43
43
<!-- Section names:
44
44
General, Catalina, Coyote, Jasper, Cluster, Web applications, Other
46
<section name="Tomcat 6.0.37 (jfclere)">
46
<section name="Tomcat 6.0.39 (markt)">
47
<subsection name="Catalina">
50
<bug>55166</bug>: Fix regression that broke XML validation when running
51
on some Java 5 JVMs. (kkolinko)
55
<subsection name="Coyote">
58
Make the HTTP NIO connector tolerant of whitespace in the individual
59
values used for the ciphers attribute. (markt)
62
Remove dependency introduced on the jsp-api.jar as part of the XML
63
validation changes introduced in 6.0.38. (markt)
67
<subsection name="Jasper">
70
Correct several errors in jspxml Schema and DTD. (kkolinko)
74
<subsection name="Cluster">
77
Remove an empty TestTwoPhaseCommit test from Tribes. (kkolinko)
81
<subsection name="Web applications">
84
Fix broken link in Jasper How-To documentation. (markt)
87
Align index.html and index.jsp in ROOT web application. Correct links
88
to specifications and to the Tomcat mailing lists. (kkolinko)
91
Remove second copy of RUNNING.txt from the full-docs distribution. Some
92
unpacking utilities can't handle multiple copies of a file with the same
93
name in a directory. (kkolinko)
97
<subsection name="Other">
100
Update sample Eclipse IDE project: use JUnit 4 library and prefer a
101
Java 5 JDK when several JDKs are configured. Cleanup the Ant build
105
Correct Maven dependencies for individual JAR files. (markt)
110
<section name="Tomcat 6.0.38 (markt)" rtext="not released">
111
<subsection name="Catalina">
114
Ensure that when Tomcat's anti-resource locking features are used
115
that the temporary copy of the web application and not the original is
116
removed when the web application stops. (markt/kkolinko)
119
<bug>55019</bug>: Fix a potential exception when accessing JSPs while
120
running under a SecurityManager. (jfclere)
123
<bug>55052</bug>: Make JULI's LogManager to additionally look for
124
logging properties without prefixes if the property cannot be found with
128
<bug>55266</bug>: Ensure that the session ID is parsed from the request
129
before any redirect as the session ID may need to be encoded as part of
130
the redirect URL. (markt)
133
<bug>55404</bug>: Log warnings about using security roles in web.xml as
137
<bug>55268</bug>: Added optional --service-start-wait-time
138
command-line option to change service start wait time from default
139
of 10 seconds. (schultz)
142
Correctly associate the default resource bundle with the English locale
143
so that requests that specify an Accept-Language of English ahead of
144
French, Spanish or Japanese get the English messages they asked for.
148
Add missing JavaEE 5 XML schema definitions. (markt)
151
When Catalina parses TLD files, always use a namespace aware parser to
152
be consistent with how Jasper parses TLD files. The
153
<code>tldNamespaceAware</code> attribute of the Context is now ignored.
157
As per section SRV.14.4.3 of the Servlet 2.5 specification, a namespace
158
aware, validating parser will be used when processing <code>*.tld</code>
159
and <code>web.xml</code> files if the system property
160
<code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to
161
<code>true</code>. (markt)
164
Ensure that sessions IDs are not parsed from URLs for Contexts where
165
<code>disableURLRewriting</code> is <code>true</code>. (markt)
168
Add an option to the Context to control the blocking of XML external
169
entities when parsing XML configuration files and enable this blocking
170
by default when a security manager is used. The block is implemented via
171
a custom resolver to enable the logging of any blocked entities. (markt)
174
<bug>56016</bug>: When loading resources for XML schema validation, take
175
account of the possibility that servlet-api.jar and jsp-api.jar may not
176
be loaded by the same class loader. Patch by Juan Carlos Estibariz.
181
<subsection name="Coyote">
184
<bug>52811</bug>: Fix parsing of Content-Type header in
185
<code>HttpServletResponse.setContentType()</code>. Introduces a new HTTP
186
header parser that follows RFC2616. (markt)
189
<bug>54691</bug>: Add configuration attribute "sslEnabledProtocols"
190
to HTTP connector and document it. (Internally this attribute has
191
been already implemented but not documented, under names "protocols"
192
and "sslProtocols". Those names of this attribute are now deprecated).
196
<bug>54947</bug>: Fix the HTTP NIO connector that incorrectly rejected a
197
request if the CRLF terminating the request line was split across
198
multiple packets. Patch by Konstantin Preißer. (markt)
201
<bug>55228</bug>: Allow web applications to set a HTTP Date header.
205
Better adherence to RFC2616 for content-length headers. (markt)
208
Add support for limiting the size of chunk extensions when using chunked
212
<bug>55749</bug>: Improve the error message when SSLEngine is disabled
213
in the AprLifecycleListener and SSL is configured for an APR/native
217
Avoid possible NPE if a content type is specified without a character set.
222
<subsection name="Jasper">
225
<bug>55198</bug>: Ensure attribute values in tagx files that include EL
226
and quoted XML characters are correctly quoted in the output. (markt)
229
<bug>55671</bug>: Consistently use the configuration option name
230
<code>genStringAsCharArray</code> rather than a mixture of
231
<code>genStrAsCharArray</code> and <code>genStringAsCharArray</code> but
232
retain support for <code>genStrAsCharArray</code> as in initialisation
233
parameter for the JSP servlet to retain backwards compatibility with
234
existing configurations. (markt)
237
<bug>55691</bug>: Fix <code>javax.el.ArrayELResolver</code> to correctly
238
handle the case where the base object is an array of primitives. (markt)
241
<bug>55973</bug>: Fix processing of XML schemas when validation is
242
enabled in Jasper. (kkolinko)
246
<subsection name="Web applications">
249
Add documentation for
250
<code>o.a.c.tribes.group.interceptors.TcpFailureDetector</code>.
254
Complete the documentation for
255
<code>MessageDispatch15Interceptor</code>. (kfujino)
258
Add to cluster document a description of
259
<code>notifyLifecycleListenerOnFailure</code> and
260
<code>heartbeatBackgroundEnabled</code>. (kfujino)
263
<bug>55746</bug>: Add documentation on the <code>allRolesMode</code> to
264
the <code>CombinedRealm</code> and <code>LockOutRealm</code>. Patch by
265
Cédric Couralet. (markt)
268
Fix the sample configuration of <code>StaticMembershipInterceptor</code>
269
in order to prevent warning log. uniqueId must be 16 bytes. (kfujino)
272
<bug>55119</bug>: Avoid CVE-2013-1571 when generating Javadoc. (markt)
276
<subsection name="Other">
279
Update Maven Central location used to download dependencies at build
280
time to be <code>repo.maven.apache.org</code>. (kkolinko)
283
<bug>55663</bug>: Minor correction to the wording of the NOTICE files to
285
<a href="http://www.apache.org/legal/src-headers.html#notice">requirements
286
for NOTICE files</a>. (violetagg)
289
Add <code>@since</code> markers to the common annotations classes and
290
fix a few specification compliance issues. (markt)
293
Update to Eclipse JDT Compiler 4.3.1. (markt)
296
Update the Apache Jakarta JSTL implementation used by the exmaples web
297
application to 1.1.2. (markt)
302
<section name="Tomcat 6.0.37 (jfclere)" rtext="released 2013-05-03">
47
303
<subsection name="Catalina">