendfile is needed. (remm)
fix 42750: Make parsing of request line more tolerant of multiple SP and/or HT. (markt)
fix 45272: IE is not fully compliant, and the redone cookies could cause issues with quoted paths. (fhanik)
fix Do not use custom messages in headers by default. (markt)

Jasper

fix 44994: Correct BNF grammar so ${0 lt a ? 1 lt a ? "many": "one": "none"} works. (markt)
fix Add an additional layer of protection in case app fails to protect against an XSS. Copied filter code to jasper module so no new dependency is created. (markt)
fix 43285: Make forced coercion of null and "" to zero optional. Patch by Nils Eckert. (markt)
fix 45015: Raise an error if attributes are not correctly quoted, with an option to disable. (markt)

JBoss Web 2.1.1.CR3 (remm)

General

fix 44988: Use new Java 5 syntax for debugger options. Patch provided by Cedrik Lime. (markt)

Catalina

fix 42934: Trigger contextInitialized() before sessionDidActivate(). (markt)
add Initial ClusterListener implementation for mod_cluster support. (remm)

Coyote

fix 44968: Provide more information when keystore load fails. (markt)
fix JBCTS-794: Case insensitivity bug enumerating parameter names. (remm)

Jasper

fix 44986: Case insensitive comparison of charsets. (markt)
fix 42943: Make sure the nested element is inside a <jsp:text> element. (markt)

JBoss Web 2.1.1.CR2 (remm)

General

update Add Maven target to the dist script. (remm)
fix 43578: Tomcat doesn't start if installation path contains a space. Patch submitted by Ray Sauers. (markt)

Catalina

fix 43142: Directory xxx.war is not always a war. (markt)
fix JBCTS-778: Fix updating charsWritten. (remm)
fix 43343: Correctly handle the case where a request arrives for a session we are in the middle of persisting. (markt)
fix 43150: Improve URL conversion so that some more special chars can be used in the installation path. (markt)
fix 43117: Setting an empty workDir can delete all of CATALINA_HOME. Patch provided by Takayuki Kaneko. (markt)
fix 43079 and 43080: Move odd url-pattern warning to StandardContext so a) we catch all patterns and b) it isn't logged to the wrong webapp. Based on a patch by John Kew. (markt)
fix 44021: Add support to manger and deployer for wars and dirs that use # to denote multi-level contexts. (markt)

Coyote

fix JBCTS-779: Exception types for invalid charset (should return the java.io exception rather than the java.nio one). (remm)
fix 43191: No way to turn off compression for some mime-types. Based on a patch by Len Popp. (markt)
fix 43094: Support keystoreTypes that don't need a file. Based on a patch by Bruno Harbulot. (markt)

Jasper

fix JBCTS-776: NPE regression in EL type handling. (remm)

JBoss Web 2.1.1.CR1 (remm)

General

fix Update to more polished CSS, submitted by James Cobb. (remm)
fix Remove tomcat-native.tar.gz from the distribution (JBoss Native should be used instead). (remm)
fix 44562: HEAD requests cannot use includes. Patch provided by David Jencks. (markt)

Catalina

fix Add 3 system properties to StandardHost to allow hardcoding safe default values for the auto deployer when JBoss Web is embedded inside AS. (remm)
update Add Comet EOF event when the end of the stream is reached without an error. (remm)
fix Remove hackish code to get the System environment in the CGI Servlet. (markt)
fix 44529: No roles (deny all) trumps no auth-constraint (allow all). (markt)
fix 44673: Fix ServletInputStream still readable when closed. (markt)
fix 44611: Implement DirContextURLConnection.getHeaderFields(), fix case sensitivity problem and return null for header values which don't exist. (markt)
fix 44646: Fix tracking problems in the Comet utility valve (which provides notification for certain events such as session expiration and server shutdown). (markt)
fix Better handling of lack of permission for context specific logging, and add permission for reading the JDK logging.properties. (markt)
fix 44391: Correct handling of escaped values in SSI processing. (markt)
fix 44392: HTML entities now handled correctly in SSI processing. (markt)
fix Add system properties for JBoss default allowing not starting the context in init, and set the configClass field. (remm)
fix 43683: Need to identify new wrapper for queued request after reload. (remm)
fix 29936: In some circumstances, Tomcat would use the parser from a webapp to parse web.xml and possibly context.xml files. (markt)
fix 43470: Fix cut and paste errors in NamingResources, submitted by Lucas Galfaso. (markt)
fix 43425: Annotations not spec compliant. Submitted by Dain Sundstrom. (markt)
fix 43366: Provide backwards compatibility for sessions command. (markt)

Coyote

fix JBWEB-105: The code that processes parameters from chars[] is incorrect. (jfclere)
fix Better fix for cookie path quoting scenario. (markt)
fix Possible NPE on shutdown if Comet is used. (remm)
fix Improve accuracy of typical timeout values. (remm)
fix Comet state recycling. (remm)
update Add support for specifying defaults for properties (format is ${property:default}). (remm)
update 44494: Fix incorrect reads with multibyte charsets by moving the byte to char converter to the NIO character decoders. (remm)
update For consistency, refactor character output using the NIO character decoders. (remm)
update Move the parameters backend to the probably more efficient MultiMap from Hashtable, and remove the nesting capabilities inherited from Tomcat 3. (remm)
update Repackage MimeHeaders and Parameters using inner classes, and remove all obsolete collections. (remm)
fix maxSavePostSize set to 0 for HTTP connectors should disable buffering done before SSL handshake. (remm)
update Add reverse connection method (from the Java server to the proxy), which could suppsedly provide better security, and could also improve quality of service. (remm)

Jasper

fix 42693: Port Tomcat fix for bugzilla 42693. (jfclere).
fix 44428: NPE in function mapper. (markt)
fix Make number types handling more flexible in EL. (markt)
fix 43656: coerceToType() modified some values, and additional numeric type fixes. Patch provided by Nils Eckert. (markt)
fix 31257: Quote endorsed dirs if they contain a space. (markt)
fix 43617: Correctly handle quotes in attribute values for tag(x) files. (remm)
fix 44877: Prevent collisions in tag pool names. (markt)

JBoss Web 2.1.0 (remm)

General

update Swicth to JBoss logging from Apache Commons Logging. Standalone JBoss Web uses a special purpose version defaulting to use java.util.logging. (remm)
fix Fix licensing problems with two xsd files. (remm)
update Update to NSIS 2.35, and allow building it using Wine. (remm)
update Update to commons-pool version 1.4, native version 1.1.12 and update the download location for the commons libraries. (markt)

Catalina

fix 43588: hard coded 127.0.0.1 for localhost. It requires localhost to be defined correctly in the machine. (jfclere)
fix Prevent cookie logic to escape quotes where the value is already a quoted-string. (jfclere)
fix Fix version handling in cookies. (jfclere)
update Remove Tomcat standalone session clustering. (remm)
update Add a system property to delay startup of connectors for JBoss, which also could be useful in similar embedding scenarios. (remm)
update Add context listener configuration. (remm)
add Expanded and revised Tomcat 6.0 Comet API as org.jboss.web.comet API. (remm)
update Remove user database functionality, which didn't see any development besides the original memory based backend introduced in Tomcat 4.1. Also remove associated roles management features. (remm)
update Add rewrite valve and PHP servlet from JBoss Web 2.0. (remm)
fix Use the system property for the session cookie name. (jfclere)
fix Move waiting time for requests to complete to the connector pause. (remm)
fix Update session cookie handling (path always set to /) and id generation (check host's webapps for a matching id). (remm)
fix More extensible SSO. (remm)
fix Fix a bug that causes CGI Servlet to fail when it is included. (markt)
fix Fix invoking CometEvent.close during begin. (remm)
fix Improve error codes returned when no host or no context is matched. (remm)
fix 43706: WebDAV copy/move now returns 201 on success. Based on a patch by Panagiotis Astithas. (markt)
fix 43887: Make error messages much more helpful when illegal Servlet names are used. Based on a patch provided by Mike Baranczak. (markt)
update Improve the webDAV Servlet Javadocs to make clear that the WebDAV Servlet can not be used as the default servlet. (markt)
fix43687 Remove conditional headers on Form Auth replay, since the UA (esp. FireFox) isn't expecting it.
fix 43594: Use setenv from CATALINA_BASE (if set) in preference to the one in CATALINA_HOME. Patch provided by Shaddy Baddah. (markt)
fix 43957: Service.bat doesn't configure logging correctly. Patch provided by Richard Fearn. (markt)
fix Fix IOException handling when parsing post parameters. (remm)
fix Fix possible race condtion when a webapp classloader has external class repositories defined. (remm)
fix 43236: When resetting the response, also reset the flags associated with using a writer or an output stream to allow the user to change character set after the reset. (markt)
fix 43241: Make ServletContext.getResourceAsStream() conform to the specification. Patch provided by John Kew. (markt)
fix 44084: JASSRealm was broken for application provided Principals. Patch provided by Noah Levitt. (markt)
fix 43914: URLs in location headers should be encoded. Patch provided by Ivan Todoroski. (markt)
fix Add org.apache.catalina.loader.WebappClassLoader.SYSTEM_CL_DELEGATION boolean system property to avoid systematic system CL delegation if needed. (remm)
fix Set correct StandardManager.sessionCounter after reload/restart. (pero)
fix 44268: Log a warning when a duplicate listener is ignored. (markt)
fix Ignore not found readme and xslt in DefaultServlet. (remm)
fix Fix possible NPE processing session expires. (fhanik)
fix Avoid verbose exception with empty URLs. (markt)
fix ExtendedAccessLogValve cs-uri not print empty querystring (pero)
fix 44389: Memory leak caused by non static innerclass of ApplicationContext. (remm)

Coyote

update Remove HTTP NIO connector. (remm)
update Remove legacy org.apache.jk AJP connector and utility components, replaced by the org.apache.coyote.ajp connector. (remm)
fix Additional cookie fixes. (jfclere)
fix 43622: Don't overwrite the min compression size set by the compression attribute with the default. (markt)
fix No need to swallow input if there is an error. (remm)
fix 43868: MBean methods getInvoke() and getSetter() were broken. (markt)
fix 44223: Add support for remaining truststore system property. (markt)
fix Simplify response reset. (remm)
fix 44558: Include address in bind exception message. (markt)

Jasper

fix Remove log field for XML handlers. (remm)
fix 43702: Inner class files have unnecessarily long names. (markt)
fix 43757: Rather than use string matching to work out the line in the JSP with the error, use the SMAP info and the knowledge that for a scriptlet there is a one to one line mapping. (markt)
fix 43285: Missing EL Coercion causes argument type mismatch. Patch provided by Bernhard Huemer. (funkman/jim)
fix 43909: Make sure locale maps to wrapped ELContext. Patch provided by Tuomas Kiviaho. (markt)
fix 43944: Fix a missing resource exception. (markt)
fix 43758: Fix NPE with empty scripting elements. (markt)
fix 43743: Correctly handle nest tag files packaged in a jar. (markt)
fix Finish removing of some URL CL hardcoding. If parent CL is not a URL CL, the Ant classpath cannot be generated, and security setup might be incomplete. (remm)
fix 44408: Remove useless synchronization. (remm)
fix 43925: Optimize allocation style for bodies (this removes the no-GC mode, however), submitted by Brian Remmington. (remm)
fix 43741: Improve handling of tags inside JARs. (markt)

Webapps

fix 43611: Provide an error message if user tries to upload a war for a context defined in server.xml rather than failing silently. (markt)
fix 44088: Fix expire session button in manager. (markt)
fix 43468: Fix possible NPE when listing contexts in the Manager application. (markt)
fix 43515: Fix bug in Manager application that may have caused problems when listing contexts. Patch provided by Lucas Galfaso. (markt)
fix Fix ManagerServlet.exipreSession throws Exceptions as iterate longer session lists at production servers. (pero)

Tomcat 6.0.15 (remm)

General

fix Use Eclipse JDT 3.3.1. (pero)
update Try to guess java path in Unix scripts. (jfclere)

Catalina

fix 30949: Improve previous fix. Ensure requests are re-cycled on cross-context includes and forwards when an exception occurs in the target page. (markt)
fix 42944: Correctly handle servlet mappings that use a '+' character as part of the url pattern. (markt)
fix 42951: Don't use CATALINA_OPTS when stopping Tomcat. This allows options for starting and stopping to be set on JAVA_OPTS and options for starting only to be set on CATALINA_OPTS. Without this fix, some startup options (eg the port for remote JMX) would cause stop to fail. Based on a fix suggested by Michael Vorburger. Port of r454193 (36976) from Tomcat 5.5.x. (markt,rjung)
add Validation of attributes and elements used in server.xml. (remm)
fix 43175: Fix typos in servlet XSD files. Patch provided by Takayuki Kaneko. (markt)
fix 43216: Set correct StandardSession#accessCount as StandardSession.ACTIVITY_CHECK is true. Patch provided by Takayuki Kaneko (pero)
add Made session createTime accessible for all SessionManager via JMX (pero)
update 43129: Support logging of all response header values at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero)
add Support logging of all response header values at ExtendedAccessLogValve (ex. add x-O(Set-Cookie) to your pattern). (pero)
add Support logging of current thread name at AccessLogValve (ex. add %I to your pattern). Usefull to compare access logging entry later with a stacktraces. (pero)
fix Improve large-file support (more then 4 Gb) at all AccessLogValves, backport from 5.5.25. (pero)
update Optimized JDBCAccessLogValve combined pattern request attribute access. (pero)
fix o.a.juli.ClassLoaderLogManager handle more then one system property replacement at file logging.properties. (pero)
fix 43338: Support '*' servlet-name mapping at filter-mapping. Patch provided by Keiichi Fujino. (pero)
fix 41797: CNFE/NPE thrown from function mapper when externalizing Patch by Tuomas Kiviaho- tuomas.kiviahos at ikis fi (funkman)
fix Call stopAwait in StandardServer.stop if port == -1. (pero)
fix 43487: Fix request processing stats. (fhanik)
fix Fix CVE-2007-5461, an important information disclosure vulnerability in the WebDAV Servlet. Based on a patch by Marc Schoenefeld. (markt)
fix Call stopAwait in StandardServer.stop if port == -1. (pero)
fix 43668: Fix problem on a Forward when the outer most wrapper isn't a HttpServletRequest/ResponseWrapper. (billbarker)

Coyote

fix In the APR connector, start accepting connections after fully starting the connector, to prevent possible exceptions due to non initialized fields. (remm)
fix Fixes to B2C conversion. (billbarker)
update Cookie parser refactoring, submitted by John Kew. (remm)
fix Make cookie escaping / unescaping consistent. (markt)
fix 43479: Memory leak cleaning up sendfile connections, submitted by Chris Elving. (remm)
fix 42925: Add maintain for sendfile. (remm)
fix Properly close sockets for java.io AJP connector. (jfclere)

Jasper

fix 37326: No error reported when an included page does not exist. (markt)

Webapps

fix Fix WebDAV Servlet so it works correctly with MS clients. (markt)
fix Fix CVE-2007-5461, an important information disclosure vulnerability in the WebDAV Servlet. (markt)
fix 42979: Update sample.war to include recent security fixes in the source code. (markt)
fix Minor connector doc fix. (jfclere)

Tomcat 6.0.14 (remm)

General

docs Correct j.u.l log levels in JULI docs. (rjung)

Catalina

fix Handle special case of ROOT when re-loading webapp after ROOT.xml has been modified. In some circumstances the reloaded ROOT webapp had no associated resources. (markt)
fix Remove invalid attribute "encoding" of MBean MemoryUserDatabase, which lead to errors in the manager webapp JMXProxy output. (rjung)
fix 33774 Retry JNDI authentiction on ServiceUnavailableException as at least one provider throws this after an idle connection has been closed. (markt)
fix 39875: Fix BPE in RealmBase.init(). Port of yoavs's fix from Tomcat 5. (markt)
fix 41722: Make the role-link element optional (as required by the spec) when using a security-role-ref element. (markt)
fix 42361: Handle multi-part forms when saving requests during FORM authentication process. Patch provided by Peter Runge. (markt)
fix 42401: Update RUNNING.txt with better JRE/JDK information. (markt)
fix 42444: prevent NPE for AccessLogValve Patch provided by Nils Hammar (funkman)
fix 42449: JNDIRealm does not catch NullPointerException for Sun's LDAP provider (See bug for details) (funkman)
fix 42497: Ensure ETag header is present in a 304 response. Patch provided by Len Popp. (markt)
fix Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host Manager. Reported by Daiki Fukumori. (markt)
fix 42547: Fix NPE when a ResourceLink in context.xml tries to override an env-entry in web.xml. (markt)
fix Avoid some casting in ErrorReportValve (remm)
fix Fix persistence API annotation, submitted by Bill Burke (remm)
fix In Comet mode, if bytes are not read, send an error event (otherwise, fields referring to the connection could remain) (remm)
fix Fix Comet when running Tomcat with the security manager (remm)

Jasper

fix 39425 Add additional system property permission to catalina.policy for pre-compiled JSPs. (markt)
fix 42438 Duplicate temporary variables were created when jsp:attribute was used in conjunction with custom tags. Patch provided by Brian Lenz. (markt)
fix 42643 Prevent creation of duplicate JSP function mapper variables. (markt)

Coyote

fix Separate sequence increment from getter in ThreadPool to avoid misleading increments during monitoring via JMX. (rjung)
fix Add back missing socketBuffer attribute in the java.io HTTP connector (remm)

Webapps

fix Don't write error on System.out, use log() instead. (rjung)
fix 39813: Correct handling of new line characters in JMX attributes. Patch provided by R Bramley. Ported from tc5.5.x r415029. (markt,rjung)
fix 42459: Fix Tomcat Web Application Manager table error. (rjung)
fix Fix XSS security vulnerabilities (CVE-2007-2449) in the examples. Reported by Toshiharu Sugiyama. (markt)

Tomcat 6.0.13 (remm)

Catalina

fix More accurate available() method. (remm)
fix Add recycle check in the event object, since it is a facade like the others. (remm)
fix When processing a read event, enforce that the servlet consumes all available bytes. (remm)
update Add a flag in ContainerBase which could be used in embedded scenarios to avoid a double start of contexts (this problem generally occurs when adding contexts to a started host). (remm)
fix 42309: Ability to create a connector using a custom protocol specification for embedded. (fhanik)
fix Add SSL engine flag to AprLifecycleListener. (fhanik)
fix Improve event processing, so that an END event is generated when encountering EOF, and an ERROR is always generated on client disconnects. (remm)
fix Add declarations for the new XSD files. (remm)

Coyote

fix Add heartbeatBackgroundEnabled flag to SimpleTcpCluster. Enable this flag don't forget to disable the channel heartbeat thread (pero)
fix Possible memory leak when using comet, caused by adding the socket to the poller before cleaning up the connection tracking structure. (remm)
fix 42308: nextRequest recycles the request, which caused issues with statistics. (remm)
fix Fix non recycled comet flag in the APR connector. (remm)

Cluster

fix Add heartbeatBackgroundEnabled flag to SimpleTcpCluster. Enable this flag don't forget to disable the channel heartbeat thread (pero)
fix Method name cleanup. (fhanik)

Webapps

fix Some examples webapp fixes. Submitted by Frank McCown. (remm)

Tomcat 6.0.12 (remm)

General

fix License source headers. Submitted by Niall Pemberton. (remm)

Catalina

fix 42039 Log a stack trace if a servlet throws an UnavailableException. Patch provided by Kawasima Kazuh. (markt)
fix 41990 Add some additional mime-type mappings. (markt)
fix 41655 Fix message translations. Japanese translations provided by Suzuki Yuichiro. (markt)
add Add enabled attribute to AccessLogValve (pero)
fix 42085: Avoid adding handlers for the root logger twice when they are explicitly specified. (remm)
fix Reduce thread local manipulation in the request dispatcher. Submitted by Arvind Srinivasan. (remm)
fix Avoid keeping references to loggers tied to the webapp classloaders after a reload in a couple more places. (remm)
fix 42202: Fix container parsing of TLDs in webapps when Tomcat is installed in a URL encodable path. (remm)

Coyote

fix 42119 Fix return value for request.getCharacterEncoding() when Content-Type headers contain parameters other than charset. Patch by Leigh L Klotz Jr. (markt)
update Move away from using a thread local processor for the APR and java.io connectors, as this does not work well when using an executor. (remm)
fix Remove Comet timeout hack in the APR connector. Comet connections will now use the regular timeout or the keepalive timeout if specified. (remm)

Webapps

fix 42025: Update valve documentation to refer to correct regular expression implementation. (markt)
fix Fix various paths in the manager webapps (remm)
add Session viewer and editor for the HTML manager. Submitted by Cédrik Lime. (remm)
add Session handling tools for the manager. Submitted by Rainer Jung. (remm)

Jasper

fix 41869 TagData.getAttribute() should return TagData.REQUEST_TIME_VALUE when the attribute value is an EL expression. (markt)
fix 42071 Fix IllegalStateException on multiple requests to an unavailable JSP. Patch provided by Kawasima Kazuh. (markt)
fix After a JSP throws an UnavailableException allow it to be accessed once the unavailable period has expired. (markt)

Cluster

fix Add toString method to better logging session replication message at tribes MESSAGES (pero)

Tomcat 6.0.11 (remm)

General

update Update DBCP to 1.2.2, pool to 1.3, JDT to 3.2.2 and remove collections build dependency (pero, remm)

Catalina

fix Don't log pattern subtoken at ExtendedAccesLogValve (pero)
fix Add some missing JMX attributes for new AccessLogValve (pero)
fix 41786 Incorrect reference to catalina_home in catalina.sh/bat Patch provided by Mike Hanafey (fhanik)
fix 41703 SingleSignOnMessage invalid setter, patch provided by Nils Hammar (fhanik)
fix 41682 ClassCastException when logging is turned on (fhanik)
fix 41530 Don't log error messages when connector is stopped (fhanik)
fix 41166 Invalid handling when using replicated context (fhanik)
add Added SENDFILE support for the NIO connector. (fhanik)
add Added support for shared thread pools by adding in the <Executor> element as a nested element to the <Service> element. (fhanik)
fix 41666 Correct handling of boundary conditions for If-Unmodified-Since and If-Modified-Since headers. Patch provided by Suzuki Yuichiro. (markt)
fix 41739 Correct handling of servlets with a load-on-startup value of zero. These are now the first servlets to be started. (markt)
fix 41747 Correct example ant script for deploy task. (markt)
fix 41752 Correct error message on exception in MemoryRealm. (markt)
update 39883 Add documentation warning about using antiResourceLocking on a webapp outside the Host's appBase. (yoavs)
fix 40150 Ensure user and roll classnames are validated on startup. Patch by Tom. (yoavs)
update Refactor extend access log valve using the optimized access log valve. Submitted by Takayuki Kaneko. (remm)
fix Possible deadlock in classloading when defining packages. (remm)
fix Remove excessive syncing from listener support. (remm)
add Web services support. The actual factory implementations are implemented in the extras. Submitted by Fabien Carrion. (remm)
update Add logging to display APR capabilities on the platform. (remm)
fix Expose executors in JMX. (remm)
fix CRLF inside a URL pattern is always invalid. (remm)
fix Tweak startup time display. (remm)
fix Adjustments to handling exceptions with Comet. (remm)
fix If the event is closed asynchronously, generate an end event for cleanup on the next event. (remm)
fix Cleanup hello webapp from the docs and fix a XSS issue in the JSP. (remm)
fix Examples webapp cleanup. Submitted by Takayuki Kaneko and Markus Schönhaber. (remm)
fix 41289: Create configBase, since it is no longer created elsewhere. Submitted by Shiva Kumar H R. (remm)

Coyote

update Fixed NIO memory leak caused by the NioChannel cache not working properly.
update Added flag to enable/disable the usage of the pollers selector instead of a Selector pool when the serviet is reading/writing from the input/output streams The flag is -Dorg.apache.tomcat.util.net.NioSelectorShared=true
fix Requests with multiple content-length headers are now rejected. (markt)
add 41675 Add a couple of DEBUG-level logging statements to Http11Processors when sending error responses. Patch by Ralf Hauser. (yoavs)
fix Reuse digester used by the modeler. (remm)
update When the platform does not support deferred accept, put accepted sockets in the poller. (remm)
fix Fix problem with blocking reads for keepalive when using an executor (the number of busy threads is always 0). (remm)
update The poller now has good performance, so remove firstReadTimeout. (remm)
fix 42119 Fix return value for request.getCharacterEncoding() when Content-Type headers contain parameters other than charset. Patch by Leigh L Klotz Jr. (markt)

Webapps

fix Fix previous update to servlet 2.5 xsd to use correct declaration. (markt)
update Update host configuration document for new behaviour for directories in appBase. (markt)
update 39540 Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)

Jasper

fix 41227 Add a bit of DEBUG-level logging to JspC so users know which file is being compiled. (yoavs)
update Remove some dead utility code, and refactor stream capture as part of the Ant compiler. (remm)
fix Support the trim directive of JSP 2.1 as an equivalent of Jasper's own parameter. (remm)
fix 41790: Close file stream used to read the Java source. (remm)
fix Fix reporting of errors which do not correspond to a portion of the JSP source. (remm)
fix Remove try/catch usage for annotation processing in classic tags. The usage of the log method might have been questionable as well. (remm)
fix Cleanup of the message that is displayed for compilation errors. (remm)
fix Skip BOM when reading a JSP file. (remm)

Tomcat 6.0.10 (remm)

Catalina

update Unify usage of security manager flag, submitted by Arvind Srinivasan. (remm)
fix Fix formatting of CGI variable SCRIPT_NAME. (markt)
fix 41521: Support * for servlet-name, submitted by Paul McMahan. (remm)
update Cache getServletContext value, submitted by Arvind Srinivasan. (remm)
fix Add options for handling special URL characters in paths, and disallow '\' and encoded '/' due to possible differences in behavior between Tomcat and a front end webserver. (remm)
fix Fix bad comparison for FORM processing, submitted by Anil Saldhana. (remm)
fix 41608 Make log levels consistent when Servlet.service() throws an exception. (markt)

Coyote

fix Reduce usage of MessageBytes.getLength(), submitted by Arvind Srinivasan. (remm)

Jasper

fix 41558: Don't call synced method on every request, submitted by Arvind Srinivasan. (remm)
fix Switch to a thread local page context pool. (remm)

Tomcat 6.0.9 (remm)

General

fix Use 2.5 xsd in Tomcat webapps. (markt)
fix Compression filter improvements, submitted by Eric Hedström. (markt)

Catalina

fix Properly return connector names. (remm)
fix Remove logging of the XML validation flag. (remm)
fix Correct error messages for context.xml. (markt)
fix 41217: Set secure flag correctly on SSO cookie, submitted by Chris Halstead. (markt)
fix 40524: request.getAuthType() now returns CLIENT_CERT rather than CLIENT-CERT. (markt)
fix 40526: Return support for JPDA_OPTS to catalina.bat and add a new option JPDA_SUSPEND, submitted by by Kurt Roy. (markt)
fix 41265: In embedded, remove the code that resets checkInterval values of zero to 300. (markt)

Coyote

fix 37869: Fix getting client certificate, submitted by Christophe Pierret. (remm)
fix 40960: Throw a timeout exception when getting a timeout rather than a generic IOE, submitted by Christophe Pierret. (remm)

Jasper

fix EL validation fixes for attributes. (remm)
fix 41327: Show full URI for a 404. (markt)
fix JspException now uses getCause() as the result for getRootCause(). (markt)

Cluster

fix 41466: When using the NioChannel and SecureNioChannel its important to use the channels buffers. (fhanik)

Tomcat 6.0.8 (remm)

Catalina

fix Make provided instances of RequestDispatcher thread safe. (markt)
add Optional development oriented loader implementation. (funkman)
add Optimized access log valve, submitted by Takayuki Kaneko. (remm)
fix Fix error messages when parsing context.xml that incorrectly referred to web.xml. (markt)
fix 41217: Set secure attribute on SSO cookie when cookie is created during a secure request. Patch provided by Chris Halstead. (markt)
fix 40524: HttpServletRequest.getAuthType() now returns CLIENT_CERT rather than CLIENT-CERT for certificate authentication as per the spec. Note that web.xml continues to use CLIENT-CERT to specify the certificate authentication should be used. (markt)
fix 41401: Add support for JPDA_OPTS to catalina.bat and add a JPDA_SUSPEND environment variable to both startup scripts. Patch provided by Kurt Roy. (markt)

Coyote

fix Use the tomcat-native-1.1.10 as recommended version. OpenSSL detection on some platforms was broken 1.1.8 will continue to work, although on some platforms there can be JVM crash if IPV6 is enabled and platform doesn't support IPV4 mapped addresses on IPV6 sockets.

Jasper

fix When displaying JSP source after an exception, handle included files. (markt)
fix Display the JSP source when a compilation error occurs and display the correct line number rather than start of a scriptlet block. (markt)
fix Fix NPE when processing dynamic attributes. (remm)
fix More accurate EL usage validation. (remm)
fix Fix regression for implicit taglib and page data version numbers. (remm)
fix 41265: Allow JspServlet checkInterval init parameter to be explicitly set to the stated default value of zero by removing the code that resets it to 300 if explicitly specified as zero. (markt)
fix 41327: Show full URI for a 404. Patch provided by Vijay. (markt)

Webapps

docs Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)
update Update all webapps to use the servlet 2.5 xsd. (markt)
fix 39572: Improvements to CompressionFilter example provided by Eric Hedström. (markt)

Tomcat 6.0.7 (remm)

General

fix Fix installer's bitmap (mturk)

Catalina

fix Refactor logging of errors which may occur when reading a post body (remm)

Coyote

fix 37869: Also use the SSL_INFO_CLIENT_CERT field if the chain is empty, submitted by Grzegorz Grzybek (remm)

Tomcat 6.0.6 (remm)

General

fix Fix tagging which did not include 6.0.5's changelog (remm)

Tomcat 6.0.5 (remm)

Catalina

fix 40585: Fix parameterised constructor for o.a.juli.FileHandler so parameters have an effect. (markt)
fix Escape invalid characters from request.getLocale. (markt, remm)
update Update required version for native to 1.1.8. (remm)
fix Do not log broken pipe errors which can occur when flushing the content of an error page. (remm)

Coyote

fix Fix firstReadTimeout behavior for the AJP connector. (remm)

Jasper

fix 41057: Make jsp:plugin output XHTML compliant. (markt)

Cluster

update Cluster interface cleanup. (fhanik)
update Refactoring to allow usage of executors. (fhanik)

Tomcat 6.0.4 (remm)

General

update Update to NSIS 2.22 (remm)
fix Fix regression in 6.0.3 with Windows wrapper (mturk)

Tomcat 6.0.3 (remm)

General

Catalina

fix 37509: Do not remove whitespace from the end of values defined in logging.properties files. (markt)
fix 38198: Add reference to Context documentation from Host documentation that explains how Context name is obtained from the Context filename. (markt)
fix 40844 Missing syncs in JDBCRealm. (markt)
fix 40901: Encode directory listing output. Based on a patch provided by Chris Halstead. (markt)
fix 40929: Correct JavaDoc for StandardClassLoader. (markt)
fix 41008: Allow POST to be used for indexed queries with CGI Servlet. Patch provided by Chris Halstead. (markt)
fix Fix usage of print on the servlet output stream if the processor never used a writer (fhanik)
fix Fix logic of sameSameObjects used to determine correct wrapping of request and response objects (fhanik)
fix Update TLD scan lists, and disable caching for now (remm)
update Add system property to WebappClassLoader to allow disabling setting references to null when stopping it (remm)
add Add clustered SSO code, submitted by Fabien Carrion (remm)

Coyote

fix 40860: Log exceptions and other problems during parameter processing. (markt)
update Enable JMX for trust store attributes for SSL connector. (markt)
update Port memory usage reduction changes to the java.io HTTP connector. (remm)
fix MessageBytes.setString(null) will remove the String value. (remm)
fix 41057: Caching large strings is not useful and takes too much memory, so don't cache these (remm)
update Add keepAliveTimeout attribute to most connectors (mturk, remm)

Jasper

fix Relax EL type validation for litterals. (remm)
fix Update some version numbers to 2.1. (funkman, remm)
fix Add xsds for JSP 2.1 (remm)
fix 41106: Update validation checks for EL to also include legacy 1.2 tags (remm)

Webapps

fix 40677: Update SSL documentation to indicate that PKCS11 keystores may be used. (markt)

Tomcat 6.0.2 (remm)

General

fix Various tweaks to distribution (remm, funkman)
update Update Tomcat native to 1.1.7 (mturk)
update Update to JDT 3.2.1 (remm)

Catalina

fix Fix EJB annotation interface (remm)

Coyote

fix Fix passing of the keystore password for the NIO connector (fhanik)

Tomcat 6.0.1 (remm)

General

fix 37439, 40823: Documentation cleanup (markt)

Catalina

update Refactor exception processing using Throwable.getCause to improve exception chaining (remm)
add Remove dead code involving the Logger (funkman)
fix 37458: Fix some exceptions which could happen during classloading (markt)
fix 40817: Fix CGI path (markt)
fix 34956: Add the possibility to enforce usage of request and response wrapper objects (markt)

Jasper

update Many fixes for JSP 2.1 compliance, invloving tag files handling, deferred expressions validation, bom encoding support (remm)

Coyote

update Many HTTP NIO connector fixes and refactorings (fhanik)
update HTTP NIO connector performance improvements (fhanik)
update Add packetSize option for the classic AJP connector (jfclere)
update Implement explicit flushing in AJP (mturk)

Tomcat 6.0.0 (remm)

Catalina

add SSLEngine attribute added to the AprLifecycleListener(fhanik)
add Add API for Comet IO handling (remm, fhanik)
add Servlet 2.5 support (remm)

Jasper

add JSP 2.1 support (jhook, remm)
add Unifed EL 2.1 support (jhook)

Coyote

add SSLEnabled attribute required for SSL to be turned on, on all HTTP connectors (fhanik)
update Memory usage reduction for the HTTP connectors, except java.io (remm)
update Modeler update to use dynamic mbeans rather than model mbeans, which consume more resources (costin)

Cluster

add New cluster configuration and new documentation (fhanik)

Webapps