Apache Tomcat 7.0.27 - Changelog

What's new in Apache Tomcat 7.0.6:

January 27th, 2011

General:

· Update to Commons Daemon 1.0.5. (mturk)

Catalina:

· 8705: org.apache.catalina.SessionListener now extends java.util.EventListener. (markt)
· 10526: Add an option to the Authenticators to force the creation of a session on authentication which may offer some performance benefits. (markt)
· 10972: Improve error message if the className attribute is missing on an element in server.xml where it is required. (markt)
· 48692: Provide option to parse application/x-www-form-urlencoded PUT requests. (schultz)
· 48822: Include context name in case of error while stopping or starting a context during its reload. Patch provided by Marc Guillemot. (slaurent)
· 48837: Extend thread local memory leak detection to include classes loaded by subordinate class loaders to the web application's class loader such as the Jasper class loader. Based on a patch by Sylvain Laurent. (markt)
· 48973: Avoid creating a SESSIONS.ser file when stopping an application if there's no session. Patch provided by Marc Guillemot. (slaurent)
· 49000: No longer accept specification invalid name only cookies by default. This behaviour can be restored using a system property. (markt)
· 49159: Improve memory leak protection by renewing threads of the pool when a web application is stopped. (slaurent)
· 49372: Re-fix after connector re-factoring. If connector initialisation fails (e.g. if a port is alreasy in use) do not trigger an LifecycleException for an invalid state transition. (markt)
· 49543 Allow Tomcat to use shared data sources with per application credentials. (fhanik)
· 49650: Remove unnecessary entries package.access property defined in catalina.properties. Patch provided by Owen Farrell. (markt)
· 50106: Correct several MBean descriptors. Patch provided by Eiji Takahashi. (markt)
· Further performance improvements to session ID generation. Remove legacy configuration options that are no longer required. Provide additional options to control the SecureRandom instances used to generate session IDs. (markt)
· 50201: Update the access log reference in StandardEngine when the ROOT web application is redeployed, started, stopped or defaultHost is changed. (markt/kkolinko)
· 50282: Load javax.security.auth.login.Configuration with JreMemoryLeakPreventionListener to avoid memory leak when stopping a web application that would use JAAS. (slaurent)
· 50351: Fix the regression that broke BeanFactory resources caused by the previous fix for 50159. (markt)
· 50352: Ensure that AsyncListener.onComplete() is fired when AsyncContext.complete() is called. (markt)
· 50358: Set the correct LifecycleState when stopping instances of the deprecated Embedded class. (markt)
· Further Lifecycle refactoring for Connectors and associated components. (markt)
· Correct handling of versioned web applications in deployer. (markt)
· Correct removal of LifeCycleListenters from Containers via JMX. (markt)
· Don't use nulls to construct log messages. (markt)
· Code clean-up. Replace use of inefficient constructors with more efficient alternatives. (markt)
· 50411: Ensure sessions are removed from the Store associated with a PersistentManager. (markt)
· 50413: Ensure 304 responses are not returned when using static files as error pages. (markt/kkolinko)
· 50448: Fix possible IllegalStateException caused by recent session management refactoring. (markt)
· Ensure aliases settings for a context are retained after a context is reloaded. (markt)
· Log a warning if context.xml files define values for properties that do not exist (e.g. if there is a typo in a property name). (markt)
· 50453: Correctly handle multiple X-Forwarded-For headers in the RemoteIpFilter and RemoteIpValve. Patch provided by Jim Riggs. (markt)
· 50541: Add support for setting the size limit and time limit for LDAP seaches when using the JNDI Realm with userSearch. (markt)
· All configuration options that use regular expression now require a single regular expression (using java.util.regex) rather than a list of comma-separated or semi-colon-separated expressions. (markt)
· 50496: Bytes sent in the access log are now counted after compression, chunking etc rather than before. (markt)
· 50550: When a new directory is created (e.g. via WebDAV) ensure that a subsequent request for that directory does not result in a 404 response. (markt)
· 50554: Code clean up. (markt)
· 50556: Improve JreMemoryLeakPreventionListener to prevent a potential class loader leak caused by a thread spawned when the class com.sun.jndi.ldap.LdapPoolManager is initialized and the system property com.sun.jndi.ldap.connect.pool.timeout is set to a value greater than 0. (slaurent)

Coyote:

· 47319: Return the client's IP address rather than null for calls to getRemoteHost() when the APR connector is used with enableLookups="true" but the IP address is not resolveable. (markt)
· 50108: Add get/set methods for Connector property minSpareThreads. Patch provided by Eiji Takahashi. (markt)
· 50360: Provide an option to control when the socket associated with a connector is bound. By default, the socket is bound on Connector.init() and released on Connector.destroy() as per the current behaviour but this can be changed so that the socket is bound on Connector.start() and released on Connector.stop(). This fix also includes further Lifecycle refactoring for Connectors and associated components. (markt)
· Remove a huge memory leak in the NIO connector introduced by the fix for 49884. (markt)
· 50467: Protected against NPE triggered by a race condition that causes the NIO poller to fail, preventing the processing of further requests. (markt)

Jasper:

· 13731: Make variables in _jspService() method final where possible. (markt)
· 50408: Fix NoSuchMethodException when using scoped variables with EL method invocation. (markt)
· 50460: Avoid leak caused by using a cached exception instance in JspDocumentParser and ProxyDirContext. (kkolinko)
· 50500: Use correct coercions (as per the EL spec) for arithmetic operations involving string values containing '.', 'e' or 'E'. Based on a patch by Brian Weisleder. (markt)

Cluster:

· 50185: Add additional trace level logging to Tribes to assist with fault diagnosis. Based on a patch by Ariel. (markt)
· Don't try and obtain session data from the cluster if the current node is the only node in the cluster. Log requesting session data as INFO rather than WARNING. (markt)
· 50503: When web application has a version, Engine level Clustering works correctly. (kfujino)
· 50547: Add time stamp for CHANGE_SESSION_ID message and SESSION_EXPIRED message. (kfujino)

Web applications:

· 21157: Ensure cookies are written before the response is commited in the Cookie example. Patch provided by Stefan Radzom. (markt)
· 50294: Add more information to documentation regarding format of configuration files. Patch provided by Luke Meyer. (markt)
· Correctly validate provided context path so sessions for the ROOT web application can be viewed through the HTML Manager. (markt)
· Improve documentation of database connection factory. (rjung)
· 50488: Update classpath required when using jsvc and add a note regarding server VMs. (markt)
· Further filtering of Manager display output. (kkolinko)

Other:

· Don't configure Windows installer to use PID file since it is not removed when the service stops which prevents the service from starting. (markt)
· 14416: Make TagLibraryInfo.getTag() more robust at handling nulls. (markt)
· 50552: Avoid NPE that hides error message when using Ant tasks. (schultz)
· Provide two alternative locations for the libraries downloaded from the ASF web site at build time. Use the main distribution site as default and the archive one as fallback. (kkolinko)

What's new in Apache Tomcat 7.0.0:

June 30th, 2010

Catalina:

· Update Servlet support to the Servlet 3.0 specification. (all)
· Improve and document VirtualWebappLoader. (rjung)
· 43642:prestartminSpareThreads attribute for Executor. (jfclere)
· Switch from AnnotationProcessor to InstanceManager. Patch provided by David Jecks with modifications by Remy. (remm/fhanik)
· r620845 and r669119. Make shutdown address configurable. (jfclere)
· r651977some missing control checks to ThreadWithAttributes. (markt)
· r677640a startup class that does not require any configuration files. (costin)
· r700532 Log if temporary file operations within the CGI servlet fail. Make sure header Reader is closed on failure. (markt)
· r708541 Delete references to DefaultContext which was removed in 6.0.x. (markt)
· r709018 Initial implementation of an asynchronous file handler for JULI. (fhanik)
· Give session thisAccessedTime and lastAccessedTime clear semantics. (rjung)
· Expose thisAccessedTime via Session interface. (rjung)
· Provide a log format for JULI that provides the same information as the default but on a single line. (markt)
· r723889 Provide the ability to configure the Executor job queue size and a timeout for adding jobs to the queue. (fhanik)
· Add support for aliases to StandardContext. This allows content from other directories and/or WAR files to be mapped to paths within the context. (markt)
· Provide clearer definition of Lifecycle interface, particularly start and stop, and align components that implement Lifecycle with this definition. (markt)
· 48662: Provide a new option to control the copying of context XML descriptors from web applications to the host's xmlBase. Copying of XMl descriptors is now disabled by default. (markt)
· Move comet classes from the org.apache.catalina package to the org.apache.catalina.comet package to allow comet to work under a security manager. (markt)

Coyote:

· Port SSLInsecureRenegotiation from mod_ssl. This requires to use tomcat-native 1.2.21 that have option to detect this support from OpenSSL library. (mturk)
· Allow bigger AJP packets also for request bodies and responses using the packetSize attribute of the Connector. (rjung)
· r703017 Make Java socket options consistent between NIO and JIO connector. Expose all the socket options available on java.net.Socket (fhanik)
· 46051: The writer returned by getWriter() now conforms to the PrintWriter specification and uses platform dependent line endings rather than always using \r\n. (markt)
· Use tc-native 1.2.x which is based on APR 1.3.3+ (mturk)
· r724239 NIO connector now always uses an Executor. (fhanik)
· r724393 Implement keepAliveCount for NIO connector in a thread safe manner. (fhanik)
· r724849 Implement keep alive timeout for NIO connector. (fhanik)

Jasper:

· Update JSP support to the JSP 2.2 specification. (markt)
· Update EL support to the EL 2.2 specification. (markt)
· r787978 Use "1.6" as the default value for compilerSourceVM and compilerTargetVM options of Jasper. (kkolinko)
· 48358:support for limiting the number of JSPs that are loaded at any one time. Based on a patch by Isabel Drost. (markt)
· 48689: Access TLD files through a new JarResource interface to make extending Jasper simpler, particularly in OSGi environments. Patch provided by Jarek Gawor. (markt)

High Availability:

· Add support for UDP and secure communication to tribes. (fhanik)
· Add versioning to the tribes communication protocol to support future developments. (fhanik)
· Add a demo on how to use the payload. (fhanik)
· Started toJMX support to the cluster implementation. (markt)
· r609778 Minor fixes to the throughput interceptor and the NIO receiver. (fhanik)
· r630234 Additional checks for the NIO receiver. (fhanik)
· r671650 Improve error message when multicast is not enabled. (fhanik)

Web applications:

· r631321changelog to support the element in the documentation. (fhanik)
· A number of additional roles were added to the Manager and Host Manager applications to separate out permissions for the HTML interface, the text interface and the JMX proxy. (markt)
· CSRF protection was added to the Manager and Host Manager applications. (markt)
· List array elements in the JMX proxy output of the Manager application. (rjung)

Extras:

· A new JmxRemoteLifecycleListener that can be used tothe ports used for remote JMX connections, eg when using JConsole. (markt)

Modules:

· r691359 Added in a Bayeux protocol implementation built on top of the Tomcat CometProcessor interface. (fhanik)

Other:

· Numerous code clean-up changes including the use of generics and removing unused imports, fields, parameters and methods. (markt)
· All deprecated internal code has been removed. Warning: If you have custom components for a previous Tomcat version that extend internal Tomcat classes and override deprecated methods it is highly likely that they will no longer work. (markt)
· Parameterize version number throughout build scripts and source. (rjung)