Catalina

61692: Add the ability to control which HTTP methods are handled by the CGI Servlet via a new initialization parameter cgiMethods. (markt) Ensure that the HTTP Vary header is set correctly when using the CORS filter and improve the cacheability of requests that pass through the COPRS filter. (markt) 62527: Revert restriction of JNDI to the java: namespace. (remm) Introduce a new class - MultiThrowable - to report exceptions when multiple actions are taken where each action may throw an exception but all actions are taken before any errors are reported. Use this new class when reporting multiple container (e.g. web application) failures during start. (markt) Correctly decode URL paths (+ should not be decoded to a space in the path) in the RequestDispatcher and the web application class loader. (markt) 62559: Add jaxb-*.jar to the list of JARs ignored by StandardJarScanner. (markt) 62560: Add oraclepki.jar to the list of JARs ignored by StandardJarScanner. (markt) 62607: Return a non-zero exit code from catalina.[bat|sh] run if Tomcat fails to start. (markt) Remove ServletException from declaration of Tomcat.addWebapp(String,String) since it is never thrown. Patch provided by Tzafrir. (markt) Use short circuit logic to prevent potential NPE in CorsFilter. (fschumacher) Simplify construction of appName from container name in JAASRealm. (fschumacher) Improve the handling of path parameters when working with RequestDispatcher objects. (markt) 62664: Process requests with content type multipart/form-data to servlets with a @MultipartConfig annotation regardless of HTTP method. (markt) 62669: When using the SSIFilter and a resource does not specify a content type, do not force the content type to application/x-octet-stream. (markt) When generating a redirect to a directory in the Default Servlet, avoid generating a protocol relative redirect. (markt)

Coyote

Refactor code that adds an additional header name to the Vary HTTP response header to use a common utility method that addresses several additional edge cases. (markt) 62526: Correctly handle PKCS12 format key stores when the key store password is configured to be the empty string. Note that Java 6 does not support PKCS12 key stores configured to use a store password of the empty string. (markt) 62670: Adjust the memory leak protection for the DriverManager so that JDBC drivers located in $CATALINA_HOME/lib and $CATALINA_BASE/lib are loaded via the service loader mechanism when the protection is enabled. (markt) 62685: Correct an error in host name validation parsing that did not allow a fully qualified domain name to terminate with a period. Patch provided by AG. (markt)

Jasper

53011: When pre-compiling with JspC, report all compilation errors rather than stopping after the first error. A new option -failFast can be used to restore the previous behaviour of stopping after the first error. Based on a patch provided by Marc Pompl. (markt) 53492: Make the Java file generation process multi-threaded. By default, one thread will be used per core. Based on a patch by Dan Fabulich. (markt) 62603: Fix a potential race condition when development mode is disabled and background compilation checks are enabled. It was possible that some updates would not take effect and/or ClassNotFoundExceptions would occur. (markt) Correct the JSP version in the X-PoweredBy HTTP header generated when the xpoweredBy option is enabled. (markt) 62662: Fix the corruption of web.xml output during JSP compilation caused by the fix for 53492. Patch provided by Bernhard Frauendienst. (markt) Correct parsing of XML whitespace in TLD function signatures that incorrectly only looked for the space character. (markt)

WebSocket

62596: Remove the limit on the size of the initial HTTP upgrade request used to establish the web socket connection. (markt)

Web applications

62558: Add Russian translations for the Manager and Host Manager web applications. Based on a patch by Ivan Krasnov. (markt) 62561: Add advanced class loader configuration information regarding the use of the Server and Shared class loaders to the documentation web application. (markt) Expand the information in the documentation web application regarding the use of CATALINA_HOME and CATALINA_BASE. Patch provided by Marek Czernek. (markt) 62652: Make it clearer that the version of DBCP that is packaged in Tomcat 7.0.x is DBCP 1. (markt) 62666: Expand internationalisation support in the Manager application to include the server status page and provide Russian translations in addition to English. Patch provided by Artem Chebykin. (markt) 62676: Expand the CORS filter documentation to make it clear that explicit configuration is required to enable support for cross-origin requests. (markt)

Tribes

Ensures that the specified rxBufSize is correctly set to receiver buffer size. (kfujino)

Other

Fixed spelling. Patch provided by Jimmy Casey via GitHub. (violetagg) Correct various spelling errors throughout the source code and documentation. Patch provided by Kazuhiro Sera. (markt)

Catalina

62498: Correct a regression in the fix for CVE-2017-12617 that caused request failures for some requests when using the VirtualDirContext. (markt) Delete reference to removed class that prevented Tomcat from starting when running under a security manager. (markt)

Catalina

JNDI resources that are defined with injection targets but no value are now treated as if the resource is not defined. (markt) Ensure that JNDI names used for <lookup-name> entries in web.xml and for lookup elements of @Resource annotations specify a name with an explicit java: namespace. (markt) 51953: Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges are defined using CIDR notation. Based on a patch by Francis Galiegue. (markt) 62343: Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. (markt) Make all loggers associated with Tomcat provided Filters non-static to ensure that log messages are not lost when a web application is reloaded. (markt) Correct the manifest for the annotations-api.jar. The JAR implements the Common Annotations API 1.1 and the manifest should reflect that. (markt) Switch to non-static loggers where there is a possibility of a logger becoming associated with a web application class loader causing log messages to be lost if the web application is stopped. (markt) 62389: Add the IPv6 loopback address to the default internalProxies regular expression. Patch by Craig Andrews. (markt) In the RemoteIpValve and RemoteIpFilter, correctly handle the case when the request passes through one or more trustedProxies but no internalProxies. Based on a patch by zhanhb. (markt) Correct the logic in MBeanFactory.removeConnector() to ensure that the correct Connector is removed when there are multiple Connectors using different addresses but the same port. (markt) Make JAASRealm mis-configuration more obvious by requiring the authenticated Subject to include at least one Principal of a type specified by userClassNames. (markt) 62476: Use GMT timezone for the value of Expires header as required by HTTP specification (RFC 7231, 7234). (kkolinko)

Coyote

Log an error message if the AJP connector detects the the reverse proxy is sending AJP messages that are too large for the configured packetSize. (markt) 62371: Improve logging of Host validation failures. (markt) Correctly handle a digest authorization header when the user name contains an escaped character. (markt) Correctly handle a digest authorization header when one of the hex field values ends the header with in an invalid character. (markt)

Jasper

Update web.xml, web-fragment.xml and web.xml extracts generated by JspC to use the Servlet 3.0 version of the relevant schemas. (markt) Improve IPv6 validation by ensuring that IPv4-Mapped IPv6 addresses do not contain leading zeros in the IPv4 part. Based on a patch by Katya Stoycheva. (markt) 62080: Ensure that all reads of the current thread's context class loader made by the UEL API and implementation are performed via a PrivilegedAction to ensure that a SecurityException is not triggered when running under a SecurityManager. (mark)

WebSocket

When decoding of path parameter failed, make sure to throw DecodeException instead of throwing ArrayIndexOutOfBoundsException. (kfujino) Enable host name verification when using TLS with the WebSocket client. (markt)

Web applications

62395: Clarify the meaning of the connector attribute minSpareThreads in the documentation web application. (markt)

jdbc-pool

When logValidationErrors is set to true, the connection validation error is logged as SEVERE instead of WARNING. (kfujino)

Other

62391: Remove references to javaw.exe as this file is not required by Tomcat and the references prevent the use of the Server JRE. (markt) Update the packaged version of the Tomcat Native Library to 1.2.17 to pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL 1.0.2o. (markt) Implement checksum checks when downloading dependencies that are used to build Tomcat. (kkolinko)

Catalina

Treat the <mapped-name> element of a <env-entry> in web.xml in the same way as the mappedName element of the equivalent @Resource annotation. Both now attempt to set the mappedName property of the resource. (markt) Correct the processing of resources with <injection-target>s defined in web.xml. First look for a match using JavaBean property names and then, only if a match is not found, look for a match using fields. (markt) When restoring a saved request with a request body after FORM authentication, ensure that calls to the HttpServletRequest methods getRequestURI(), getQueryString() and getProtocol() are not corrupted by the processing of the saved request body. (markt) Fix startup failure when running under SecurityManager, a regression from the fix for bug 62273. (kkolinko) 62353: Correct a regression introduced in Tomcat 7.0.86. Restore the ability for Tomcat 7 to run on Java 6 where Common Annotations 1.0 is available. Document the requirement to use the Java endorsed mechanism to use Common Annotations 1.1. (markt) Refactor the org.apache.naming package to reduce duplicate code. Duplicate code identified by the Simian tool. (markt) 50019: Add support for <lookup-name>. Based on a patch by Gurkan Erdogdu. (markt) 60490: Various formatting and layout improvements for the ErrorReportValve. Patch provided by Michael Osipov. (markt) Relax Host validation by removing the requirement that the final component of a FQDN must be alphabetic. (markt)

Jasper

50234: Add the capability to generate a web-fragment.xml file to JspC. (markt) 62350: Refactor org.apache.jasper.runtime.BodyContentImpl so a SecurityException is not thrown when running under a SecurityManger and additional permissions are not required in the catalina.policy file. This is a follow-up to the fix for 43925. (kkolinko/markt)

Cluster

Remove duplicate calls when creating a replicated session to reduce the time taken to create the session and thereby reduce the chances of a subsequent session update message being ignored because the session does not yet exist. (markt)

Tribes

Ensure that the correct default value is returned when retrieve unset properties in McastService. (kfujino)

Other

Add a .gitattributes file to make sure that Git handles test data files for bug 52121 as binary. (kkolinko)

Catalina

62316: Correct a regression in some refactoring that broke the default factory for JDBC datasources. (markt) Fix a rare edge case that is unlikely to occur in real usage. This edge case meant that writing long streams of UTF-8 characters to the HTTP response that consisted almost entirely of surrogate pairs could result in one surrogate pair being dropped. (markt) Register MBean when DataSource Resource type="javax.sql.XADataSource". Patch provided by Masafumi Miura. (csutherl) Update the internal fork of Apache Commons BCEL to r1829827 to add early access Java 11 support to the annotation scanning code. (markt) 62297: Enable the CrawlerSessionManagerValve to correctly handle bots that crawl multiple hosts and/or web applications when the Valve is configured on a Host or an Engine. (fschumacher) Collapse multiple leading / characters to a single / in the return value of HttpServletRequest#getContextPath() to avoid issues if the value is used with HttpServletResponse#sendRedirect(). This behaviour is enabled by default and configurable via the new Context attribute allowMultipleLeadingForwardSlashInPath. (markt) Improve handing of overflow in the UTF-8 decoder with supplementary characters. (markt)

Coyote

Enable strict validation of the provided host name and port for all connectors. Requests with invalid host names and/or ports will be rejected with a 400 response. (markt) Implement the requirements of RFC 7230 (and RFC 2616) that HTTP/1.1 requests must include a Host header and any request that does not must be rejected with a 400 response. (markt) Implement the requirements of RFC 7230 that any HTTP/1.1 request that specifies a host in the request line, must specify the same host in the Host header and that any such request that does not, must be rejected with a 400 response. This check is optional and disabled by default. It may be enabled with the allowHostHeaderMismatch attribute of the Connector. (markt) Implement the requirements of RFC 7230 that any HTTP/1.1 request that contains multiple Host headers is rejected with a 400 response. (markt) 62273: Implement configuration options to work-around specification non-compliant user agents (including all the major browsers) that do not correctly %nn encode URI paths and query strings as required by RFC 7230 and RFC 3986. (markt)

Jasper

Enable ECJ version 4.7 and later to be used as a drop in replacement for the ECJ version that ships with Apache Tomcat. (markt) Enable Java 10 to be specified as a JSP source and/or target if a newer ECJ version is used. (markt) 62287: Do not rely on hash codes to test instances of ValueExpressionImpl for equality. Patch provided by Mark Struberg. (markt)

WebSocket

62301: Correct a regression in the fix for 61491 that didn't correctly handle a final empty message part in all circumstances when using PerMessageDeflate. (markt)

Other

Avoid warning when running under Cygwin when the JAVA_ENDORSED_DIRS environment variable is not set. Patch provided by Zemian Deng. (markt)

Catalina

51195: Avoid a false positive report of a web application memory leak by clearing ObjectStreamClass$Caches of classes loaded by the web application when the web application is stopped. (markt) 52688: Add support for the maxDays attribute to the AccessLogValve and ExtendedAccessLogValve. This allows the maximum number of days for which rotated access logs should be retained before deletion to be defined. (markt) Prevent Tomcat from applying gzip compression to content that is already compressed with brotli compression. Based on a patch provided by burka. (markt) 62090: Null container names are not allowed. (remm) 62104: Fix programmatic login regression as the NonLoginAuthenticator has to be set for it to work (if no login method is specified). (remm) 62117: Improve error message in catalina.sh when calling kill -0 <pid> fails. Based on a suggestion from Mark Morschhaeuser. (markt) 62118: Correctly create a JNDI ServiceRef using the specified interface rather than the concrete type. Based on a suggestion by Ángel Álvarez Páscua. (markt) Fix for RequestDumperFilter log attribute. Patch provided by Kirill Romanov via Github. (violetagg) 62123: Avoid ConcurrentModificationException when attempting to clean up application triggered RMI memory leaks on web application stop. (markt) 62168: When using the PersistentManager honor a value of -1 for minIdleSwap and do not swap out sessions to keep the number of active sessions under maxActive. Patch provided by Holger Sunke. (markt) 62172: Improve Javadoc for org.apache.catalina.startup.Constants and ensure that the constants are correctly used. (markt) 62175: Avoid infinite recursion, when trying to validate a session while loading it with PersistentManager. (fschumacher) Ensure that NamingContextListener instances are only notified once of property changes on the associated naming resources. (markt) 62224: Disable the forkJoinCommonPoolProtection of the JreMemoryLeakPreventionListener when running on Java 9 and above since the underlying JRE bug has been fixed. (markt) 62263: Avoid a NullPointerException when the RemoteIpValve processes a request for which no Context can be found. (markt)

Coyote

Correct off-by-one error in thread pool that allowed thread pools to increase in size to one more than the configured limit. Patch provided by usc. (markt)

Web applications

Work-around a known, non-specification compliant behaviour in some versions of IE that can allow XSS when the Manager application generates a plain text response. Based on a suggestion from Muthukumar Marikani. (markt) Add document for FragmentationInterceptor. (kfujino) Document how the roles for an authenticated user are determined when the CombinedRealm is used. (markt)

jdbc-pool

Ensure that SQLWarning has been cleared when connection returns to the pool. (kfujino) Ensure that parameters have been cleared when PreparedStatement and/or CallableStatement are cached. (kfujino) Enable PoolCleaner to be started even if validationQuery is not set. (kfujino)

Other

Update the build script so MD5 hashes are no longer generated for releases as per the change in the ASF distribution policy. (markt) 62164: Switch the build script to use TLS for downloads from SourceForge and Maven Central to avoid failures due to HTTP to HTTPS redirects. (markt)

Catalina

Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt) Avoid duplicate load attempts if one has been made already. (remm) Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm) 58143: Fix calling classloading transformers broken in 7.0.70 by the fix for 59619. This was observed when using Spring weaving. (rjung) 62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt) 62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt) 62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt) When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt) Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt) Minor optimization when calling class transformers. (rjung)

Web applications

48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)

Other

Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)

Catalina

47214: Use a loop to preload anonymous inner classes when running under a SecurityManager, to be safe for future changes in the code or using a different compiler. (kkolinko) 57619: Implement a small optimisation to how JAR URLs are processed to reduce the storage of duplicate String objects in memory. Patch provided by Dmitri Blinov. (markt) 61810: Support configure the interval to keep all jars open if no jar is accessed, a non-positive interval indicates keeping jars always open. (huxing) 61886: Pre-load additional classes to prevent SecurityExceptions if the first request received when running under a SecurityManager is an asynchronous Servlet. (markt) 61916: Extend the AddDefaultCharsetFilter to add a character set when the content type is set via setHeader() or addHeader() as well as when it is set via setContentType(). (markt) 61999: maxSavePostSize set to 0 should disable saving POST data during authentication. (remm)

Coyote

61886: Log errors on non-container threads at DEBUG rather than INFO. The exception will be made available to the application via the asynchronous error handling mechanism. (markt) 61993: Improve handling for ByteChunk and CharChunk instances that grow close to the maximum size allowed by the JRE. (markt)

Jasper

43925: Add a new system property (org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE) to control the size of the buffer used by Jasper when buffering tag bodies. (markt)

Web applications

61223: Add the mbeans-descriptors.dtd file to the custom MBean documentation so users have a reference to use when constructing mbeans-descriptors.xml files for custom components. (markt) Partial fix for 61886. Ensure that multiple threads do not attempt to complete the AsyncContext if an I/O error occurs in the stock ticker example Servlet. (markt) 61886: Prevent ConcurrentModificationException when running the asynchronous stock ticker in the examples web application. (markt) 61886: Prevent NullPointerException and other errors if the stock ticker example is running when the examples web application is stopped. (markt) 61910: Clarify the meaning of the allowLinking option in the documentation web application. (markt) Add OCSP configuration information to the SSL How-To. Patch provided by Marek Czernek. (markt) 62006: Document the new JvmOptions9 command line parameter for tomcat7.exe. (markt)

jdbc-pool

61312: Prevent NullPointerExceptionn when using the statement cache of connection that has been closed. (kfujino)

Other

Update the internal fork of Commons FileUpload to 6c00d57 (2017-11-23) to pick up some code clean-up. (markt) Update the internal fork of Commons Codec to r1817136 to pick up some code clean-up. (markt) The native source bundles (for Commons Daemon and Tomcat Native) are no longer copied to the bin directory for the deploy target. They are now only copied to the bin directory for the release target. (markt)

Catalina

When running under Java 9 or later, and the urlCacheProtection option of the JreMemoryLeakPreventionListener is enabled, use the API added in Java 9 to only disable the caching for JAR URL connections. (markt) 61581: Fix possible SecurityException when using the APR/native connector with a SecurityManager. (markt) 61597: Extend the StandardJarScanner to scan JARs on the module path when running on Java 9 and class path scanning is enabled. (markt) Fix the JMX descriptor for Wrapper.findInitParameter(). (rjung) 61601: Add support for multi-release JARs in JAR scanning and web application class loading. (markt) Revert the change from 7.0.80 that called ServletResponse.setLocale() if the Content-Language HTTP header was set directly. (markt) Provide the SessionInitializerFilter that can be used to ensure that an HTTP session exists when initiating a WebSocket connection. Patch provided by isapir. (markt) Avoid a possible NullPointerException when timing out AsyncContext instances during shut down. (markt)

Coyote

57870: When running on Java 7 or later, take advantage of the new syncFlush parameter when constructing a GZIPOutputStream rather than using the custom FlushableGZIPOutputStream implementation as a work-around. (markt) 61736: Improve performance of NIO connector when clients leave large time gaps between network packets. Patch provided by Zilong Song. (markt)

Jasper

Enable Jasper to compile JSPs for Java 9. In addition to configuring the JSP servlet with for Java 9 via the compilerSourceVM and compilerTargetVM, it is necessary to replace ecj-4.4.2.jar with a more recent version that supports Java 9. (markt) 61816: Invalid expressions in attribute values or template text should trigger a translation (compile time) error, not a run time error. (markt)

WebSocket

61604: Add support for authentication in the websocket client. Patch submitted by J Fernandez. (remm)

Web applications

61603: Add XML filtering for the status servlet output where needed. (remm) Correct the description of how the CGI servlet maps a request to a script in the CGI How-To. (markt)

Tribes

Fix incorrect behavior that attempts to resend channel messages more than the actual setting value of maxRetryAttempts. (kfujino) Ensure that the remaining Sender can send channel messages by avoiding unintended ChannelException caused by comparing the number of failed members and the number of remaining Senders. (kfujino) Ensure that remaining SelectionKeys that were not handled by throwing a ChannelException during SelectionKey processing are handled. (kfujino)

Other

Improve the fix for 61439 and exclude the JPA, JAX-WS and EJB annotations completely from the Tomcat distributions. (markt) Improve handling of endorsed directories. The endorsed directory mechanism will only be used if the JAVA_ENDORSED_DIRS system property is explicitly set or if $CATALINA_HOME/endorsed exists. When running on Java 9, any such attempted use of the endorsed directory mechanism will trigger an error and Tomcat will fail to start. (rjung) Refactoring in preparation for Java 9. Refactor to avoid using some methods that will be deprecated in Java 9 onwards. (markt) 51496: When using the Windows installer, check if the requested service name already exists and, if it does, prompt the user to select an alternative service name. Patch provided by Ralph Plawetzki. (markt) Add necessary Java 9 configuration options to the startup scripts to prevent warnings being generated on web application stop. (markt) 61590: Enable service.bat to recognise when JAVA_HOME is configured for a Java 9 JDK. (markt) 61598: Update the Windows installer to search the new (as of Java 9) registry locations when looking for a JRE. (markt) Add generation of a SHA-512 hash for release artifacts to the build script. (markt) 61658: Update MIME mappings for fonts to use font/* as per RFC8081. (markt) Update the packaged version of the Tomcat Native Library to 1.2.16 to pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL 1.0.2m. (markt) Update the NSIS Installer used to build the Windows installer to version 3.02.1. (kkolinko) Update the Windows installer to use "The Apache Software Foundation" as the Publisher when Tomcat is displayed in the list of installed applications in Microsoft Windows. (kkolinko) 61803: Remove outdated SSL information from the Security documentation. (remm)

Catalina

61210: When running under a SecurityManager, do not print a warning about not being able to read a logging configuration file when that file does not exist. (markt) 61280: Add RFC 7617 support to the BasicAuthenticator. Note that the default configuration does not change the existing behaviour. (markt) 61452: Fix a copy paste error that caused an UnsupportedEncodingException when using WebDAV. (markt) Correct regression in 7.0.80 that broke the use of relative paths with the extraResourcePaths attribute of a VirtualDirContext. (markt) 61489: When using the CGI servlet, make the generation of command line arguments from the query string (as per section 4.4 of RFC 3875) optional. The feature is enabled by default for consistency with previous releases. Based on a patch by jm009. (markt) Correct a regression in 7.0.80 and 7.0.81 that wrapped the DirContext that represented the web application in a ProxyDirContext twice rather than just once. (markt) 61542: Fix CVE-2017-12617 and prevent JSPs from being uploaded via a specially crafted request when HTTP PUT was enabled. (markt) Use the correct path when loading the JVM logging.properties file for Java 9. (rjung) 61554: Exclude test files in unusual encodings and markdown files intended for display in GitHub from RAT analysis. Patch provided by Chris Thistlethwaite. (markt)

Coyote

48655: Enable Tomcat to shutdown cleanly when using sendfile, the APR/native connector and a multi-part download is in progress. (markt) 58244: Handle the case when OpenSSL resumes a TLS session using a ticket and the full client certificate chain is not available. In this case the client certificate without the chain will be presented to the application. (markt) Fix random SocketTimeoutExceptions when reading the request InputStream. Based on a patch by Peter Major. (markt) 60900: Avoid a NullPointerException in the APR Poller if a connection is closed at the same time as new data arrives on that connection. (markt) Add an option to reject requests that contain HTTP headers with invalid (non-token) header names with a 400 response. (markt)

WebSocket

61491: When using the permessage-deflate extension, correctly handle the sending of empty messages after non-empty messages to avoid the IllegalArgumentException. (markt)

Tribes

To avoid unexpected session timeout notification from backup session, update the access time when receiving the map member notification message. (kfujino) Add member info to the log message when the failure detection check fails in TcpFailureDetector. (kfujino) Avoid Ping timeout until the added map member by receiving MSG_START message is completely started. (kfujino) When sending a channel message, make sure that the Sender has connected. (kfujino) Correct the backup node selection logic that node 0 is returned twice consecutively. (kfujino) Fix race condition of responseMap in RpcChannel. (kfujino)

jdbc-pool

61391: Ensure that failed queries are logged if the SlowQueryReport interceptor is configured to do so and the connection has been abandoned. Patch provided by Craig Webb. (markt) 61425: Ensure that transaction of idle connection has terminated when the testWhileIdle is set to true and defaultAutoCommit is set to false. Patch provided by WangZheng. (kfujino) 61545: Correctly handle invocations of methods defined in the PooledConnection interface when using pooled XA connections. Patch provided by Nils Winkler. (markt)

Other

61439: Remove the Java Annotation API classes from tomcat-embed-core.jar and package them in a separate JAR in the embedded distribution to provide end users with greater flexibility to handle potential conflicts with the JRE and/or other JARs. (markt) 61441: Improve the detection of JAVA_HOME by the daemon.sh script when running on a platform where Java has been installed from an RPM. (rjung) Update the packaged version of the Tomcat Native Library to 1.2.14 to pick up the latest Windows binaries built with APR 1.6.2 and OpenSSL 1.0.2l. (markt) Update fix for 59904 so that values less than zero are accepted instead of throwing a NegativeArraySizeException. (remm) 61563: Correct typos in Spanish translation. Patch provided by Gonzalo Vásquez. (csutherl)

Catalina

Correct regression in 7.0.80 that broke WebDAV. (markt)

Catalina

56785: Avoid NullPointerException if directory exists on the class path that is not readable by the Tomcat user. (markt) Additional permission for deleting files is granted to JULI as it is required by FileHandler when running under a Security Manager. The thread that cleans the log files is marked as daemon thread. (violetagg) 61229: Correct a regression in 7.0.78 that broke WebDAV handling for resources with names that included a & character. (markt) If the Content-Language HTTP header is set directly, attempt to determine the Locale from the header value and call ServletResponse.setLocale() with the derived Locale. (markt) 61232: When log rotation is disabled only one separator will be used when generating the log file name. For example if the prefix is catalina. and the suffix is .log then the log file name will be catalina.log instead of catalina..log. Patch provided by Katya Stoycheva. (violetagg) 61253: Add warn message when Digester.updateAttributes throws an exception instead of ignoring it. (csutherl) 61313: Make the read timeout configurable in the JNDIRealm and ensure that a read timeout will result in an attempt to fail over to the alternateURL. Based on patches by Peter Maloney and Felix Schumacher. (markt)

Coyote

61086: Ensure to explicitly signal an empty request body for HTTP 205 responses. Additional fix to r1795278. Based on a patch provided by Alexandr Saperov. (violetagg) 61322: Correct two regressions caused by the fix for 60319 when using BIO with an external Executor. Firstly, use the maxThreads setting from the Executor as the default for maxConnections if none is specified. Secondly, use maxThreads from the Executor when calculating the point at which to disable keep-alive. (markt) Add additional logging to record problems that occur while waiting for the NIO pollers to stop during the Connector stop process. (markt) Prevent exceptions being thrown during normal shutdown of NIO connections. This enables TLS connections to close cleanly. (markt)

Jasper

53031: Add support for the fork option when compiling JSPs with the Jasper Ant task and javac. (markt)

WebSocket

57767: Add support to the WebSocket client for following redirects when attempting to establish a WebSocket connection. Patch provided by J Fernandez. (markt)

Other

52791: Add the ability to set the defaults used by the Windows installer from a configuration file. Patch provided by Sandra Madden. (markt)

Catalina

61101: CORS filter should set Vary header in response. Submitted by Rick Riemer. (remm) 61105: Add a new JULI FileHandler configuration for specifying the maximum number of days to keep the log files. (violetagg) Improve the SSLValve so it is able to handle client certificate headers from Nginx. Based on a patch by Lucas Ventura Carro. (markt) 61154: Allow the Manager and Host Manager web applications to start by default when running under a security manager. This was accomplished by adding a custom permission, org.apache.catalina.security.DeployXmlPermission, that permits an application to use a META-INF/context.xml file and then granting that permission to the Manager and Host Manager. (markt) 61173: Polish the javadoc for o.a.catalina.startup.Tomcat. Patch provided by peterhansson_se. (violetagg) A new configuration property crawlerIps is added to the o.a.catalina.valves.CrawlerSessionManagerValve. Using this property one can specify a regular expression that will be used to identify crawlers based on their IP address. Based on a patch provided by Tetradeus. (violetagg) 61180: Log a warning message rather than an information message if it takes more than 100ms to initialised a SecureRandom instance for a web application to use to generate session identifiers. Patch provided by Piotr Chlebda. (markt) 61185: When an asynchronous request is dispatched via AsyncContext.dispatch() ensure that getRequestURI() for the dispatched request matches that of the original request. (markt) 61201: Ensure that the SCRIPT_NAME environment variable for CGI executables is populated in a consistent way regardless of how the CGI servlet is mapped to a request. (markt) 61215: Correctly define addConnectorPort and invalidAuthenticationWhenDeny in the mbean-descriptors.xml file for the org.apache.catalina.valves package so that the attributes are accessible via JMX. (markt)

Coyote

61086: Explicitly signal an empty request body for HTTP 205 responses. (markt) Revert a change introduced in the fix for bug 60718 that changed the status code recorded in the access log when the client dropped the connection from 200 to 500. (markt) Make asynchronous error handling more robust. In particular ensure that onError() is called for any registered AsyncListeners after an I/O error on a non-container thread. (markt)

Jasper

44787: Improve error message when JSP compiler configuration options are not valid. (markt)

WebSocket

Correct the log message when a MessageHandler for PongMessage does not implement MessageHandler.Whole. (rjung) Improve thread-safety of Futures used to report the result of sending WebSocket messages. (markt) 61183: Correct a regression in the previous fix for 58624 that could trigger a deadlock depending on the locking strategy employed by the client code. (markt)

Web applications

Better document the meaning of the trimSpaces option for Jasper. (markt) 61150: Configure the Manager and Host-Manager web applications to permit serialization and deserialization of CRSFPreventionFilter related session objects to avoid warning messages and/or stack traces on web application stop and/or start when running under a security manager. (markt)

Tribes

Add JMX support for Tribes components. (kfujino)

Other

45832: Add HTTP DIGEST authentication support to the Catalina Ant tasks used to communicate with the Manager application. (markt) 45879: Add the RELEASE-NOTES file to the root of the installation created by the Tomcat installer for Windows to make it easier for users to identify the installed Tomcat version. (markt) 61076: Document the altDDName attribute for the Context element. (markt) 61145: Add missing @Documented annotation to annotations in the annotations API. Patch provided by Katya Todorova. (markt) 61146: Add missing lookup() method to @EJB annotation in the annotations API. Patch provided by Katya Todorova. (markt) Correct typo in Context Container Configuration Reference. Patch provided by Katya Todorova. (violetagg)

General

Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)

Catalina

Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt) Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt) Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt) If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404. (markt) When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt) 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg) Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt) 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm) Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)

Jasper

60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)

WebSocket

61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)

Web applications

Document the property test.excludePerformance in BUILDING.txt. (rjung) Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)

jdbc-pool

Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino) In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)

Other

Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg) 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)

Catalina

54618: Add support to the HttpHeaderSecurityFilter for the HSTS preload parameter. (markt) 60911: Ensure NPE will not be thrown when looking for SSL session ID. Based on a patch by Didier Gutacker. (violetagg)

Coyote

When using the NIO2 connector, ensure a WebSocket close frame is processed before the end of stream is processed to ensure that the end of stream is processed correctly. (markt) 60852: Correctly spell compressible when used in configuration attributes and internal code. Based on a patch by Michael Osipov. (markt) Improve sendfile handling when requests are pipelined. (markt)

Jasper

Improve the error handling for simple tags to ensure that the tag is released and destroyed once used. (remm, violetagg) 60844: Correctly handle the error when fewer parameter values than required by the method are used to invoke an EL method expression. Patch provided by Daniel Gray. (markt)

jdbc-pool

60764: Implement equals() and hashCode() in the StatementFacade in order to enable these methods to be called on the closed statements if any statement proxy is set. This behavior can be changed with useStatementFacade attribute. (kfujino)

Catalina

Make it easier for sub-classes of Tomcat to modify the default web.xml settings by over-riding getDefaultWebXmlListener(). Patch provided by Aaron Anderson. (markt) Reduce the contention in the default InstanceManager implementation when multiple threads are managing objects and need to reference the annotation cache. (markt) 60674: Remove final marker from CorsFilter to enable sub-classing. (markt) 60683: Security manager failure causing NPEs when doing IO on some JVMs. (csutherl) 60688: Update the internal fork of Apache Commons BCEL to r1782855 to add early access Java 9 support to the annotation scanning code. (markt) 60718: Improve error handling for asynchronous processing and correct a number of cases where the requestDestroyed() event was not being fired and an entry wasn't being made in the access logs. (markt) 60808: Ensure that the Map returned by ServletRequest.getParameterMap() is fully immutable. Based on a patch provided by woosan. (markt) 60824: Correctly cache the Subject in the session - if there is a session - when running under a SecurityManager. Patch provided by Jan Engehausen. (markt) Ensure request and response facades are used when firing application listeners. (markt/remm) When HTTP TRACE requests are disabled on the Connector, ensure that the HTTP OPTIONS response from the WebDAV servlet does not include TRACE in the returned Allow header. (markt)

Coyote

Ensure that executor thread pools used with connectors pre-start the configured minimum number of idle threads. (markt) 60594: Allow some invalid characters that were recently restricted to be processed in requests by using the system property tomcat.util.http.parser.HttpParser.requestTargetAllow. (csutherl)

Jasper

Refactor code generated for JSPs to reduce the size of the code required for tags. (markt)

Cluster

Make the accessTimeout configurable in ClusterSingleSignOn. The accessTimeout is used as a timeout period for PING in replication map. (kfujino) 60806: To avoid ClassNotFoundException, make sure that the web application class loader is passed to ReplicatedContext. (kfujino)

WebSocket

60617: Correctly create a CONNECT request when establishing a WebSocket connection via a proxy. Patch provided by Svetlin Zarev. (markt)

Tribes

Ensure that NoRpcChannelReply messages are not received on RpcCallback. (kfujino) 60722: Take account of the dispatchersUseEncodedPaths setting on the current Context when generating paths for dispatches triggered by AsyncContext.dispatch(). (markt)

Other

60620: Fix configuration of Eclipse projects, broken by introduction of SafeForkJoinWorkerThreadFactory helper class. This class cannot be built with Java 6. (kkolinko) Update the packaged version of the Tomcat Native Library to 1.2.12 to pick up the latest Windows binaries built with OpenSSL 1.0.2k. (violetagg) 60784: Update all unit tests that test the HTTP status line to check for the required space after the status code. Patch provided by Michael Osipov. (markt) Update the NSIS Installer used to build the Windows installer to version 3.01. (markt) Refactor the build script and the NSIS installer script so that either NSIS 2.x or NSIS 3.x can be used to build the installer. This is primarily to re-enable building the installer on the Linux based CI system where the combination of NSIS 3.x and wine leads to failed installer builds. (markt)

Cluster

Make the accessTimeout configurable in BackupManager. The accessTimeout is used as a timeout period for PING in replication map. (kfujino)

Web applications

Ensure the ASF logo image is correctly displayed in docs and host-manager applications. (violetagg)

Catalina

53602: Add HTTP status code 451 (RFC 7725) to the list of HTTP status codes recognised by Tomcat. (markt) Correctly handle the configClass attribute of a Host when embedding Tomcat. (markt) 60379: Dispose of the GSS credential once it is no longer required. Patch provided by Michael Osipov. (markt) 60380: Ensure that a call to HttpServletRequest#logout() triggers a call to TomcatPrincipal#logout(). Based on a patch by Michael Osipov. (markt) 60387: Correct the javadoc for o.a.catalina.AccessLog.setRequestAttributesEnabled. The default value is different for the different implementations. (violetagg) 60393: Use consistent parameter naming in implementations of Realm#authenticate(GSSContext, boolean). (markt) 60395: Log when an Authenticator passes an incomplete GSSContext to a Realm since it indicates a bug in the Authenticator. Patch provided by Michael Osipov. (markt) Update the warnings that reference required options for running on Java 9 to use the latest syntax for those options. (markt) 60513: Fix thread safety issue with RMI cleanup code. (remm) 60620: Extend the JreMemoryLeakPreventionListener to provide protection against ForkJoinPool.commonPool() related memory leaks. (markt)

Coyote

Ensure that the endpoint is able to unlock the acceptor thread during shutdown if the endpoint is configured to listen to any local address of a specific type such as 0.0.0.0 or ::. (markt) Ensure sendfile is enabled by default for APR. (markt) Prevent read time out when the file is deleted while serving the response. The issue was observed only with APR Connector and sendfile enabled. (violetagg) Improve the logic that selects an address to use to unlock the Acceptor to take account of platforms what do not listen on all local addresses when configured with an address of 0.0.0.0 or ::. (markt) 60409: When unable to complete sendfile request, ensure the Processor will be added to the cache only once. (markt/violetagg)

Jasper

44294: Add support for varargs in UEL expressions. (markt) 60356: Fix pre-compilation of JSPs that depend on nested tag files packaged in a JAR. (markt) 60431: Improve handling of varargs in UEL expressions. Based on a patch by Ben Wolfe. (markt) 60497: Restore previous tag reuse behavior following the use of try/finally. (remm) Improve the error handling for simple tags to ensure that the tag is released and destroyed once used. (remm) 60497: Follow up fix using a better variable name for the tag reuse flag. (remm) Revert use of try/finally for simple tags. (remm)

Web applications

Correct a typo in Host Configuration Reference. Issue reported via comments.apache.org. (violetagg) In the documentation web application, be explicit that clustering requires a secure network for all of the cluster network traffic. (markt) Update the ASF logos to the new versions.

Tribes

Reduce the warning logs for a message received from a different domain in order to avoid excessive log outputs. (kfujino) Add log message that PING message has received beyond the timeout period. (kfujino) When a PING message that beyond the time-out period has been received, make sure that valid member is added to the map membership. (kfujino)

WebSocket

60437: Avoid possible handshake overflows in the websocket client. (remm)

jdbc-pool

58816: Implement the statistics of jdbc-pool. The stats infos are borrowedCount, returnedCount, createdCount, releasedCount, reconnectedCount, releasedIdleCount and removeAbandonedCount. (kfujino) 60194: If validationQuery is not specified, connection validation is done by calling the isValid() method. (kfujino) 60398: Fix testcase of TestSlowQueryReport. (kfujino) Enable reset the statistics without restarting the pool. (kfujino)

Other

60366: Change catalina.bat to use directly LOGGING_MANAGER and LOGGING_CONFIG variables in order to configure logging, instead of modifying JAVA_OPTS. Patch provided by Petter Isberg. (violetagg) New property is added test.verbose in order to control whether the output of the tests is displayed on the console or not. Patch provided by Emmanuel Bourg. (violetagg) Update the ASF logos used in the Apache Tomcat installer for Windows to use the new versions. Spelling corrections provided by Josh Soref. (violetagg)

Catalina

60117: Ensure that the name of LogLevel is localized when using OneLineFormatter. Patch provided by Tatsuya Bessho. (kfujino) 60151: Improve the exception error messages when a ResourceLink fails to specify the type, specifies an unknown type or specifies the wrong type. (markt) 60167: Ignore empty lines in /etc/passwd files when using the PasswdUserDatabase. (markt) Improve the access checks for linked global resources to handle the case where the current class loader is a child of the web application class loader. (markt) 60199: Log a warning if deserialization issues prevent a session attribute from being loaded. (markt) Correctly test for control characters when reading the provided shutdown password. (markt) When configuring the JMX remote listener, specify the allowed types for the credentials. (markt)

Coyote

60123: Avoid potential threading issues that could cause excessively large vales to be returned for the processing time of a current request. (markt) 60174: Log instances of HeadersTooLargeException during request processing. (markt) Correct the HTTP header parser so that DEL is not treated as a valid token character. (markt) 60319: When using an Executor, disconnect it from the Connector attributes maxThreads, minSpareThreads and threadPriority to enable the configuration settings to be consistently reported. These Connector attributes will be reported as -1 when an Executor is in use. The values used by the executor may be set and obtained via the Executor. (markt) If an I/O error occurs during async processing on a non-container thread, ensure that the onError() event is triggered. (markt) Improve detection of I/O errors during async processing on non-container threads and trigger async error handling when they are detected. (markt) Add additional checks for valid characters to the HTTP request line parsing so invalid request lines are rejected sooner. (markt)

Web applications

Add an example of using the classesToInitialize attribute of the JreMemoryLeakPreventionListener to the documentation web application. Based on a patch by Cris Berneburg. (markt) 60192: Correct a typo in the status output of the Manager application. Patch provided by Radhakrishna Pemmasani. (markt) Correct a typo in HTTP Connector How-To. Issue reported via comments.apache.org. (violetagg) Fix default value of validationInterval attribute in jdbc-pool. (kfujino) Correct a typo in CGI How-To. Issue reported via comments.apache.org. (violetagg) 60344: Add a note to BUILDING.txt regarding using the source bundle with the correct line endings. (markt)

Tribes

When the proxy node sends a backup retrieve message, ensure that using the channelSendOptions that has been set rather than the default channelSendOptions. (kfujino)

jdbc-pool

60099: Ensure that use all method arguments as a cache key when using StatementCache. (kfujino) 60139: Correct Javadocs for PoolConfiguration.getValidationInterval and setValidationInterval. Reported by Phillip Webb. (kfujino)

Other

Add documentation to the bin/catalina.bat script to remind users that environment variables don't affect the configuration of Tomcat when run as a Windows Service. Based upon a documentation patch by James H.H. Lampert. (schultz)

Catalina

Ensure Digester.useContextClassLoader is considered in case the class loader is used. (violetagg)

Jasper

60101: Remove preloading of the class that was deleted. (violetagg)

jdbc-pool

Notify jmx when returning the connection that has been marked suspect. (kfujino) Ensure that the POOL_EMPTY notification has been added to the jmx notification types. (kfujino)

Other

Update the packaged version of the Tomcat Native Library to 1.2.10 to pick up the latest Windows binaries built with OpenSSL 1.0.2j. (markt) 61599: Update to Commons Daemon 1.1.0 for improved Java 9 support. (markt)

Catalina

57705: Add debug logging for requests denied by the remote host and remote address valves and filters. Based on a patch by Graham Leggett. (markt) Change the default of the sessionCookiePathUsesTrailingSlash attribute of the Context element to false since the problems caused when a Servlet is mapped to /* are more significant than the security risk of not enabling this option by default. (markt) 59708: Modify the LockOutRealm logic. Valid authentication attempts during the lock out period will no longer reset the lock out timer to zero. (markt) Improve error handling around user code prior to calling InstanceManager.destroy() to ensure that the method is executed. (markt) Ensure that reading the singleThreadModel attribute of a StandardWrapper via JMX does not trigger initialisation of the associated servlet. With some frameworks this can trigger an unexpected initialisation thread and if initilisation is not thread-safe the initialisation can then fail. (markt) By default, treat paths used to obtain a request dispatcher as encoded. This behaviour can be changed per web application via the dispatchersUseEncodedPaths attribute of the Context. (markt) 59839: Apply roleSearchAsUser to all nested searches in JNDIRealm. (fschumacher) Provide a mechanism that enables the container to check if a component (typically a web application) has been granted a given permission when running under a SecurityManager without the current execution stack having to have passed through the component. Use this new mechanism to extend SecurityManager protection to the system property replacement feature of the digester. (markt) When retrieving an object via a ResourceLink, ensure that the object obtained is of the expected type. (markt) 59866: When scanning WEB-INF/classes for annotations, don't scan the contents of WEB-INF/classes/META-INF (if present) since classes will never be loaded from that location. (markt) 59912: Fix an edge case in input stream handling where an IOException could be thrown when reading a POST body. (markt) 59966: Do not start the web application if the error page configuration in web.xml is invalid. (markt) Switch the CGI servlet to the standard logging mechanism and remove support for the debug attribute. (markt) Add a new initialisation parameter, envHttpHeaders, to the CGI Servlet to mitigate httpoxy (CVE-2016-5388) by default and to provide a mechanism that can be used to mitigate any future, similar issues. (markt) When adding and removing ResourceLinks dynamically, ensure that the global resource is only visible via the ResourceLinkFactory when it is meant to be. (markt) 60008: When processing CORs requests, treat any origin with a URI scheme of file as a valid origin. (markt) Improve handling of exceptions during a Lifecycle events triggered by a state transition. The exception is now caught and the component is now placed into the FAILED state. (markt) Fix a file descriptor leak when reading the global web.xml. (markt) 60041: Better error message if a JAR is deleted while a web application is running. Note: Deleting a JAR while the application is running is not supported and errors are expected. Based on a patch by gehui. (markt)

Coyote

Improve error handling around user code prior to calling InstanceManager.destroy() to ensure that the method is executed. (markt) 59904: Add a limit (default 200) for the number of cookies allowed per request. Based on a patch by gehui. (markt) Make timing attacks against the Realm implementations harder. (schultz) Refactor the code that implements the requirement that a call to complete() or dispatch() made from a non-container thread before the container initiated thread that called startAsync() completes must be delayed until the container initiated thread has completed. Rather than implementing this by blocking the non-container thread, extend the internal state machine to track this. This removes the possibility that blocking the non-container thread could trigger a deadlock. (markt)

Jasper

Improve error handling around user code prior to calling InstanceManager.destroy() to ensure that the method is executed. (markt) Improve the error handling for custom tags to ensure that the tag is returned to the pool or released and destroyed once used. (markt) Fixed StringIndexOutOfBoundsException. Based on a patch provided by wuwen via Github. (violetagg)

WebSocket

Improve error handling around user code prior to calling InstanceManager.destroy() to ensure that the method is executed. (markt) 59868: Clarify the documentation for the Manager web application to make clearer that the host name and IP address in the server section are the primary host name and IP address. (markt) 59908: Ensure that a reason phrase is included in the close message if a session is closed due to a timeout. (markt)

Web Applications

Do not log an additional case of IOExceptions in the error handler for the Drawboard WebSocket example when the root cause is the client disconnecting since the logs add no value. (markt) 59642: Mention the localDataSource in the DataSourceRealm section of the Realm How-To. (markt) Follow-up to the fix for 59399. Ensure that the new attribute transportGuaranteeRedirectStatus is documented for all Realms. Also document the NullRealm and when it is automatically created for an Engine. (markt) MBeans Descriptors How-To is moved to mbeans-descriptors-howto.html. Patch provided by Radoslav Husar. (violetagg) 60034: Correct a typo in the Manager How-To page of the documentation web application. (markt)

Tribes

Add log message when the ping has timed-out. (kfujino) If the ping message has been received at the AbstractReplicatedMap#leftOver method, ensure that notify the member is alive than ignore it. (kfujino)

jdbc-pool

Fix the duplicated connection release when connection verification failed. (kfujino) Ensure that do not remove the abandoned connection that has been already released. (kfujino) In order to avoid the unintended skip of PoolCleaner, remove the check code of the execution interval in the task that has been scheduled. (kfujino) 59849: Ensure that the connection verification is executed by initSQL (if required) if the borrowing PooledConnection has not been initialized. (kfujino) 59850: Ensure that the ResultSet is closed when enabling the StatementCache interceptor. (kfujino) 59923: Reduce the default value of validationInterval in order to avoid the potential issue that continues to return an invalid connection after database restart. (kfujino) Ensure that the ResultSet is returned as Proxy object when enabling the StatementDecoratorInterceptor. (kfujino) 60043: Ensure that the suspectTimeout works without removing connection when the removeAbandoned is disabled. (kfujino) Add log message of when returning the connection that has been marked suspect. (kfujino) Correct Javadoc for ConnectionPool.suspect(). Based on a patch by Yahya Cahyadi. (markt)

Other

Use the mirror network rather than the ASF master site to download the current ASF dependencies. (markt) Update the packaged version of the Tomcat Native Library to 1.2.8 to pick up the latest fixes and make 1.2.8 the minimum recommended version. (markt) Fixed typos in mbeans-descriptors.xml files. (violetagg) Update the internal fork of Commons BCEL to r1757132 to align with the BCEL 6 release. (markt) Update the internal fork of Commons Codec to r1757174. Code formatting changes only. (markt) Update the internal fork of Commons FileUpload to afdedc9. This pulls in a fix to improve the performance with large multipart boundaries. (markt) Update the download location for Objenesis. (violetagg)

Catalina

59219: Ensure AsyncListener.onError() is called if an Exception is thrown during async processing. (markt) 59220: Ensure that AsyncListener.onComplete() is called if the async request times out and the response is already committed. (markt) 59261: ServletRequest.getAsyncContext() now throws an IllegalStateException as required by the Servlet specification if the request is not in asynchronous mode when called. (markt) 59310: Do not add a Content-Length: 0 header for custom responses to HEAD requests that do not set a Content-Length value. (markt) When normalizing paths, improve the handling when paths end with /. or /.. and ensure that input and output are consistent with respect to whether or not they end with /. (markt) 59317: Ensure that HttpServletRequest.getRequestURI() returns an encoded URI rather than a decoded URI after a dispatch. (markt) Ensure that the value for the header X-Frame-Options is constructed correctly according to the specification when ALLOW-FROM option is used. (violetagg) 59399: Add a new option to the Realm implementations that ship with Tomcat that allows the HTTP status code used for HTTP -> HTTPS redirects to be controlled per Realm. (markt) 59449: In ContainerBase, ensure that the process to remove a child container is the reverse of the process to add one. Patch provided by Huxing Zhang. (markt) RMI Target related memory leaks are avoidable which makes them an application bug that needs to be fixed rather than a JRE bug to work around. Therefore, start logging RMI Target related memory leaks on web application stop. Add an option that controls if the check for these leaks is made. Log a warning if running on Java 9 with this check enabled but without the command line option it requires. (markt) Fix a potential concurrency issue with the web application class loader and concurrent reads and writes of the resource cache. (markt) 59619: Within the web application class loader, always use path as the key for the resource cache to improve the hit ratio. This also fixes a problem exposed by the fix for 56777 that enabled file based configuration resources to be loaded from the class path. (markt) Fix error message when failed to register MBean. (kfujino)

Coyote

58970: Fix a connection counting bug in the NIO connector that meant some dropped connections were not removed from the current connection count. (markt) 59289: Do not recycle upgrade processors in unexpected close situations. (remm) Ensure that requests with HTTP method names that are not tokens (as required by RFC 7231) are rejected with a 400 response. (markt) When an asynchronous request is processed by the AJP connector, ensure that request processing has fully completed before starting the next request. (markt) If an async dispatch results in the completion of request processing, ensure that any remaining request body is swallowed before starting the processing of the next request else the remaining body may be read as the start of the next request leading to a 400 response. (markt)

Jasper

Fix a memory leak in the expression language implementation that caused the class loader of the first web application to use expressions to be pinned in memory. (markt) 59654: Enforce the requirements of section 7.3.1 of the JSP specification regarding the permitted locations for TLD files. Patch provided by Huxing Zhang. (markt)

WebSocket

Ensure that a client disconnection triggers the error handling for the associated WebSocket end point. (markt)

Web Applications

Correct a typo in SSL/TLS Configuration How-To. Issue reported via comments.apache.org. (violetagg) 58891: Update the SSL how-to. Based on a suggestion by Alexander Kjäll. (markt)

Tribes

Fix potential NPE that depends on the setting order of attributes of static member when using the static cluster. (kfujino) Add get/set method for the channel that is related to ChannelInterceptorBase. (kfujino) As with the multicast cluster environment, in the static cluster environment, the local member inherits properties from the cluster receiver. (kfujino) Add get/set method for the channel that is related to each Channel services. (kfujino) Add name to channel in order to identify channels. In tomcat cluster environment, it is set the cluster name + "-Channel" as default value. (kfujino) Add the channel name to the thread which is invoked by channel services in order to identify the associated channel. (kfujino) Ensure that clear the channel instance from channel services when stopping channel. (kfujino) Implement map state in the replication map. (kfujino) Ensure that the ping is not executed during the start/stop of the replication map. (kfujino) In ping processing in the replication map, send not the INIT message but the newly introduced PING message. (kfujino)

jdbc-pool

Fix a memory leak with the pool cleaner thread that retained a reference to the web application class loader for the first web application to use a connection pool. (markt)

Other

Update the packaged version of the Tomcat Native Library to 1.2.7 to pick up the Windows binaries that are based on OpenSSL 1.0.2h and APR 1.5.2. (violetagg/markt) Remove native code (Windows Service Wrapper, APR/native connector) support for Windows Itanium. (markt) Update the internal fork of Commons File Upload to r1743698 (1.3.1 plus additional fixes). (markt) 58626: Add support for a new environment variable (USE_NOHUP) that causes nohup to be used when starting Tomcat. It is disabled by default except on HP-UX where it is enabled by default since it is required when starting Tomcat at boot on HP-UX. (markt)

Catalina

Fix the type of InstanceManager attribute of mbean definition of StandardContext. (kfujino) 58351: Make the server build date and server version number accessible via JMX. Patch provided by Huxing Zhang. (markt) 59001: Correctly handle the case when Tomcat is installed on a path where one of the segments ends in an exclamation mark. (markt) Expand the fix for 59001 to cover the special sequences used in Tomcat's custom jar:war: URLs. (markt) 59043: Avoid warning while expiring sessions associated with a single sign on if HttpServletRequest.logout() is used. (markt) 59054: Ensure that using the CrawlerSessionManagerValve in a distributed environment does not trigger an error when the Valve registers itself in the session. (markt) Log a warning message if a user tries to configure the default session timeout via the deprecated (and ignored) Manager.setMaxInactiveInterval() method. (markt) Correct a regression introduced in 7.0.68 where the deprecated Manager.getMaxInactiveInterval() method returned the current default session timeout in minutes rather than seconds. (markt) When a Host is configured with an appBase that does not exist, create the appBase before trying to expand an external WAR file into it. (markt) 59115: When using the Servlet 3.0 file upload, the submitted file name may be provided as a token or a quoted-string. If a quoted-string, unquote the string before returning it to the user. (markt) 59123: Close NamingEnumeration objects used by the JNDIRealm once they are no longer required. (fschumacher/markt) 59138: Correct a false positive warning for ThreadLocal related memory leaks when the key class but not the value class has been loaded by the web application class loader. (markt) 59145: Don't log an invalid warning when a user logs out of a session associated with SSO. (markt) 59151: Fix a regression in the fix for 56917 that added additional (and arguably unnecessary) validation to the provided redirect location. (markt) 59206: Ensure NPE will not be thrown by o.a.tomcat.util.file.ConfigFileLoader when catalina.base is not specified. (violetagg) 59213: Async dispatches should be based off a wrapped request. (remm) 59217: Remove duplication in the recycling of the path in o.a.tomcat.util.http.ServerCookie. Patch is provided by Kyohei Nakamura. (violetagg) Ensure that javax.servlet.ServletRequest and javax.servlet.ServletResponse provided during javax.servlet.AsyncListener registration are made available via javax.servlet.AsyncEvent.getSuppliedRequest and javax.servlet.AsyncEvent.getSuppliedResponse (violetagg) Clarify the log message that specifying both urlPatterns and value attributes in WebServlet and WebFilter annotations is not allowed. (violetagg) Ensure the exceptions caused by Valves will be available in the log files so that they can be evaluated when o.a.catalina.valves.ErrorReportValve.showReport is disabled. Patch is provided by Svetlin Zarev. (violetagg) 59247: Preload ResourceEntry as a workaround for security manager issues on some JVMs. (kkolinko/remm) 59269: Correct the implementation of PersistentManagerBase so that minIdleSwap functions as designed and sessions are swapped out to keep the active session count below maxActiveSessions. (markt)

Coyote

58646: Correct a problem with sendfile that resulted in a Processor being added to the cache twice leading to broken responses. (markt) 59015: Fix potential cause of endless APR Poller loop during shutdown if the Poller experiences an error during the shutdown process. (markt) Limit the default TLS ciphers for JSSE (BIO, NIO) and OpenSSL (APR) to those currently considered secure. (markt) Add a new environment variable JSSE_OPTS that is intended to be used to pass JVM wide configuration to the JSSE implementation. The default value is -Djdk.tls.ephemeralDHKeySize=2048 which protects against weak Diffie-Hellman keys. (markt)

WebSocket

59014: Ensure that a WebSocket close message can be sent after a close message has been received. (markt) Correctly handle compression of partial messages when the final message fragment has a zero length payload. (markt) Extend the WebSocket programmatic echo endpoint provided in the examples to handle binary messages and also partial messages. This aligns the code with Tomcat 8 and makes it easier to run the Autobahn testsuite against the WebSocket implementation. (markt) 59119: Correct read logic for WebSocket client when using secure connections. (markt) 59134: Correct client connect logic for secure connections made through a proxy. (markt) 59189: Explicitly release the native memory held by the Inflater and Deflater when using PerMessageDeflate and the WebSocket session ends. Based on a patch by Henrik Olsson. (markt)

Web Applications

Correct the description of the ServletRequest.getServerPort() in Proxy How-To. Issue reported via comments.apache.org. (violetagg) Fix a potential indefinite wait in the Comet Chat servlet in the examples web application. (markt) 59229: Fix error in HTTP docs and make clear the the HTTP NIO connector uses non-blocking I/O to read the HTTP request headers. (markt) Update in the documentation the link to the maven repository where Tomcat snapshot artifacts are deployed. (markt/violetagg) Clarify in the documentation that calls to ServletContext.log(String, Throwable) or GenericServlet.log(String, Throwable) are logged at the SEVERE level. (violetagg)

Tribes

If promoting a proxy node to a primary node when getting a session, notify the change of the new primary node to the original backup node. (kfujino) Avoid NPE when a proxy node failed to retrieve a backup entry. (kfujino) Add log of when received an unexpected messages. (kfujino) Add the flag indicating that member is a localMember. (kfujino)

Other

58283: Change the default download location for libraries during the build process from /usr/share/java to ${user.home}/tomcat-build-libs. Patch provided by Ahmed Hosni. (markt) 59031: When using the Windows uninstaller, do not remove the contents of any directories that have been symlinked into the Tomcat directory structure. (markt) Modify the default tomcat-users.xml file to make it harder for users to configure the entries intended for use with the examples web application for the Manager application. (markt) 59211: Add hamcrest to Eclipse classpath. Patch is provided by Huxing Zhang. (violetagg) 59280: Update the NSIS Installer used to build the Windows Installers to version 2.51. (kkolinko)

General

Allow to configure multiple JUnit test class patterns with the build property test.name and document the property in BUILDING.txt. (rjung)

Catalina

Correct implementation of validateClientProvidedNewSessionId so client provided session IDs may be rejected if validation is enabled. (markt) 56785: Avoid NullPointerException if directory exists on the class path that is not readable by the Tomcat user. (kkolinko) 57906: Suppress WebappClassLoader log messages when running with a security manager on Java 6, caused by java.beans.Introspector.findExplicitBeanInfo() calls during evaluation of EL expressions. (kkolinko) 58692: Make StandardJarScanner more robust. Log a warning if a class path entry cannot be scanned rather than triggering the failure of the web application. (markt) 58701: Reset the instanceInitialized field in StandardWrapper when unloading a Servlet so that a new instance may be correctly initialized. (markt) 58702: Ensure an access log entry is generated if the client aborts the connection. (markt) Fixed various issues reported by Findbugs. (violetagg) 58735: Add support for the X-XSS-Protection header to the HttpHeaderSecurityFilter. Patch provided by Jacopo Cappellato. (markt) 58751: Correctly handle the case where an AsyncListener dispatches to a Servlet on an asynchronous timeout and the Servlet uses sendError() to trigger an error page. Includes a test case based on code provided by Andy Wilkinson.(markt) 58765: Change default for mapperContextRootRedirectEnabled to true since this is required for correct session management because of the default for sessionCookiePathUsesTrailingSlash. (markt) Add the StatusManagerServlet to the list of Servlets that can only be loaded by privileged applications. (markt) Simplify code and fix messages in org.apache.catalina.core.DefaultInstanceManager class. (kkolinko) Ensure that the proper file encoding if specified will be used when a readme file is served by DefaultServlet. (violetagg) Fix declaration of localPort attribute of Connector MBean: it is read-only. (kkolinko) 58766: Make skipping non-class files during annotation scanning faster by checking the file name first. Improve debug logging. (kkolinko) 58768: Log a warning if a redirect fails because of an invalid location. (markt) 58836: Correctly merge query string parameters when processing a forwarded request where the target includes a query string that contains a parameter with no value. (markt/kkolinko) Make sure that shared Digester is reset in an unlikely error case in HostConfig.deployWAR(). (kkolinko) Fix a potential JDBC resource leak in DataSourceRealm. (schultz) 58900: Correctly undeploy symlinked resources and prevent an infinite cycle of deploy / undeploy. (markt) Protect initialization of ResourceLinkFactory when running with a SecurityManager. (kkolinko) Extend the feature available in the cluster session manager implementations that enables session attribute replication to be filtered based on attribute name to all session manager implementations. Note that configuration attribute name has changed from sessionAttributeFilter to sessionAttributeNameFilter. Apply the filter on load as well as unload to ensure that configuration changes made while the web application is stopped are applied to any persisted data. (markt) Extend the session attribute filtering options to include filtering based on the implementation class of the value and optional WARN level logging if an attribute is filtered. These options are available for all of the Manager implementations that ship with Tomcat. When a SecurityManager is used filtering will be enabled by default. (markt) 58905: Ensure that Tomcat.silence() silences the correct logger and respects the current setting. (markt) 58946: Ensure that the request parameter map remains immutable when processing via a RequestDispatcher. (markt)

Coyote

New configuration option ajpFlush for the AJP connectors to disable the sending of AJP flush packets. (rjung)

Jasper

Fix handling of missing messages in org.apache.el.util.MessageFactory. (violetagg) Ignore engineOptionsClass and scratchdir when running under a security manager. (markt)

Cluster

In order to avoid that the heartbeat thread and the background thread to run Channel.heartbeat simultaneously, if heartbeatBackgroundEnabled of SimpleTcpCluster set to true, ensure that the heartbeat thread does not start. (kfujino)

WebSocket

57489: Ensure onClose() is called when a WebSocket connection is closed even if the sending of the close message fails. Includes test cases by Barry Coughlan. (markt) Fix a timing issue on session close that could result in an exception being thrown for an incomplete message even through the message was completed. (markt)

Web Applications

Correct some typos in the JNDI resources How-To. (markt) Don't create sessions unnecessarily in the Manager application. (markt) Don't create sessions unnecessarily in the Host Manager application. (markt) 58723: Clarify documentation and error messages for the text interface of the manager to make clear that version must be used with path when referencing contexts deployed using parallel deployment. (markt) Correct an error in the documentation of the expected behaviour for automatic deployment. If a WAR is updated and an expanded directory is present, the directory will always be deleted and recreated by expanding the WAR if unpackWARs is true. (markt) 58935: Remove incorrect references in the documentation to using jar:file: URLs with the Manager application. (markt)

Tribes

Add support for the startup notification of local members in the static cluster. (kfujino) Ignore the unnecessary member remove operation from different domain. (kfujino) Add support for the shutdown notification of local members in the static cluster. (kfujino) Ensure that asynchronous session replication thread is a daemon thread. (kfujino)

Other

Update the NSIS Installer used to build the Windows Installers to version 2.50. (markt/kkolinko)

Catalina

56917: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later redirects to use relative URIs. This is controlled by a new attribute useRelativeRedirects on the Context and defaults to true. (markt) 58660: Correct a regression in 7.0.66 caused by the change that moved the redirection for context roots from the Mapper to the Default Servlet. (markt) Fixed potential NPE in HostConfig while deploying an application. Issue reported by coverity scan. (violetagg) 58655: Fix an IllegalStateException when calling HttpServletResponse.sendRedirect() with the RemoteIpFilter. This was caused by trying to correctly generate the absolute URI for the redirect. With the fix for 56917, redirects may now be relative making the sendRedirect() implementation for the RemoteIpFilter much simpler. This also addresses issues where the redirect may not have behaved as expected when redirecting from http to https to from https to http. (markt)

WebSocket

58658: Correct a regression in 7.0.66 that prevented Tomcat from starting on Java 6 unless the WebSocket JARs (that require Java 7) were removed. (markt)

Web Applications

Add a description of the default value of heartbeatSleeptime attribute and optionCheck attribute in the cluster channel docs. (kfujino)

Tribes

Fix potential NPE in AbstractReplicatedMap.breakdown(). (kfujino)

General

58596: Clarify the description in RUNNING.txt of how environment variables are used. (markt)

Catalina

34319: Only load those keys in StoreBase.processExpire from JDBCStore, that are old enough, to be expired. Based on a patch by Tom Anderson. (fschumacher) 56777: Allow file based configuration resources (user database, certificate revocation lists, keystores and trust stores) to be configured using URLs as well as files. Back-port provided by Huxing Zhang. (markt/violetagg) 57741: Enable the CGI servlet to use the standard error page mechanism. Note that if the CGI servlet's debug init parameter is set to 10 or higher then the standard error page mechanism will be bypassed and a debug response generated by the CGI servlet will be returned instead. (markt) 58486: Protect against two further possible memory leaks associated with XML parsing. (markt) 58497: Make AbstractHttp11Processor easy to extend. (markt) 58508: Escape role names when generating associated MBeans in case the role name contains characters not permitted in an MBean name. (markt) 58522: Fixed concurrency issue when iterating web application's resources. (violetagg) 58534: Removed repeated conditional tests in o.a.tomcat.websocket.pojo.PojoMethodMapping and o.a.tomcat.util.net.AprEndpoint Patch provided by Anthony Whitford. (violetagg) 58535: Use Collections.reverseOrder when a reverse ordering is needed. (violetagg) 58537: Some of the inner classes in o.a.catalina.valves.ExtendedAccessLogValve are made static. Patch provided by Anthony Whitford. (violetagg) 58540: Removed unused code from o.a.catalina.connector.Request. Patch provided by Anthony Whitford. (violetagg) 58541, 58544: It is more efficient to call Integer.toString(int) instead of Integer.valueOf(int).toString() when only a string representation of a primitive is needed. Based on a patch provided by Anthony Whitford. (violetagg) 58541, 58547: It is more efficient to call valueOf(...) instead of Number constructor. Based on a patch provided by Anthony Whitford. (violetagg) 58545: In some use cases it is more efficient to use Map.entrySet() instead of Map.keySet() Based on a patch provided by Anthony Whitford. (violetagg) Add a new RestCsrfPreventionFilter that provides basic CSRF protection for REST APIs. (violetagg) 58581: If a custom error page fails, fall back to the standard error page rather than throwing an NPE. Based on a patch by Huxing Zhang. (markt) 58582: Combined realm should perform background processing on its sub-realms. Based upon a patch provided by Aidan. (kkolinko) Handle the unlikely case where different versions of a web application are deployed with different session settings. (markt) Add a new Context option, enabled by default, that enables an additional check that a client provided session ID is in use in at least one other web application before allowing it to be used as the ID for a new session in the current web application. (markt) Add support for DIGEST authentication to the JNDIRealm. Based on a patch by Alexis Hassler. (markt) 58603: Ensure that HttpServletRequest.getRequestURL() returns the correct value when using the RemoteIpFilter. (markt) Ensure that in an embedded Tomcat the logging configuration is not lost during garbage collection. (violetagg) Move the functionality that provides redirects for context roots and directories where a trailing / is added from the Mapper to the DefaultServlet. This enables such requests to be processed by any configured Valves and Filters before the redirect is made. This behaviour is configurable via the mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes of the Context which may be used to restore the previous behaviour. (markt) 58635: Enable break points to be set within agent code when running Tomcat with a Java agent. Based on a patch by Huxing Zhang. (markt) Add path parameter handling to HttpServletRequest.getContextPath(). This is a follow-up to the fix for 57215. (markt)

Jasper

57136#c25: Implement a setting that controls what quoting rule is used when parsing EL expressions in attributes on a JSP page (chapter JSP.1.6 of specification). The setting name is quoteAttributeEL and it is configured as initialisation parameter of JSP Servlet (per web application configuration is possible) and as a command line option for JspC. The default value was changed to true, which restores behaviour implemented in Tomcat 7.0.64. It means that attribute quoting is applied on top of EL quoting. This provides better compatibility with older versions of Tomcat and other implementations. (kkolinko)

Cluster

Optimize the session lock range in DeltaManager.requestCompleted. (kfujino) Enable an explicit configuration of local member in the static cluster membership. (kfujino) Fix potential integer overflow in DeltaSession. Reported by coverity scan. (fschumacher)

Tribes

Distinguish the handling of the shutdown payload and member verification clearly. When handling shutdown payload, verification completion message is not required. (kfujino) When starting the StaticMembershipInterceptor, StaticMembershipInterceptor checks the required Interceptors. If the required Interceptor does not exist, it issues warning logs. (kfujino) Ensure that the static member is registered to the add suspect list even if the static member that is registered to the remove suspect list has disappeared. (kfujino) Correct the warning log of when the member that is not registered in the membership is detected. (kfujino) When using a static cluster, add the members that have been cached in the membership service to the map members list in order to ensure that the map member is a static member. (kfujino)

WebSocket

Use instance manager for server endpoint instances. (remm) 55006: The WebSocket client now honors the java.net.java.net.ProxySelector configuration (using the HTTP type) when establishing WebSocket connections to servers. Based on a patch by Niki Dokovski. (markt) 58624: Correct a thread safety issue that meant that blocking message writes could block indefinitely if the WebSocket connection was closed while a message write was in progress. (markt)

Web applications

Make it clear in the documentation for the CGI servlet that the debug page is not considered secure and should not be used in production. (markt) The domain attribute of StaticMember is not required but optional. (kfujino) 58631: Correct the continuation character use in the Windows Service How-To page of the documentation web application. (markt)

jdbc-pool

58489: Correct QueryStatsComparator to hold up the general contract for Comparator. (fschumacher) When creating a QueryStats object, ensure that maxQueries is checked. If maxQueries is a value less than or equal to 0, QueryStats are never created. (kfujino) Fix potential integer overflow in ConnectionPool and PooledConnection. Reported by coverity scan. (fschumacher)

Catalina

57681: Add a web application class loader implementation that supports the parallel loading of web application classes. Use of this feature requires a Java 7 or later JRE. Based on a patch by Huxing Zhang. (markt) 58187: Correct a regression in the fix for 57765 that meant that deployment of web applications deployed via the Manager application was delayed until the next execution of the automatic deployment background process. (markt) 58284: Correctly implement session serialization so non-serializable attributes are skipped with a warning. Patch provided by Andrew Shore. (markt) 58313: Fix concurrent access of encoders map when clearing encoders prior to switch to async. (markt) 58320: Fix concurrent access of request attributes which is possible during asynchronous processing. (markt) In preparation for implementing enhancement 57681, replace the use of the StandardClassLoader with URLClassLoader. This removes the server class loader from JMX. (markt) 58352: Always trigger a thread dump if Tomcat fails to stop gracefully from catalina.sh even if using -force. Patch provided by Alexandre Garnier. (markt) 58416: Correctly detect when a forced stop fails to stop Tomcat because the Tomcat process is waiting on some system call or is uninterruptible. (markt) 58436: Fix some rare data races in JULI's ClassLoaderLogManager during shutdown. (markt)

Coyote

Correct some edge cases in RequestUtil.normalize(). (markt) 58275: The IBM JREs accept cipher suite names starting with TLS_ or SSL_ but when listing the supported cipher suites only the SSL_ version is reported. This can break Tomcat's check that at least one requested cipher suite is supported. Tomcat now includes a work-around so either form of the cipher suite name can be used when running on an IBM JRE. (markt) 58357: For reasons not currently understood when the APR/native connector is used with OpenSSL reads can return an error code when there is no apparent error. This was work-around for HTTP upgrade connections by treating this as EAGAIN. The same fix has now been applied to the standard HTTP connector. (markt) 57799: Remove useless sendfile check for NIO SSL. (remm)

Jasper

57136: Correct a regression in the previous fix for this issue. \${ should only be an escape for ${ within an EL expression. Within a JSP page \$ should be an escape for $. The EL specification applies when parsing the expression delimited by ${ and }. Parsing of the delimiting ${ and } is the responsibility of the JSP specification. (markt) 58296: Fix a memory leak in the JSP unloading feature that meant that using a value other than -1 for maxLoadedJsps triggered a memory leak once the limit was reached. (markt) 58340: Improve error reporting for tag files packaged in JARs. (markt) 58444: Ensure that JSPs work with any custom base class that meets the requirements defined in the JSP specification without requiring that base class to implement Tomcat specific code. (markt)

Cluster

Fix a default clusterListeners in SimpleTcpCluster. The optimal default value is different for each session manager. ClusterSessionListener is never used in BackupManager. (kfujino) Correct log messages in case of using BackupManager. (kfujino)

WebSocket

58342: Fix a copy and paste error that meant MessageHandler removal could fail for binary and pong MessageHandlers. Patch provided by DJ. (markt) 58414: Correctly handle sending zero length messages when using per message deflate. (markt)

Web applications

Correct documentation for cluster-howto. (kfujino)

Extras

Ensure JULI adapters does not include the LogFactoryImpl class. Patch provided by Benjamin Gandon. (markt)

Tribes

Add support for configurations of ChannelListener and MembershipListener in server.xml. (kfujino) Correct log messages in case of using ReplicatedMap. (kfujino)

jdbc-pool

Make sure the pool has been properly configured when attributes that related to the pool size are changed via JMX. (kfujino)

Catalina

55317: Facilitate weaving by allowing ClassFileTransformer to be added to WebappClassLoader. Patch by Nick Williams. (markt) 58031: Make the (first) reason parameter parsing failed available as a request attribute and then use it to provide a better status code via the FailedRequstFilter (if configured). (markt) 58086: Ensure that WAR URLs are handled properly when using Apache Ant for web application deployment. (violetagg) 58094: Fix cosmetic error log when using non standard non cacheable resources, like with the empty resources used in some tests. (remm) 58096: Classes loaded from /WEB-INF/classes/ should use that directory as their code base. (markt) Fix possible resource leaks by closing streams properly. Issues reported by Coverity Scan. (violetagg) 58116: Fix a regression in the fix for 57281 that broke Comet support when running under a security manager. Based on a patch provided by Johno Crawford. (markt) 58179: Fix a thread safety issues that could mean concurrent threads setting the same attribute on a ServletContext could both see null as the old value. (markt) 58192: Correct a regression in the previous fix for 58023. Ensure that classes are associated with their manifest even if the class file is first read (and cached) without the manifest. (markt) Fix thread safety issue in the AsyncContext implementation that meant a sequence of start();dispatch(); calls using non-container threads could result in a previous dispatch interfering with a subsequent start. (markt)

Coyote

57943: Prevent the same socket being added to the cache twice. Patch based on analysis by Ian Luo / Sun Qi. (markt) Add text/javascript,application/javascript to the default list of compressable MIME types. (violetagg) 58103: When pipelining requests, and the previous request was an async request, ensure that the socket is removed from the waiting requests so that the async timeout thread doesn't process it during the next request. (markt) Fix a concurrency issue that meant that a change in socket timeout (e.g. when switching to asynchronous I/O) did not always take effect immediately. (markt) In the AJP and HTTP NIO connectors, ensure that the socket timeout is correctly set before adding the socket back to the poller for read. (markt) 58157: Ensure that the handling of async timeouts does not result in an unnecessary dispatch to a container thread that could result in the current socket being added to the Poller multiple times with multiple attempts to process the same event for the same socket. (markt) Correct a couple of edge cases in RequestUtil.normalize(). (markt)

Jasper

58110: Like scriptlet sections, declaration sections of JSP pages have a one-to-one mapping of lines to the generated .java file. Use this information to provide more accurate error messages if a compilation error occurs in a declaration section. (markt) 58119: When tags are compiled they must be placed in the org/apache/jsp/tag/web directory. Correct a regression in the fix for 52725. (violetagg) 58178: Expressions in a tag file should use the tag file's PageContext rather than that of the containing page. (markt)

WebSocket

58166: Allow applications to send close codes in the range 3000-4999 inclusive. (markt) 58232: Avoid possible NPE when adding endpoints programmatically to the javax.websocket.server.ServerContainer. Based on a patch provided by bastian.(violetagg)

Web applications

Correct the incorrect document of QueryTimeoutInterceptor. The setting value is not in milliseconds but in seconds. (kfujino) 58112: Update the documentation for using the Catalina tasks in an Apache Ant build file. (markt) Improve the Javadoc for some of the APR socket read functions that have inconsistent behaviour for return values. (markt) 58255: Document the Semaphore valve. Patch provided by Kyohei Nakamura. (markt)

jdbc-pool

Fix potential NPE in QueryTimeoutInterceptor. (kfujino) Add support for stopping the pool cleaner via JMX. (kfujino) The fairness attribute and ignoreExceptionOnPreLoad attribute do not allow a change via JMX. (kfujino) If the timeBetweenEvictionRunsMillis attribute is changed via jmx, it should restart the pool cleaner because this attribute affects the execution interval of the pool cleaner. (kfujino) Eliminate the dependence on maxActive of busy queues and idle queue in order to enable the expansion of the pool size via JMX. (kfujino)

Other

Update sample Eclipse IDE configuration to exclude test/webapp* and similar paths from compiler sourcepath. (kkolinko)

Catalina

57938: Correctly handle empty form fields when a form is submitted as multipart/form-data, the maxPostSize attribute of the Connector has been set to a negative value and the Context has been configured with a value of true for allowCasualMultipartParsing. The meaning of the value zero for the maxPostSize has also been changed to mean a limit of zero rather than no limit to align it with maxSavePostSize and to be more intuitive. (markt) 54618: Add a new HttpHeaderSecurityFilter that adds the Strict-Transport-Security, X-Frame-Options and X-Content-Type-Options HTTP headers to the response. (markt) Add a workaround for issues with SPNEGO authentication when running on Java 8 update 40 and later. The workaround should be safe for earlier Java versions but it can be disabled with the applyJava8u40Fix attribute of the SPNEGO authenticator if necessary. (markt) 57154: Add support for web applications (Context elements) that do not have a docBase. This is primarily for use when embedding but it also fixes a rare issue when running the unit test. Patch provided by Huxing Zhang. (markt) 57959: Fixed deadlock in org.apache.juli.FileHandler when log is rotated. (violetagg) 57977: Correctly bind and unbind the web application class loader during execution of the PersistentValve. (markt) 58023: Fix potentially excessive memory usage due to unnecessary caching of JAR manifests in the web application class loader. (markt) 57700: Ensure that Container event ADD_CHILD_EVENT will be sent in all cases. (violetagg) Add configuration fields for header names in SSLValve. (remm)

Coyote

57265: Further fix to address a potential threading issue for NIO when sendfile is used in conjunction with TLS. (markt) 57931: Ensure that TLS connections with the NIO HTTP connector that experience issues during the handshake (e.g. missing or invalid client certificate) are closed cleanly and that the client receives the correct error code rather than simply closing the connection. (markt) 57943: Added a work-around to catch ConcurrentModificationExceptions during Poller timeout processing that were causing the Poller thread to stop. The root cause of these exceptions is currently unknown. (markt) Fix possible very long (1000 seconds) timeout with APR/native connector. (markt) Support "-" separator in the SSLProtocol configuration of the APR/native connector for protocol exclusion. (rjung)

Cluster

Make sure that stream is closed after using it in DeltaSession.applyDiff(). (kfujino)

WebSocket

57676: List conflicting WebSocket endpoint classes when there is a path conflict. Based upon a patch proposed by yangkun. (schultz) Extend support for the permessage-deflate extension to the client implementation. 57969: Provide path parameters to POJO via per session javax.websocket.server.ServerEndpointConfig as they vary between different requests. (violetagg) 57974: Session.getOpenSessions should return all sessions associated with a given endpoint instance, rather than all sessions from the endpoint class. (remm)

Web applications

57282: Update request processing sequence diagrams. Updated diagrams provided by Stephen Chen. (markt) 57971: Correct the documentation for the cluster configuration setting recoverySleepTime. (markt) 57758: Add document of testOnConnect attribute in jdbc-pool doc. (kfujino) Add description of validatorClassName attribute to testXXXX attributes in jdbc-pool docs. (kfujino)

Tribes

Ensure that the state transfer flag is updated to true only when the map states have been transferred correctly from existing map members. (kfujino) Do not set the nodes that failed to replication to the backup nodes. Ensure that the nodes that the data has been successfully replicated are set to the backup node. (kfujino) When failed to replication, rather than all member is handled as a failed member, exclude the failure members from backup members. (kfujino)

jdbc-pool

Refactoring of the removeOldest method in SlowQueryReport to behave as expected. (kfujino) 57783: Fix NullPointerException in SlowQueryReport. To avoid this NPE, Refactor SlowQueryReport#removeOldest and handle the abandoned connection properly. (kfujino)

Other

Update package renamed Apache Commons BCEL to r1682271 to pick up some some code clean up. (markt) Update package renamed Apache Commons File upload to r1682322 to pick up the post 1.3.1 fixes. (markt) Update package renamed Apache Commons Codec to r1682326. No functional changes. Javadoc only. (markt)

Catalina

Allow logging of the remote port in the access log using the format pattern %{remote}p. (rjung) 57765: When checking last modified times as part of the automatic deployment process, account for the fact that File.lastModified() has a resolution of one second to ensure that if a file has been modified within the last second, the latest version of the file is always used. Note that a side-effect of this change is that files with modification times in the future are treated as if they are unmodified. (markt) Align redeploy resource modification checking with reload modification checking so that now, in both cases, a change in modification time rather than an increase in modification time is used to determine if the resource has changed. (markt) Cleanup o.a.tomcat.util.digester.Digester from debug messages that do not give any valuable information. Patch provided by Polina Genova. (violetagg) 57772: When reloading a web application and a directory representing an expanded WAR needs to be deleted, delete the directory after the web application has been stopped rather than before to avoid potential ClassNotFoundExceptions. (markt) 57801: Improve the error message in the start script in case the PID read from the PID file is already owned by a process. (rjung) 57824: Correct a regression in the fix for 57252 that broke request listeners for non-async requests that triggered an error that was handled by the ErrorReportingValve. (markt/violetagg) 57841: Improve error logging during web application start. (markt) 57856: Ensure that any scheme/port changes implemented by the RemoteIpFilter also affect HttpServletResponse.sendRedirect(). (markt) 57896: Support defensive copying of "cookie" header so that unescaping double quotes in a cookie value does not corrupt original value of "cookie" header. This is an opt-in feature, enabled by org.apache.tomcat.util.http.ServerCookie.PRESERVE_COOKIE_HEADER or org.apache.catalina.STRICT_SERVLET_COMPLIANCE system property. (kkolinko)

Coyote

57779: When an I/O error occurs on a non-container thread only dispatch to a container thread to handle the error if using Servlet 3+ asynchronous processing. This avoids potential deadlocks if an application is performing I/O on a non-container thread without using the Servlet 3+ asynchronous API. (markt) 57833: When using JKS based keystores for NIO, ensure that the key alias is always converted to lower case since that is what JKS key stores expect. Based on a patch by Santosh Giri Govind M. (markt) 57837: Add text/css to the default list of compressable MIME types. (markt)

Jasper

57845: Ensure that, if the same JSP is accessed directly and via a <jsp-file> declaration in web.xml, updates to the JSP are visible (subject to the normal rules on re-compilation) regardless of how the JSP is accessed. (markt) 57855: Explicitly handle the case where a MethodExpression is invoked with null or the wrong number of parameters. Rather than failing with an ArrayIndexOutOfBoundsException or a NullPointerException throw an IllegalArgumentException with a useful error message. (markt)

Cluster

Add new attribute that send all actions for session across Tomcat cluster nodes. (kfujino) Remove unused pathname attribute in mbean definition of BackupManager. (kfujino) 57338: Improve the ability of the ClusterSingleSignOn valve to handle nodes being added and removed from the Cluster at run time. (markt) Avoid unnecessary call of DeltaRequest.addSessionListener() in non-primary nodes. (kfujino)

WebSocket

57762: Ensure that the WebSocket client correctly detects when the connection to the server is dropped. (markt) 57776: Revert the 8.0.21 fix for the permessage-deflate implementation and incorrect op-codes since the fix was unnecessary (the bug only affected trunk) and the fix broke rather than fixed permessage-deflate if an uncompressed message was converted into more than one compressed message. (markt) Fix log name typo in WsRemoteEndpointImplServer class, caused by a copy-paste. (markt/kkolinko) 57788: Avoid NPE when looking up a class hierarchy without finding anything. (remm) Make WebSocket client more robust when handling errors during the close of a WebSocket session. (markt)

Web applications

57759: Add information to the keyAlias documentation to make it clear that the order keys are read from the keystore is implementation dependent. (markt) 57864: Update the documentation web application to make it clearer that hex values are not valid for cluster send options. Based on a patch by Kyohei Nakamura. (markt)

Tribes

Fix a concurrency issue when a backup message that has all session data and a backup message that has diff data are processing at the same time. This fix ensures that MapOwner is set to ReplicatedMapEntry. (kfujino) Clarify the handling of Copy message and Copy nodes. (kfujino) Copy node does not need to send the entry data. It is enough to send only the node information of the entry. (kfujino) ReplicatedMap should send the Copy message when replicating. (kfujino) Fix behavior of ReplicatedMap when member has disappeared. If map entry is primary, rebuild the backup members. If primary node of map entry has disappeared, backup node is promoted to primary. (kfujino) When a map member has been added to ReplicatedMap, make sure to add it to backup nodes list of all other members. (kfujino)

Catalina

55988: Correct the check used for Java 8 JSSE server-preferred TLS cipher suite ordering. Ensure that SSL parameters are provided to SSLServerSocket and SSLEngine. Patch provided by Ognjen Blagojevic. (violetagg)

WebSocket

57761: Ensure that the opening HTTP request is correctly formatted when the WebSocket client connects to a server root. (remm)

Catalina

Clarify threaded usage of variables by removing volatile marker in NonceInfo. Issue reported by Coverity Scan. (fschumacher) 49785: Enable StartTLS connections for JNDIRealm. (fschumacher) 55988: Add support for Java 8 JSSE server-preferred TLS cipher suite ordering. This feature requires Java 8 and is controlled by useServerCipherSuitesOrder attribute on an HTTP connector. Based upon patches provided by Ognjen Blagojevic. (schultz) 56438: Add logging that reports when a JAR is scanned for TLDs but nothing is found so that Tomcat may be configured to skip this JAR in future. Based on a patch by VIN. (markt) 56848: Use Locale.forLanguageTag to process Locale headers when running on a Java 7 or later JRE. (markt) 57021: Improve logging in AprLifecycleListener and jni.Library when Tomcat-Native DLL fails to load. Based on a patch by Pravallika Peddi. (markt/kkolinko) 57180: Further fixes to support the use of arbitrary HTTP methods with the CORS filter. (markt) Warn about problematic setting of appBase. (fschumacher) 57534: CORS Filter should only look at media type component of Content-Type request header. (markt) Ensure that user name checking in the optional SecurityListener is case-insensitive (as documented) and than the case-insensitive comparison is performed using the system default Locale. (markt) When docBase refers internal war and unpackWARs is set to false, avoid registration of the invalid redeploy resource that has been added ".war" extension in duplicate. (kfujino) If WAR exists, it is not necessary to trigger a reload when adding a Directory. (kfujino) 56608: When deploying an external WAR, add watched resources in the expanded directory based on whether the expanded directory is expected to exist rather than if it does exist. When triggering a reload due to a modified watched resource, ensure that multiple changed watched resources only trigger one reload rather than a series of reloads. 57601: Ensure that HEAD requests return the correct content length (i.e. the same as for a GET) when the requested resource includes a resource served by the Default servlet. (jboynes/markt) 57602: Ensure that HEAD requests return the correct content length (i.e. the same as for a GET) when the requested resource includes a resource served by a servlet that extends HttpServlet. (markt) 57621: When an async request completes, ensure that any remaining request body data is swallowed. (markt) 57637: Do not create unnecessary sessions when using PersistentValve. (jboynes/fschumacher) 57645: Correct a regression in the fix for 57190 that incorrectly required the path passed to ServletContext.getContext(String) to be an exact match to a path to an existing context. (markt) Make sure that unpackWAR attribute of Context is handled correctly in HostConfig. (kfujino) When deploying a WAR file that contains a context.xml file and unpackWARs is false ignore any context.xml file that may exist in an expanded directory associated with the WAR. (markt) 57675: Correctly quote strings when using the extended access log. (markt) 57704: Fix potential NPEs during web application start/stop when org.apache.tomcat.InstanceManager is not initialized. (violetagg) Add support for LAST_ACCESS_AT_START system property to SingleSignOn. (kfujino) 57723: Ensure that the Context name and path remain consistent when adding a web application to an embedded Tomcat instance via Tomcat.addWebapp(Host,String,String,String). (markt) 57724: Handle the case in the CORS filter where a user agent includes an origin header for a non-CORS request. (markt) Refactor Authenticator implementations to reduce code duplication. (markt) When searching for SCIs o.a.catalina.Context.getParentClassLoader will be used instead of java.lang.ClassLoader.getParent. Thus one can provide the correct parent class loader when running embedded Tomcat in other environments such as OSGi. (violetagg)

Coyote

57509: Improve length check when writing HTTP/1.1 response headers: reserve space for 4 extra bytes. (kkolinko) 57540: Make TLS/SSL protocol available in a new request attribute (org.apache.tomcat.util.net.secure_protocol_version). (Note that AJP connectors will require mod_jk 1.2.41 or later, or an as-yet-unknown version of mod_proxy_ajp, or configure the proxy to send the AJP_SSL_PROTOCOL request attribute to Tomcat. Please see the bug comments for details.) Based upon a patch provided by Ralf Hauser. (schultz) 57544: Fix potential infinite loop when preparing a kept alive HTTP connection for the next request. (markt) 57546: Ensure that a dropped network connection does not leave references to the UpgradeProcessor associated with the connection in memory. (markt) 57570: Make the processing of trailer headers with chunked input optional and disabled by default. (markt) When applying the maxSwallowSize limit to a connection read that many bytes first before closing the connection to give the client a chance to read the response. (markt) Prevent an async timeout being processed multiple times for the same socket when running on slow and/or heavily loaded systems. (markt) 57581: Change statistics byte counter in coyote Request object to be long to allow values above 2Gb. (kkolinko) Fix a concurrency issue in the APR Poller that meant it was possible under low load for a socket queued to be added to the Poller not to be added for 10 seconds. (markt) 57638: Avoid an IllegalArgumentException when an AJP request body chunk larger than the socket read buffer is being read. This typically requires a larger than default AJP packetSize. (markt) 57674: Avoid a BufferOverflowException when an AJP response body chunk larger than the socket write buffer is being written. This typically requires a larger than default AJP packetSize. (markt) Refactor Connector authentication (only used by AJP) into a separate method. (markt) 57708: Implement a new feature for AJP connectors - Tomcat Authorization. If the new tomcatAuthorization attribute is set to true (it is disabled by default) Tomcat will take an authenticated user name from the AJP protocol and use the appropriate Realm for the request to authorize (i.e. add roles) to that user. (markt) Fix an issue that meant that any pipe-lined data read by Tomcat before an asynchronous request completed was lost during the completion of the asynchronous request. This mean that the pipe-lined request(s) would be lost and/or corrupted. (markt) Update the minimum recommended version of the Tomcat Native library (if used) to 1.1.33. (markt)

Jasper

57136: Ensure only \${ and \#{ are treated as escapes for ${ and #{ rather than \$ and \# being treated as escapes for $ and # when processing literal expressions in expression language. (markt) 57148: When coercing an object to a given type and a PropertyEditor has been registered for the type correctly coerce the empty string to null if the PropertyEditor throws an exception. (kkolinko/markt)

Cluster

Remove unnecessary method that always returns true. The domain filtering works on DomainFilterInterceptor. (kfujino)

WebSocket

Correct a bug in the permessage-deflate implementation that meant that the incorrect op-codes were used if an uncompressed message was converted into more than one compressed message. (markt)

Web applications

Fix possible resource leaks by closing streams properly. Issues reported by Coverity Scan. (fschumacher) 56058: Add links to the AccessLogValve documentation for configuring reverse proxies and/or Tomcat to ensure that the desired information is used entered in the access log when Tomcat is running behind a reverse proxy. (markt) 57503: Make clear that the JULI integration for log4j only works with log4j 1.2.x. (markt) Remove incorrect note from context configuration page in the documentation web application that stated WAR files located outside the appBase were never unpacked. (markt) 57644: Update examples to use Apache Standard Taglib 1.2.5. (jboynes) 57683: Ensure that if a client aborts their connection to the stock ticker example (the only way a client can disconnect), the example continues to work for existing and new clients. (markt) Correct the documentation for deployOnStartup to make clear that if a WAR file is updated while Tomcat is stopped and unpackWARs is true, Tomcat will not detect the changed WAR file when it starts and will not replace the unpacked WAR file with the contents of the updated WAR. (markt)

Extras

57377: Remove the restriction that prevented the use of SSL when specifying a bind address with the JMXRemoteLifecycleListener. Also enable SSL to be configured for the registry as well as the server. (markt)

Tribes

Make sure that refuse the messages from a different domain in DomainFilterInterceptor. (kfujino)

Other

Enhance bean factory used for JNDI resources. New attribute forceString allows to support non-standard string argument property setters. (rjung) Fix TestAbstractAjpProcessor unit test failures on Windows. (kkolinko) Guard the digester from MbeansDescriptorsDigesterSource with its own lock object. (fschumacher) 57558: Add missing JAR in Ant task definition required by the validate task. (markt/kkolinko) List names of Testsuites that have failed or skipped tests when running tests with Ant. (kkolinko) 57703: Update the http-method definition for web applications using a Servlet 2.5 descriptor as per Servlet 2.5 MR 6. (markt) Update to Tomcat Native Library version 1.1.33 to pick up the Windows binaries that are based on OpenSSL 1.0.1m and APR 1.5.1. (markt)

Jasper

57504: Initialize TLD locations cache when creating the ServletContext. (jboynes)

Tribes

Fix a possible deadlock when receiver thread invokes mapMemberAdded() while ping thread invokes memberAlive(). (kfujino)

Catalina

57173: Revert the fix for 56953 that broke annotation scanning in some cases. (markt) 57178: The CORS filter now treats null as a valid origin that matches *. Patch provided by Gregor Zurowski. (markt) 57180: Do not limit the CORS filter to only accepting requests that use an HTTP method defined in RFC 7231. (markt) 57190: Fix ServletContext.getContext(String) when parallel deployment is used so that the correct ServletContext is returned. (markt) 57208: Prevent NPE in JNDI Realm when no results are found in a directory context for a user with specified user name. Based on a patch provided by Jason McIntosh. (violetagg) 57209: Add a new attribute, userSearchAsUser to the JNDI Realm. (markt) 57215: Ensure that the result of calling HttpServletRequest.getContextPath() is neither decoded nor normalized as required by the Servlet specification. (markt) 57216: Improve handling of invalid context paths. A context path should either be an empty string or start with a '/' and do not end with a '/'. Invalid context path are automatically corrected and a warning is logged. The null and "/" values are now correctly changed to "". (markt/kkolinko) Correct message that is logged when load-on-startup servlet fails to load. It was logging a wrong name. (kkolinko) 57239: Correct several message typos. Includes patch by vladk. (kkolinko) Make the session id generator extensible by adding a SessionIdGenerator interface, an abstract base class and a standard implementation. (rjung) Back-port clarification from Servlet 3.1 specification that during async processing an IllegalStateException should be thrown if getRequest() or getResponse() is called after complete() or dispatch(). (markt) Fix a concurrency issue in async processing. Ensure that a non-container thread can not change the async state until the container thread has completed. (markt) 57252: Provide application configured error pages with a chance to handle an async error before the built-in error reporting. (markt) 57281: Enable non-public Filter and Servlet classes to be configured programmatically via the Servlet 3.0 API and then used without error when running under a SecurityManager. (markt) 57308: Remove unnecessary calls to System.getProperty() where more suitable API calls are available. (markt) Add unit tests for RemoteAddrValve and RemoteHostValve. (rjung) Allow to configure RemoteAddrValve and RemoteHostValve to adopt behavior depending on the connector port. Implemented by optionally adding the connector port to the string compared with the patterns allow and deny. Configured using addConnectorPort attribute on valve. (rjung) Optionally trigger authentication instead of denial in RemoteAddrValve and RemoteHostValve. This only works in combination with preemptiveAuthentication on the application context. Configured using invalidAuthenticationWhenDeny attribute on valve. (rjung) Prevent file descriptors leak and ensure that files are closed after retrieving the last modification time. (violetagg) 57326: Enable AsyncListener implementations to re-register themselves during AsyncListener.onStartAsync. (markt) 57331: Allow ExpiresFilter to use "year" as synonym for "years" in its configuration. (kkolinko) Improve SnoopServlet in unit tests. (rjung) Add RequestDescriptor class to unit tests. Adjust TestRewriteValve to use RequestDescriptor. (rjung) Add more AJP unit tests. (rjung) 57363: Log to stderr if LogManager is unable to read configuration files rather than swallowing the exception silently. (markt) 57420: Make UEncoder a local variable in DirContextURLConnection to make it threadsafe. Based on ideas from kkolinko and violetagg. (fschumacher) 57425: Don't add attributes with null value or name to the replicated context. (fschumacher) 57431: Enable usage of custom class for context creation when using embedded tomcat. (fschumacher) 57446: Ensure that ServletContextListeners that have limited access to ServletContext methods are called with the same ServletContext instance for both contextInitialized() and contextDestroyed(). (markt) 57461: When an instance of org.apache.catalina.startup.VersionLoggerListener logs the result of System.getProperty("java.home") don't report it in a manner that makes it look like the JAVA_HOME environment variable. (markt) While closing streams for given resources ensure that if an exception happens it will be handled properly. Issue is reported by Coverity Scan. (violetagg) Change Response to use UEncoder instances with shared safeChars. (fschumacher) Allow VersionLoggerListener to log all system properties. This feature is off by default. (kkolinko)

Coyote

57234: Make SSL protocol filtering to remove insecure protocols case insensitive. (markt) 57265: Fix some potential concurrency issues with sendFile and the NIO connector. (markt) 57324: If the client uses Expect: 100-continue and Tomcat responds with a non-2xx response code, Tomcat also closes the connection. If Tomcat knows the connection is going to be closed when committing the response, Tomcat will now also send the Connection: close response header. (markt) 57340: When using Comet, ensure that Socket and SocketWrapper are only returned to their respective caches once on socket close (it is possible for multiple threads to call close concurrently). (markt) 57446: Ensure that ServletContextListeners that have limited access to ServletContext methods are called with the same ServletContext instance for both contextInitialized() and contextDestroyed(). (markt)

Jasper

CVE-2014-7810: Do not use a privileged code block when evaluating EL expressions when running under a security manager, which allowed to bypass code restrictions. (markt) Fix an issue with BeanELResolver when running under a security manager. Some classes may not be accessible but may have accessible interfaces. (markt) 57316: Fix JspC when directory name contains a character sequence that appears to be URL encoded. (markt)

Cluster

In order to enable define in Cluster element, ClusterSingleSignOn implements ClusterValve. (kfujino) Fix mbean descriptor of ClusterSingleSignOn. (kfujino) 57473: Add sanity check to FarmWebDeployer's WarWatcher to detect suspected incorrect permissions on the watch directory. (schultz)

WebSocket

Correct multiple issues with the flushing of batched messages that could lead to duplicate and/or corrupt messages. (markt) Correctly implement headers case insensitivity. (markt/remm) Allow optional use of user extensions. (remm) Allow using partial binary message handlers. (remm) Limit ping/pong message size. (remm) Allow configuration of the time interval for the periodic event. (remm) More accurate annotations processing. (remm) Allow optional default for origin header in the client. (remm) 57490: Make it possible to use Tomcat's WebSocket client within a web application when running under a SecurityManager. Based on a patch by Mikael Sterner. (markt) Add some debug logging to the WebSocket session to track session creation and session closure. (markt)

Web applications

Update documentation for CGI servlet. Recommend to copy the servlet declaration into web application instead of enabling it globally. Correct documentation for cgiPathPrefix. (kkolinko) Improve HTML version of build instructions and align with BUILDING.txt. Document creating second Eclipse project to compile WebSocket classes with Java 7 (ide-eclipse-websocket target added in 7.0.56). (kkolinko) Improve Tomcat Manager documentation. Rearrange, add section on HTML GUI, document /expire command and Server Status page. (kkolinko) Fix ambiguity of section links on Valves configuration reference page. (kkolinko) 57238: Update information on SSL/TLS on Security and SSL documentation pages. Based on patch by Glen Peterson. (kkolinko) 57261: Add vminfo and threaddump commands to Manager application. Implement VminfoTask and ThreaddumpTask Ant tasks. (kkolinko) 57323: Correct display of outdated sessions in sessions count listing in Manager application. (kkolinko) Add document of ClusterSingleSignOn. (kfujino) Clarify documentation for useBodyEncodingForURI attribute of a connector. (kkolinko)

Other

When downloading required libraries at build time, use random name for temporary file and automatically create destination directory (base.path). (kkolinko) Update optional Checkstyle library to 6.1.1. (kkolinko) Simplify setproxy task in build.xml. Taskdef there is not needed since Ant 1.8.2. (kkolinko) Improve Java 7 support in build.xml. Check whether the specified ${java.7.home} is valid. By default use Java that runs Ant (${java.home}) instead of the one found on $PATH to run JUnit tests. (kkolinko) 57344: Provide sha1 checksum files for Tomcat downloads. Correct filename patterns for apache-tomcat-*-embed.tar.gz archive to exclude an *.asc file. (kkolinko)

Catalina

47919: Extend the information logged when Tomcat starts to optionally log the values of command line arguments (enabled by default) and environment variables (disabled by default). Note that the values added to CATALINA_OPTS and JAVA_OPTS environment variables will be logged, as they are used to build up the command line. (markt) 56401: Log version information when Tomcat starts. (markt/kkolinko) 57022: Ensure SPNEGO authentication continues to work with the JNDI Realm using delegated credentials with recent Oracle JREs. (markt) Correct a couple of NPEs in the JNDI Realm that could be triggered with when not specifying a roleBase and enabling roleSearchAsUser. (markt) Remove the unnecessary registration of context.xml as a redeploy resource. The context.xml having an external docBase has already been registered as a redeploy resources at first. (kfujino) Improve the previous fix for 56401. Avoid logging version information in the constructor since it then gets logged at undesirable times such as when using StoreConfig. (markt) 57105: When parsing web.xml do not limit the buffer element of the jsp-property-group element to integer values as the allowed values are <number>kb or none. (markt) Update the minimum required version of the Tomcat Native library (if used) to 1.1.32. (markt) 57144: Improve ClientAbortException to provide non-null message. (kkolinko) AsyncContext should remain usable until fireOnComplete is called. (remm) AsyncContext createListener should wrap any instantiation exception using a ServletException. (remm)

Coyote

53952: Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch by Marcel Šebek. This feature requires Tomcat Native library 1.1.32 or later. (schultz/jfclere) Disable SSLv3 by default for JSSE based HTTPS connectors (BIO and NIO). The change also ensures that SSLv2 is disabled for these connectors although SSLv2 should already be disabled by default by the JRE. (markt) Disable SSLv3 by default for the APR/native HTTPS connector. (markt) Do not increase remaining counter at end of stream in IdentityInputFilter. (kkolinko) Async state MUST_COMPLETE should still be started. (remm)

Jasper

57099: Ensure that semi-colons are not permitted in JSP import page directives. (markt)

Cluster

Avoid possible integer overflows reported by Coverity Scan. (fschumacher)

WebSocket

57054: Correctly handle the case in the WebSocket client when the HTTP response to the upgrade request can not be read in a single pass; either because the buffer is too small or the server sent the response in multiple packets. (markt) Fix client subprotocol handling. (remm) Add null checks for arguments in remote endpoint. (remm/kkolinko) 57091: Work around the behaviour of the Oracle JRE when creating new threads in an applet environment that breaks the WebSocket client implementation. Patch provided by Niklas Hallqvist. (markt) 57118: Ensure that that an EncodeException is thrown by RemoteEndpoint.Basic.sendObject(Object) rather than an IOException when no suitable Encoder is configured for the given Object. (markt)

Web applications

Correct documentation for ServerCookie.ALLOW_NAME_ONLY system property. (kkolinko) 57049: Clarified that jvmRoute can be set in <Engine>'s jvmRoute or in a system property. (schultz) Correct version of Java WebSocket mentioned in documentation (s/1.0/1.1/). (markt/kkolinko) In examples web application move Async and Comet examples from JSP to Servlet examples page. (kkolinko) Suppress timestamp comments and enable charset header in Javadoc. (kkolinko)

jdbc-pool

57079: Use Tomcat version number for jdbc-pool module when building and shipping the module as part of Tomcat. (markt/kkolinko) Fix broken overview page in javadoc generated via "javadoc" task in jdbc-pool build.xml file. (kkolinko)

Other

56079: The Apache Tomcat Windows service and the Apache Tomcat Windows service monitor application are now digitally signed. (markt) Fix timestamps in Tomcat build and jdbc-pool to use 24-hour format instead of 12-hour one and use UTC timezone. (markt/kkolinko) Improve Tomcat build script to ensure that only one ecj-nn.jar file is present in Tomcat lib directory when Eclipse JDT Compiler is updated to a new version. (kkolinko) 56596: Update to Tomcat Native Library version 1.1.32 to pick up the Windows binaries that are based on OpenSSL 1.0.1j and APR 1.5.1. (markt) In Tomcat tests: log name of the current test method at start time. (kkolinko)