-
Notifications
You must be signed in to change notification settings - Fork 4.9k
/
changelog.xml
2461 lines (2437 loc) · 89.6 KB
/
changelog.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE document [
<!ENTITY project SYSTEM "project.xml">
<!-- DTD is used to validate changelog structure at build time. BZ 64931. -->
<!ELEMENT document (project?, properties, body)>
<!ATTLIST document url CDATA #REQUIRED>
<!-- body and title are used both in project.xml and in this document -->
<!ELEMENT body ANY>
<!ELEMENT title (#PCDATA)>
<!-- Elements of project.xml -->
<!ELEMENT project (title, logo, body)>
<!ATTLIST project name CDATA #REQUIRED>
<!ATTLIST project href CDATA #REQUIRED>
<!ELEMENT logo (#PCDATA)>
<!ATTLIST logo href CDATA #REQUIRED>
<!ELEMENT menu (item+)>
<!ATTLIST menu name CDATA #REQUIRED>
<!ELEMENT item EMPTY>
<!ATTLIST item name CDATA #REQUIRED>
<!ATTLIST item href CDATA #REQUIRED>
<!-- Elements of this document -->
<!ELEMENT properties (author*, title, no-comments) >
<!ELEMENT author (#PCDATA)>
<!ATTLIST author email CDATA #IMPLIED>
<!ELEMENT no-comments EMPTY>
<!ELEMENT section (subsection)*>
<!ATTLIST section name CDATA #REQUIRED>
<!ATTLIST section rtext CDATA #IMPLIED>
<!ELEMENT subsection (changelog+)>
<!ATTLIST subsection name CDATA #REQUIRED>
<!ELEMENT changelog (add|update|fix|scode|docs|design)*>
<!ELEMENT add ANY>
<!ELEMENT update ANY>
<!ELEMENT fix ANY>
<!ELEMENT scode ANY>
<!ELEMENT docs ANY>
<!ELEMENT design ANY>
<!ELEMENT bug (#PCDATA)>
<!ELEMENT rev (#PCDATA)>
<!ELEMENT pr (#PCDATA)>
<!-- Random HTML markup tags. Add more here as needed. -->
<!ELEMENT a (#PCDATA)>
<!ATTLIST a href CDATA #REQUIRED>
<!ATTLIST a rel CDATA #IMPLIED>
<!ELEMENT b (#PCDATA)>
<!ELEMENT code (#PCDATA)>
<!ELEMENT em (#PCDATA)>
<!ELEMENT strong (#PCDATA)>
<!ELEMENT tt (#PCDATA)>
]>
<?xml-stylesheet type="text/xsl" href="tomcat-docs.xsl"?>
<document url="changelog.html">
&project;
<properties>
<title>Changelog</title>
<no-comments />
</properties>
<body>
<!--
Subsection ordering:
General, Catalina, Coyote, Jasper, Cluster, WebSocket, Web applications,
Extras, Tribes, jdbc-pool, Other
Item Ordering:
Fixes having an issue number are sorted by their number, ascending.
There is no ordering by add/update/fix/scode/docs/design.
Other fixed issues are added to the end of the list, chronologically.
They eventually become mixed with the numbered issues (i.e., numbered
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 11.0.0-M20 (markt)" rtext="in development">
<subsection name="Catalina">
<changelog>
<update>
Deprecate and remove <code>sessionCounter</code> (replaced by the
addition of the active session count and the expired session count,
as a reasonable approximation) and <code>duplicates</code> (which
does not represent a possible event in current implementations)
statistics from the session manager. (remm)
</update>
<fix>
<bug>68890</bug> Align output encoding of JSPs in the Manager webapp
with the XML declarations in those same files. (schultz)
</fix>
<fix>
Update Basic authentication to implement the requirements of RFC 7617
including the removal of the <code>trimCredentials</code> setting which
is now hard-coded to <code>false</code>. (markt)
</fix>
<add>
Small performance optimization when logging cookies with no values.
(schultz)
</add>
<fix>
Correct error handling for asynchronous requests. If the application
performs an dispatch during <code>AsyncListener.onError()</code> the
dispatch is now performed rather than completing the request using the
error page mechanism. (markt)
</fix>
<add>
Re-factor ElapsedTimeElement in AbstractAccessLogValve to use a customizable
style. (schultz)
</add>
<add>
Add more timescale options to AccessLogValve and ExtendedAccessLogValve.
Allow timescales to apply to "time-taken" token in ExtendedAccessLogValve.
(schultz)
</add>
<fix>
Fix WebDAV lock null (locks for non existing resources) thread safety
and removal. (remm)
</fix>
<fix>
Add periodic checking for WebDAV locks expiration. (remm)
</fix>
<fix>
Extend <code>Asn1Parser</code> to parse <code>UTF8String</code>s. (michaelo)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Add OpenSSL FFM classes to <code>tomcat-embed-core.jar</code>. (remm)
</fix>
<fix>
Align non-secure and secure writes with NIO and skip the write attempt
when there are no bytes to be written. (markt)
</fix>
<fix>
Allow any positive value for <code>socket.unlockTimeout</code>. If a
negative or zero value is configured, the default of <code>250ms</code>
will be used. (mark)
</fix>
<fix>
Reduce the time spent waiting for the connector to unlock. The previous
default of 10s was noticeably too long for cases where the unlock has
failed. The wait time is now 100ms plus twice
<code>socket.unlockTimeout</code>. (markt)
</fix>
<fix>
Ensure that the <code>onAllDataRead()</code> event is triggered when the
request body uses chunked encoding and is read using non-blocking IO.
(markt)
</fix>
<fix>
<bug>68934</bug>: Add debug logging in the latch object when exceeding
<code>maxConnections</code>. (remm)
</fix>
<fix>
Refactor trailer field handling to use a <code>MimeHeaders</code>
instance to store trailer fields. (markt)
</fix>
<fix>
Ensure that multiple instances of the same trailer field are handled
correctly. (markt)
</fix>
<fix>
Fix non-blocking reads of chunked request bodies. (markt)
</fix>
<scode>
Refactor HTTP header parsing to use common parsing code. (markt)
</scode>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<add>
Add support for specifying Java 23 (with the value <code>23</code>) as
the compiler source and/or compiler target for JSP compilation. If used
with an Eclipse JDT compiler version that does not support these values,
a warning will be logged and the default will used.
(markt)
</add>
</changelog>
</subsection>
<subsection name="WebSocket">
<changelog>
<fix>
<bug>68884</bug>: Reduce the write timeout when writing WebSocket close
messages for abnormal closes. The timeout defaults to 50 milliseconds
and may be controlled using the
<code>org.apache.tomcat.websocket.ABNORMAL_SESSION_CLOSE_SEND_TIMEOUT</code>
property in the user properties collection associated with the WebSocket
session. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Web applications">
<changelog>
<fix>
Examples: Improve performance of WebSocket chat application when
multiple clients disconnect at the same time. (markt)
</fix>
<update>
Examples: Increase the number of previous messages displayed when using
the WebSocket chat application. (markt)
</update>
<fix>
Examples: Improve performance of WebSocket snake application when
multiple clients disconnect at the same time. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Other">
<changelog>
<update>
Switch to using the Base64 encoder and decoder provided by the JRE
rather than the version provided by Commons Codec. This removes the
internal fork of Commons Codec. (markt)
</update>
<update>
Update to the Eclipse JDT compiler 4.31. (markt)
</update>
<update>
Update NSIS to 3.10. (mark0t)
</update>
<update>
Update UnboundID to 7.0.0. (markt)
</update>
<update>
Update Checkstyle to 10.16.0. (markt)
</update>
<update>
Update JaCoCo to 0.8.12. (markt)
</update>
<update>
Update SpotBugs to 4.8.4. (markt)
</update>
<update>
Update the internal fork of Apache Commons BCEL to 6.9.0. (markt)
</update>
<update>
Update the internal fork of Apache Commons DBCP to 2.12.0. (markt)
</update>
<add>
Improvements to Japanese translations by tak7iji. (remm)
</add>
</changelog>
</subsection>
</section>
<section name="Tomcat 11.0.0-M19 (remm)" rtext="2024-04-16">
<subsection name="Catalina">
<changelog>
<update>
Add <code>highConcurrencyStatus</code> attribute to the
<code>SemaphoreValve</code> to optionally allow the valve to return an
error status code to the client when a permit cannot be acquired from
the semaphore. (remm)
</update>
<add>
Add checking of the "age" of the running Tomcat instance since its
build-date to the SecurityListener, and log a warning if the server
is old. (schultz)
</add>
<fix>
When using the <code>AsyncContext</code>, throw an
<code>IllegalStateException</code>, rather than allowing an
<code>NullPointerException</code>, if an attempt is made to use the
<code>AsyncContext</code> after it has been recycled. (markt)
</fix>
<add>
Add a default implementation for <code>HttpSession.getAccessor()</code>
to align with the Servlet 6.1 API. (markt)
</add>
<add>
Add the Jakarta EE 11 XML schemas and update Tomcat and included web
applications to use them. (markt)
</add>
<fix>
Change the thread-safety mechanism for protecting StandardServer.services
from a simple synchronized lock to a ReentrantReadWriteLock to allow
multiple readers to operate simultaneously. Based upon a suggestion by
Markus Wolfe. (schultz)
</fix>
<fix>
Improve Service connectors, Container children and Service executors
access sync using a ReentrantReadWriteLock. (remm)
</fix>
<fix>
Improve handling of integer overflow if an attempt is made to upload a
file via the Servlet API and the file is larger than
<code>Integer.MAX_VALUE</code>. (markt)
</fix>
<fix>
<bug>68862</bug>: Handle possible response commit when processing read
errors. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Add <code>threadsMaxIdleTime</code> attribute to the endpoint,
to allow configuring the amount of time before an internal executor
will scale back to the configured <code>minSpareThreads</code> size.
(remm)
</fix>
<update>
Adjust the <code>Set-Cookie</code> header generated by the
<code>Rfc6265CookieProcessor</code> so that attributes with a value of
the empty string will be output as bare attribute names without an
equals sign or value. This will simplify future support for similar new
attributes by removing the need for special handling. (markt)
</update>
<scode>
Refactor the internal representation of the <code>HttpOnly</code> and
<code>Secure</code> attributes to use the empty string as the value for
consistency with the recent changes to <code>Set-Cookie</code> header
generation. (markt)
</scode>
<fix>
Do not generate the <code>Max-Age</code> attribute for
<code>Set-Cookie</code> headers associated with cookies that have been
configured with a <code>Max-Age</code> value of zero as RFC 6265 does
not permit a value of zero in this case. (markt)
</fix>
<fix>
Correct a regression in the support for user provided
<code>SSLContext</code> instances that broke the
<code>org.apache.catalina.security.TLSCertificateReloadListener</code>.
(markt)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
Handle the case where the JSP engine forwards a request/response to a
Servlet that uses an <code>OutputStream</code> rather than a
<code>Writer</code>. This was triggering an
<code>IllegalStateException</code> on code paths where there was a
subsequent attempt to obtain a <code>Writer</code>. (markt)
</fix>
<fix>
Correctly handle the case where a tag library is packaged in a JAR file
and the web application is deployed as a WAR file rather than an
unpacked directory. (markt)
</fix>
<fix>
Prevent the web application's ClassLoader from being pinned by the JSP
compiler if an application uses a custom XMLInputFactory. Based upon a
suggestion from Simon Niederberger. (schultz)
</fix>
</changelog>
</subsection>
<subsection name="Other">
<changelog>
<update>
Update Checkstyle to 10.14.1. (markt)
</update>
<update>
Update the internal fork of Apache Commons BCEL to 6.8.2. (markt)
</update>
<update>
Update the internal fork of Apache Commons Codec to 1.16.1. (markt)
</update>
<add>
Improvements to French translations. (remm)
</add>
<add>
Improvements to Japanese translations by tak7iji. (remm)
</add>
<add>
Improvements to Chinese translations by leeyazhou. (remm)
</add>
</changelog>
</subsection>
</section>
<section name="Tomcat 11.0.0-M18 (markt)" rtext="2024-03-14">
<subsection name="General">
<changelog>
<update>
Reduce the minimum supported Java version to Java 17. (markt)
</update>
</changelog>
</subsection>
<subsection name="Catalina">
<changelog>
<fix>
Minor performance improvement for building filter chains. Based on
ideas from <pr>702</pr> by Luke Miao. (remm)
</fix>
<fix>
Align error handling for <code>Writer</code> and
<code>OutputStream</code>. Ensure use of either once the response has
been recycled triggers a <code>NullPointerException</code> provided that
<code>discardFacades</code> is configured with the default value of
<code>true</code>. (markt)
</fix>
<fix>
<bug>68692</bug>: The standard thread pool implementations that are
configured using the <code>Executor</code> element now implement
<code>ExecutorService</code> for better support NIO2. The
<code>org.apache.catalina.Executor</code> interface now extends
<code>ExecutorService</code>. (remm)
</fix>
<fix>
<bug>68495</bug>: When restoring a saved POST request after a successful
FORM authentication, ensure that neither the URI, the query string nor
the protocol are corrupted when restoring the request body. (markt)
</fix>
<fix>
After forwarding a request, attempt to unwrap the response in order to
suspend it, instead of simply closing it if it was wrapped. Add a new
<code>suspendWrappedResponseAfterForward</code> boolean attribute on
<code>Context</code> to control the bahavior, defaulting to
<code>true</code>. (remm)
</fix>
<fix>
<bug>68721</bug>: Workaround a possible cause of duplicate class
definitions when using <code>ClassFileTransformer</code>s and the
transformation of a class also triggers the loading of the same class.
(markt)
</fix>
<fix>
The rewrite valve should not do a rewrite if the output is identical
to the input. (remm)
</fix>
<update>
Add a new <code>valveSkip</code> (or <code>VS</code>) rule flag to the
rewrite valve to allow skipping over the next valve in the Catalina
pipeline. (remm)
</update>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Fix bad symbol lookup use in the OpenSSL FFM code. (remm)
</fix>
<fix>
Improve the HTTP/2 stream prioritisation process. If a stream uses all
of the connection windows and still has content to write, it will now be
added to the backlog immediately rather than waiting until the write
attempt for the remaining content. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<add>
Add method invocation support for <code>java.util.Optional</code> via
the <code>jakarta.el.OptionalELResolver</code> to Tomcat's
implementation of the Jakarta EL API to align with the latest proposals
for the Jakarta EL 6.0 API. The property support has also been refined
for greater consistency. (markt)
</add>
<update>
The defaults for <code>compilerSourceVM</code> and
<code>compilerTargetVM</code> have been updated to 17 to align with Java
17 being the minimum Java version required for Tomcat 11. (markt)
</update>
</changelog>
</subsection>
<subsection name="Cluster">
<changelog>
<fix>
Avoid updating request count stats on async. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Other">
<changelog>
<add>
Improvements to French translations. (remm)
</add>
<add>
Improvements to Japanese translations by tak7iji. (markt)
</add>
<fix>
<bug>57130</bug>: Allow digest.(sh|bat) to accept password from a file
or stdin. (csutherl/schultz)
</fix>
</changelog>
</subsection>
</section>
<section name="Tomcat 11.0.0-M17 (markt)" rtext="2024-02-19">
<subsection name="Catalina">
<changelog>
<add>
Implement <code>HttpSession.getAccessor()</code> which provides a
mechanism for applications to interact with an <code>HttpSession</code>
outside the standard Servlet processing of an HTTP request. This is
expected to be especially useful with applications using the Jakarta
WebSocket API. (markt)
</add>
<fix>
Correct JPMS and OSGi meta-data for <code>tomcat-embed-core.jar</code>
by removing reference to <code>org.apache.catalina.ssi</code> package
that is no longer included in the JAR. Based on pull request
<pr>684</pr> by Jendrik Johannes. (markt)
</fix>
<fix>
Fix ServiceBindingPropertySource so that trailing <code>\r\n</code>
sequences are correctly removed from files containing property values
when configured to do so. Bug identified by Coverity Scan. (markt)
</fix>
<add>
Add improvements to the CSRF prevention filter including the ability
to skip adding nonces for resource name and subtree URL patterns. (schultz)
</add>
<fix>
Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
</fix>
<fix>
<bug>68089</bug>: Further improve the performance of request attribute
access for <code>ApplicationHttpRequest</code> and
<code>ApplicationRequest</code>. (markt)
</fix>
<fix>
<bug>68559</bug>: Allow asynchronous error handling to write to the
response after an error during asynchronous processing. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Setting a <code>null</code> value for a cookie attribute should remove
the attribute. (markt)
</fix>
<fix>
Optimize state handling for OpenSSL context callbacks with the FFM API.
(remm)
</fix>
<fix>
Make asynchronous error handling more robust. Ensure that once a
connection is marked to be closed, further asynchronous processing
cannot change that. (markt)
</fix>
<fix>
Make asynchronous error handling more robust. Ensure that once the call
to <code>AsyncListener.onError()</code> has returned to the container,
only container threads can access the <code>AsyncContext</code>. This
protects against various race conditions that woudl otherwise occur if
application threads continued to access the <code>AsyncContext</code>.
</fix>
<fix>
Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. In particular, most of the
HTTP/2 debug logging has been changed to trace level. (remm)
</fix>
<fix>
Add support for user provided <code>SSLContext</code> instances
configured on <code>SSLHostConfigCertificate</code> instances. Based on
pull request <pr>673</pr> provided by Hakan Altındağ. (markt)
</fix>
<fix>
Partial fix for <bug>68558</bug>: Cache the result of converting to
<code>String</code> for request URI, HTTP header names and the request
<code>Content-Type</code> value to improve performance by reducing
repeated <code>byte[]</code> to <code>String</code> conversions. (markt)
</fix>
<fix>
Improve error reporting to HTTP/2 clients for header processing errors
by reporting problems at the end of the frame where the error was
detected rather than at the end of the headers. (markt)
</fix>
<fix>
Remove the remaining reference to a stream once the stream has been
recycled. This makes the stream eligible for garbage collection earlier
and thereby improves scalability. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<fix>
Additional fixes to correctly support <code>length</code> as a read-only
property of an array via the <code>ArrayELResolver</code>. (markt)
</fix>
<fix>
<bug>68546</bug>: Generate optimal size and types for JSP imports maps,
as suggested by John Engebretson. (remm)
</fix>
<fix>
Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
</fix>
</changelog>
</subsection>
<subsection name="WebSocket">
<changelog>
<fix>
Correct a regression in the fix for <bug>66508</bug> that could cause an
<code>UpgradeProcessor</code> leak in some circumstances. (markt)
</fix>
<fix>
Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
</fix>
<fix>
Ensure that WebSocket connection closure completes if the connection is
closed when the server side has used the proprietary suspend/resume
feature to suspend the connection. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Web applications">
<changelog>
<add>
Add support for responses in JSON format from the examples application
RequestHeaderExample. (schultz)
</add>
</changelog>
</subsection>
<subsection name="Other">
<changelog>
<fix>
Correct the remaining OSGi contract references in the manifest files to
refer to the Jakarta EE contract names rather than the Java EE contract
names. Based on pull request <pr>685</pr> provided by Paul A. Nicolucci.
(markt)
</fix>
<update>
Update Checkstyle to 10.13.0. (markt)
</update>
<update>
Update JSign to 6.0. (markt)
</update>
<update>
Update the packaged version of the Tomcat Migration Tool for Jakarta EE
to 1.0.7. (markt)
</update>
<update>
Update Tomcat Native to 2.0.7. (markt)
</update>
<update>
Add strings for debug level messages. (remm)
</update>
<add>
Improvements to French translations. (remm)
</add>
<add>
Improvements to Japanese translations by tak7iji. (markt)
</add>
</changelog>
</subsection>
</section>
<section name="Tomcat 11.0.0-M16 (markt)" rtext="2024-01-09">
<subsection name="Catalina">
<changelog>
<add>
Allow alternate redirect status code for directory redirects issued by
the default servlet via the init param
<code>directoryRedirectStatusCode</code>. (funkman/markt)
</add>
<update>
<bug>68378</bug>: Align extension to MIME type mappings in the global
web.xml with those in httpd by adding
<code>application/vnd.geogebra.slides</code> for <code>ggs</code>,
<code>text/javascript</code> for <code>mjs</code> and
<code>audio/ogg</code> for opus. (markt)
</update>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Refactor the <code>VirtualThreadExecutor</code> so that it can be used
by the NIO2 connector which was using platform threads even when
configured to use virtual threads. (markt)
</fix>
<fix>
Correct a regression in the fix for <bug>67675</bug> that broke TLS key
file parsing for PKCS#8 format keys that do not specify an explicit
pseudo-random function and rely on the default. This typically affects
keys generated by OpenSSL 1.0.2. (markt)
</fix>
<fix>
Allow multiple operations with the same name on introspected mbeans,
fixing a regression caused by the introduction of a second
<code>addSslHostConfig</code> method. (remm)
</fix>
<fix>
Relax the check that the HTTP Host header is consistent with the host
used in the request line, if any, to make the check case insensitive
since host names are case insensitive. (markt)
</fix>
<add>
<bug>68348</bug>: Add support for the partitioned attribute for cookies
including session cookies. (markt)
</add>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<update>
The defaults for <code>compilerSourceVM</code> and
<code>compilerTargetVM</code> have been updated to 21 to align with Java
21 being the minimum Java version required for Tomcat 11. (markt)
</update>
</changelog>
</subsection>
<subsection name="Web Applications">
<changelog>
<fix>
<bug>68035</bug>: Additional fix to the Manager application to enable
the deployment of a web application located in a Host's
<code>appBase</code> where the web application is specified by a bare
(no path) WAR or directory name as shown in the documentation. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Other">
<changelog>
<update>
Update to the Eclipse JDT compiler 4.30. (markt)
</update>
<update>
Update Checkstyle to 10.12.7. (markt)
</update>
<update>
Update SpotBugs to 4.8.3. (markt)
</update>
<add>
Improvements to French translations. (remm)
</add>
<add>
Improvements to Japanese translations by tak7iji. (markt)
</add>
</changelog>
</subsection>
</section>
<section name="Tomcat 11.0.0-M15 (markt)" rtext="2023-12-12">
<subsection name="Catalina">
<changelog>
<fix>
Background processes should not be run concurrently with lifecycle
operations of a container. (remm)
</fix>
<add>
Add support for the <code>jakarta.servlet.request.secure_protocol</code>
request attribute that has been added in Jakarta Servlet 6.1. This
replaces the now deprecated Tomcat specific request attribute
<code>org.apache.tomcat.util.net.secure_protocol_version</code>. (markt)
</add>
<add>
Align behaviour with the latest addition to the Servlet 6.1
specification that requires that all HTTP error dispatches use the GET
method. (markt)
</add>
<fix>
Correct unintended escaping of XML in some WebDAV responses. The XML
list of support locks when provided in response to a PROPFIND request
was incorrectly XML escaped. (markt)
</fix>
<fix>
<bug>68227</bug>: Ensure that <code>AsyncListener.onComplete()</code> is
called if <code>AsyncListener.onError()</code> calls
<code>AsyncContext.dispatch()</code>. (markt)
</fix>
<fix>
<bug>68228</bug>: Use a 408 status code if a read timeout occurs during
HTTP request processing. Includes a test case based on code provided by
adwsingh. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<fix>
Use Java code to load certificate chain when using OpenSSL through
the FFM API. (remm)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<scode>
<bug>68119</bug>: Refactor the <code>CompositeELResolver</code> to
improve performance during type conversion operations. (markt)
</scode>
</changelog>
</subsection>
<subsection name="Web Applications">
<changelog>
<fix>
Examples. Improve the error handling so snakes associated with a user
that drops from the network are removed from the game. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Other">
<changelog>
<update>
Update the OWB module to Apache OpenWebBeans 4.0.1. (remm)
</update>
<fix>
<bug>68124</bug>: Migrate sample.war from javax to jakarta. (lihan)
</fix>
<update>
Update UnboundID to 6.0.11. (markt)
</update>
<update>
Update Checkstyle to 10.12.5. (markt)
</update>
<update>
Update SpotBugs to 4.8.2. (markt)
</update>
<update>
Update Derby to 10.17.1. (markt)
</update>
<add>
Improvements to French translations. (remm)
</add>
<add>
Improvements to Japanese translations by tak7iji. (markt)
</add>
<add>
Improvements to Brazilian Portuguese translations by John William
Vicente. (markt)
</add>
<add>
Improvements to Russian translations by usmazat and remm. (markt)
</add>
</changelog>
</subsection>
</section>
<section name="Tomcat 11.0.0-M14 (markt)" rtext="2023-11-15">
<subsection name="Catalina">
<changelog>
<fix>
<bug>67667</bug>: <code>TLSCertificateReloadListener</code> prints
unreadable rendering of <code>X509Certificate#getNotAfter()</code>.
(michaelo)
</fix>
<update>
The status servlet included in the manager webapp can now output
statistics as JSON, using the <code>JSON=true</code> URL parameter.
(remm)
</update>
<update>
Optionally allow ServiceBindingPropertySource to trim a trailing newline
from a file containing a property-value. (schultz)
</update>
<update>
Use Files.move instead of File.renameTo in the FarmWebDeployer to
support a broader range of environments, and to give better information
in the event of a failure. (schultz)
</update>
<fix>
<bug>67793</bug>: Ensure the original session timeout is restored after
FORM authentication if the user refreshes a page during the FORM
authentication process. Based on a suggestion by Mircea Butmalai.
(markt)
</fix>
<update>
<bug>67926</bug>: <code>PEMFile</code> prints unidentifiable string
representation of ASN.1 OIDs. (michaelo)
</update>
<fix>
<bug>66875</bug>: Ensure that setting the request attribute
<code>jakarta.servlet.error.exception</code> is not sufficient to
trigger error handling for the current request and response. (markt)
</fix>
<fix>
<bug>68054</bug>: Avoid some file canonicalization calls introduced
by the fix for <bug>65433</bug>. (remm)
</fix>
<fix>
<bug>68089</bug>: Improve performance of request attribute access for
<code>ApplicationHttpRequest</code> and <code>ApplicationRequest</code>.
(markt)
</fix>
<fix>
Use a 400 status code to report an error due to a bad request (e.g. an
invalid trailer header) rather than a 500 status code. (markt)
</fix>
<fix>
Ensure that an <code>IOException</code> during the reading of the
request triggers always error handling, regardless of whether the
application swallows the exception. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Coyote">
<changelog>
<add>
<bug>66670</bug>: Add <code>SSLHostConfig#certificateKeyPasswordFile</code> and
<code>SSLHostConfig#certificateKeystorePasswordFile</code>. (michaelo)
</add>
<add>
When calling
<code>SSLHostConfigCertificate.setCertificateKeystore(ks)</code>,
automatically call
<code>setCertificateKeystoreType(ks.getType())</code>. (markt)
</add>
<add>
Add OpenSSL integration using the FFM API rather than Tomcat Native.
OpenSSL support may be enabled by adding the
<code>org.apache.catalina.core.OpenSSLLifecycleListener</code>
listener on the <code>Server</code> element when using Java 22
(starting with preview build 20) or later. (remm)
</add>
<fix>
<bug>67628</bug>: Clarify how the <code>ciphers</code> attribute of the
<code>SSLHostConfig</code> is used. (markt)
</fix>
<fix>
<bug>67666</bug>: Ensure TLS connectors using PEM files either work with
the <code>TLSCertificateReloadListener</code> or, in the rare case that
they do not, log a warning on Connector start. (markt)
</fix>
<fix>
<bug>67675</bug>: Support a wider range of KDF and ciphers for PEM files
than the combinations supported by the JVM by default. Specifically,
support the OpenSSL default of HmacSHA256 and DES-EDE3-CBC. (markt)
</fix>
<fix>
<bug>67927</bug>: Reloading TLS configuration can cause the Connector to
refuse new connections or the JVM to crash. (markt)
</fix>
<fix>
<bug>67938</bug>: Correct handling of large TLS client hello messages
that were causing the TLS handshake to fail. (markt)
</fix>
<fix>
<bug>68026</bug>: Convert selected <code>MessageByte</code> values to
String when first accessed to speed up subsequent accesses and reduce
garbage collection. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Jasper">
<changelog>
<add>
Add support for Records to expression language. (markt)
</add>
<fix>
<bug>68068</bug>: Performance improvement for EL. Based on a suggestion
by John Engebretson. (markt)
</fix>
</changelog>
</subsection>
<subsection name="WebSocket">
<changelog>
<fix>
Correct missing metadata in the MANIFEST of the for WebSocket client API
JAR file. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Web applications">
<changelog>
<fix>
<bug>68035</bug>: Correct a regression in the fix for <bug>56248</bug>
that prevented deployment via the Manager of a WAR or directory that was
already present in the <code>appBase</code> or a context file that was
already present in the <code>xmlBase</code>. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Other">
<changelog>
<add>
<bug>67538</bug>: Make use of Ant's <code><javaversion /></code> task
to enfore the mininum Java build version. (michaelo)
</add>
<update>
Update Checkstyle to 10.12.4. (markt)
</update>