Apache Tomcat Changelog

New in version 8.0.15 Beta

November 13th, 2014
  • Catalina:
  • Add: 43548: Add an XML schema for the tomcat-users.xml file. (markt)
  • Add: 43682: Add support for referring to the current context, host and service name in per Context logging.properties files by using the properties ${classloader.webappName}, ${classloader.hostName} and ${classloader.serviceName}. (markt)
  • Add: 47919: Extend the information logged when Tomcat starts to optionally log the values of command line arguments (enabled by default) and environment variables (disabled by default). Note that the values added to CATALINA_OPTS and JAVA_OPTS environment variables will be logged, as they are used to build up the command line. (markt)
  • Add: 49939: Expose the method that clears the static resource cache for a web application via JMX. (markt)
  • Fix: 55951: Allow cookies to use UTF-8 encoded values in HTTP headers. This requires the use of the RFC6265 CookieProcessor. (markt)
  • Fix: 55984: Using the allow separators in version 0 cookies option with the legacy cookie processor should only apply to version 0 cookies. Version 1 cookies with values that contain separators should not be affected and should continue to be quoted. (markt)
  • Add: 56393: Add support for RFC6265 cookie parsing and generation. This is currently disabled by default and may be enabled via the CookieProcessor element of a Context. (markt)
  • Add: 56394: Introduce new configuration element CookieProcessor in Context to allow context-specific configuration of cookie processing options. Attributes of Context element that were added in Tomcat 8.0.13 to allow configuration of a new experimental RFC6265 based cookie parser (useRfc6265 and cookieEncoding) are replaced by this new configuration element. (markt)
  • Fix: Improve the previous fix for 56401. Avoid logging version information in the constructor since it then gets logged at undesirable times such as when using StoreConfig. (markt)
  • Fix: 56403: Add pluggable password derivation support to the Realms via the new CredentialHandler interface. (markt/schultz)
  • Fix: 57016: When using the PersistentValve do not remove sessions from the store when persisting them. (markt)
  • Add: Deprecate the use of system proprties to control cookie parsing and replace them with attributes on the new CookieProcessor that may be configured on a per context basis. (markt)
  • Fix: Correct an edge case and allow a cookie if the value starts with an equals character and the CookieProcessor is not configured to allow equals characters in cookie values but is configured to allow name only cookies. (markt)
  • Fix: 57022: Ensure SPNEGO authentication continues to work with the JNDI Realm using delegated credentials with recent Oracle JREs. (markt)
  • Fix: 57027: Add additional validation for stored credentials used by Realms when the credential is stored using hex encoding. (markt)
  • Fix: 57038: Add a WebResource.getCodeBase() method, implement for all WebResource implementations and then use it in the web application class loader to set the correct code base for resources loaded from JARs and WARs. (markt)
  • Fix: Correct a couple of NPEs in the JNDI Realm that could be triggered with when not specifying a roleBase and enabling roleSearchAsUser. (markt)
  • Fix: Correctly handle relative values for the docBase attribute of a Context. (markt)
  • Fix: Ensure that log messages generated by the web application class loader correctly identify the associated Context when multiple versions of a Context with the same path are present. (markt)
  • Fix: Remove the unnecessary registration of context.xml as a redeploy resource. The context.xml having an external docBase has already been registered as a redeploy resource at first. (kfujino)
  • Fix: 57089: Ensure that configuration of a session ID generator is not lost when a web application is reloaded. (markt)
  • Fix: 57105: When parsing web.xml do not limit the buffer element of the jsp-property-group element to integer values as the allowed values are kb or none. (markt)
  • Update: Update the minimum required version of the Tomcat Native library (if used) to 1.1.32. (markt)
  • Fix: Update storeconfig with newly introduced elements: SessionIdGenerator, CookieProcessor, JarScanner and JarScanFilter. (remm)
  • Fix: Throw a NullPointerException if a null string is passed to the write(String,int,int) method of the PrintWriter obtained from the ServletResponse. (markt)
  • Fix: Cookie rewrite flag abbreviation should be CO rather than C. (remm)
  • Fix: 57153: When the StandardJarScanner is configured to scan the full class path, ensure that class path entries added directly to the web application class loader are scanned. (markt)
  • Fix: AsyncContext should remain usable until fireOnComplete is called. (remm)
  • Fix: AsyncContext createListener should wrap any instantiation exception using a ServletException. (remm)
  • Fix: 57155: Allow a web application to be configured that does not have a docBase on the file system. This is primarily intended for use when embedding. (markt)
  • Fix: Propagate header ordering from fileupload to the part implementation. (remm)
  • Coyote:
  • Add: 53952: Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch by Marcel Šebek. This feature requires Tomcat Native library 1.1.32 or later. (schultz/jfclere)
  • Code: Cache the Encoder instances used to convert Strings to byte arrays in the Connectors (e.g. when writing HTTP headers) to improve throughput. (markt)
  • Add: Disable SSLv3 by default for JSSE based HTTPS connectors (BIO, NIO and NIO2). The change also ensures that SSLv2 is disabled for these connectors although SSLv2 should already be disabled by default by the JRE. (markt)
  • Add: Disable SSLv3 by default for the APR/native HTTPS connector. (markt)
  • Fix: Do not increase remaining counter at end of stream in IdentityInputFilter. (kkolinko)
  • Fix: Trigger an error if an invalid attempt is made to use non-blocking IO. (markt)
  • Fix: 57157: Allow calls to AsyncContext.start(Runnable) during non-blocking IO reads and writes. (markt)
  • Fix: Async state MUST_COMPLETE should still be started. (remm)
  • Jasper:
  • Fix: 57099: Ensure that semi-colons are not permitted in JSP import page directives. (markt)
  • Fix: 57113: Fix broken package imports in Expression Language when more than one package was imported and the desired class was not in the last package imported. (markt)
  • Fix: 57132: Fix import conflicts reporting in Expression Language. (kkolinko)
  • Fix: When coercing an object to a given type, only attempt coercion to an array if both the object type and the target type are an array type. (violetagg/markt)
  • Fix: Improve handling of invalid input to javax.el.ImportHandler.resolveClass(). (markt)
  • Fix: Allow the same class to be added to an instance of javax.el.ImportHandler more than once without triggering an error. The second and subsequent calls for the same class will be ignored. (markt)
  • Fix: 57136: Ensure only \${ and \#{ are treated as escapes for ${ and #{ rather than \$ and \# being treated as escapes for $ and # when processing literal expressions in expression language. (markt)
  • Fix: When coercing an object to an array type in Expression Language, handle the case where the source object is an array of primitives. (markt/kkolinko)
  • Fix: Do not throw an exception on missing JSP file servlet initialization. (remm)
  • Fix: 57148: When coercing an object to a given type and a PropertyEditor has been registered for the type correctly coerce the empty string to null if the PropertyEditor throws an exception. (kkolinko/markt)
  • Fix: 57153: Correctly scan for TLDs located in directories that represent exanded JARs files that have been added to the web application class loader's class path. (markt)
  • Fix: 57141: Enable EL in JSPs to refer to static fields of imported classes including the standard java.lang.* imports. (markt)
  • Cluster:
  • Fix: Add support for the SessionIdGenerator to cluster manager template. (kfujino)
  • Fix: Avoid possible integer overflows reported by Coverity Scan. (fschumacher)
  • WebSocket:
  • Fix: 57054: Correctly handle the case in the WebSocket client when the HTTP response to the upgrade request can not be read in a single pass; either because the buffer is too small or the server sent the response in multiple packets. (markt)
  • Add: Extend support for the permessage-deflate extension to the client implementation. (markt)
  • Fix: Fix client subprotocol handling. (remm)
  • Fix: Add null checks for arguments in remote endpoint. (remm/kkolinko)
  • Fix: 57091: Work around the behaviour of the Oracle JRE when creating new threads in an applet environment that breaks the WebSocket client implementation. Patch provided by Niklas Hallqvist. (markt)
  • Fix: 57118: Ensure that that an EncodeException is thrown by RemoteEndpoint.Basic.sendObject(Object) rather than an IOException when no suitable Encoder is configured for the given Object. (markt)
  • Web applications:
  • Fix: Correct a couple of broken links in the Javadoc. (markt)
  • Fix: Correct documentation for ServerCookie.ALLOW_NAME_ONLY system property. (kkolinko)
  • Fix: 57049: Clarified that jvmRoute can be set in 's jvmRoute or in a system property. (schultz)
  • Fix: Correct version of Java WebSocket mentioned in documentation (s/1.0/1.1/). (markt/kkolinko)
  • Update: Suppress timestamp comments in Javadoc. (kkolinko)
  • Fix: 57147: Various corrections to the JDBC Store section of the session manager configuration page of the documentation web application. (markt)
  • Tribes:
  • Fix: 45282: Improve shutdown of NIO receiver so that sockets are closed cleanly. (fhanik/markt)
  • jdbc-pool:
  • Fix: 57005: Fix javadoc errors when building with Java 8. Patch provided by Pierre Viret. (markt)
  • Fix: 57079: Use Tomcat version number for jdbc-pool module when building and shipping the module as part of Tomcat. (markt)
  • Fix: Fix broken overview page in javadoc generated via "javadoc" task in jdbc-pool build.xml file. (kkolinko)
  • Other:
  • Fix: 56079: The uninstaller packaged with the Apache Tomcat Windows installer is now digitally signed. (markt)
  • Fix: Fix timestamps in Tomcat build and jdbc-pool to use 24-hour format instead of 12-hour one and use UTC timezone. (markt/kkolinko)
  • Fix: Update the package renamed copy of Apache Commons DBCP 2 to revision 1631450 to pick up additional fixes since the 2.0.1 release including Javadoc corrections to fix errors when compiling with Java 8. (markt)
  • Update: 56596: Update to Tomcat Native Library version 1.1.32 to pick up the Windows binaries that are based on OpenSSL 1.0.1j and APR 1.5.1. (markt)
  • Code: In Tomcat tests: log name of the current test method at start time. (kkolinko)

New in version 7.0.56 (October 15th, 2014)

  • Catalina:
  • fix When scanning class files (e.g. for annotations) and reading the number of parameters in a MethodParameters structure only read a single byte (rather than two bytes) as per the JVM specification. Patch provided by Francesco Komauli. (markt)
  • fix Allow the JNDI Realm to start even if the directory is not available. The directory not being available is not fatal once the Realm is started and it need not be fatal when the Realm starts. Based on a patch by Cédric Couralet. (markt)
  • fix 56736: Avoid an incorrect IllegalStateException if the async timeout fires after a non-container thread has called AsyncContext.dispatch() but before a container thread starts processing the dispatch. (markt)
  • fix 56739: If an application handles an error on an application thread during asynchronous processing by calling HttpServletResponse.sendError(), then ensure that the application is given an opportunity to report that error via an appropriate application defined error page if one is configured. (markt)
  • fix 56771: When lookup for a resource in all the alternate or backup javax.naming.directory.DirContext, javax.naming.NameNotFoundException will be thrown at the end of the search if the resource is not available in these alternate or backup javax.naming.directory.DirContext. Based on a patch by Sheldon Shao. (violetagg)
  • fix 56796: Remove unnecessary sleep when stopping a web application. (markt)
  • fix 56801: Improve performance of org.apache.tomcat.util.file.Matcher which is to filter JARs for scanning during web application start. Based on a patch by Sheldon Shao. (kkolinko)
  • fix 56825: Enable pre-emptive authentication to work with the SSL authenticator. Based on a patch by jlmonteiro. (markt)
  • fix 56857: Fix thread safety issue when calling ServletContext methods while running under a security manager. (markt)
  • code 56882: Add testcase for processing of forwards and includes when Context have been reloaded. (kkolinko)
  • fix 56900: Fix some potential resource leaks when reading property files reported by Coverity Scan. Based on patches provided by Felix Schumacher. (markt)
  • fix 56902: Fix a potential resource leak in the Default Servlet reported by Coverity Scan. Based on a patch provided by Felix Schumacher. (markt)
  • fix 56903: Correct the return value for StandardContext.getResourceOnlyServlets() so that multiple names are separated by commas. Identified by Coverity Scan and fixed based on a patch by Felix Schumacher. (markt)
  • fix Fixed the multipart elements merge operation performed during web application deployment. Identified by Coverity Scan. (violetagg)
  • fix Correct the information written by ExtendedAccessLogValve when a format token x-O(XXX) is used so that multiple values for a header XXX are separated by commas. Identified by Coverity Scan. (violetagg)
  • fix Fix a potential resource leak when reading MANIFEST.MF file for extension dependencies reported by Coverity Scan. (violetagg)
  • fix Correctly handle multiple accept-language headers rather than just using the first header to determine the user's preferred Locale. (markt)
  • fix Fix some potential resource leaks when reading properties, files and other resources. Reported by Coverity Scan. (violetagg)
  • fix When using parallel deployment and undeployOldVersions feature is enabled on a Host, correctly undeploy context of old version. Make sure that Tomcat does not undeploy older Context if current context is not running. (kfujino)
  • fix When deploying war, add XML file in the config base to the redeploy resources if war does not have META-INF/context.xml or deployXML is false. If XML file is created in the config base, redeploy will occur. (kfujino)
  • code Various changes to reduce unnecessary code in Tomcat's copy of Apache Commons BCEL to reduce the time taken for annotation scanning when web applications start. Includes contributions from kkolinko and hzhang9. (markt)
  • fix 56938: Ensure web applications that have mixed case context paths and are deployed as directories are correctly removed on undeploy when running on a case sensitive file system. (markt)
  • add 57004: Add stuckThreadCount property to StuckThreadDetectionValve's JMX bean. Patch provided by Jiří Pejchal. (schultz)
  • fix 57011: Ensure that the request and response are correctly recycled when processing errors during async processing. (markt)
  • fix 57016: When using the PersistentValve do not remove sessions from the store when persisting them. (markt)
  • Coyote:
  • fix 56780: Enable Tomcat to start when using SSL with an IBM JRE in strict SP800-131a mode. (markt)
  • fix 56910: Prevent the invalid value of -1 being used for maxConnections with APR connectors. (markt)
  • fix Ensure that AjpNioProtocol and AjpAprProtocol enable the KeepAliveTimeout. (kfujino)
  • Jasper:
  • fix 43001: Enable the JspC Ant task to set the JspC option mappedFile. (kkolinko)
  • fix 56797: When matching a method in an EL expression, do not treat bridge methods as duplicates of the method they bridge to. In this case always call the target of the bridge method. (markt)
  • fix Correct a logic error in the JasperElResolver. There was no functional impact but the code was less efficient as a result of the error. Based on a patch by martinschaef. (markt)
  • fix Ensure that the implementation of javax.servlet.jsp.PageContext.include(String) and javax.servlet.jsp.PageContext.include(String, boolean) will throw IOException when an I/O error occur during the operation. (violetagg)
  • fix 56908: Fix some potential resource leaks when reading jar files. Reported by Coverity Scan. Based on patch provided by Felix Schumacher. (violetagg)
  • fix 56991: Deprecate the use of a request attribute to pass a declaration to Jasper and prevent an infinite loop if this technique is used in conjunction with an include. (markt)
  • fix Fix a potential resource leak in JDTCompiler when checking wether a resource is a package. Reported by Coverity Scan. (fschumacher)
  • WebSocket:
  • code 56446: Clearer handling of exceptions when calling a method on a POJO based WebSocket endpoint. Based on a suggestion by Eugene Chung. (markt)
  • fix 56746: Allow secure WebSocket client threads to use the current context class loader rather than explicitly setting it to the class loader that loaded the WebSocket implementation. This allows WebSocket client connections from within web applications to access, amongst other things, the JNDI resources associated with the web application. (markt)
  • fix 56905: Make destruction on web application stop of thread group used for WebSocket connections more robust. (kkolinko/markt)
  • fix 56907: Ensure that client IO threads are stopped if a secure WebSocket client connection fails. (markt)
  • fix When a WebSocket client attempts to write to a closed connection, handle the resulting IllegalStateException in a manner consistent with the handling of an IOException. (markt)
  • add Add support for the permessage-deflate extension. This is currently limited to decompressing incoming messages on the server side. It is expected that support will be extended to outgoing messages and to the client side shortly. (markt)
  • add Extend support for the permessage-deflate extension to compression of outgoing messages on the server side. (markt)
  • fix 56982: Return the actual negotiated extensions rather than an empty list for Session.getNegotiatedExtensions(). (markt)
  • update Update the WebSocket implementation to support the Java WebSocket specification version 1.1. (markt)
  • Web applications:
  • fix Correct the label in the list of sessions by idle time for the bin that represents the idle time immediately below the maximum permitted idle time when using the expire command of the Manager application. (markt)
  • update Update the Windows authentication documentation after some additional testing to answer the remaining questions. (markt)
  • fix Correct a couple of broken links in the Javadoc. (markt)
  • Other:
  • add 56788: Display the full version in the list of installed applications when installed via the Windows installer package. Patch provided by Alexandre Garnier. (markt)
  • add 56829: Add the ability for users to define their own values for _RUNJAVA and _RUNJDB environment variables. Be more strict with executable filename on Windows (s/java/java.exe/). Based on a patch by Neeme Praks. (markt/kkolinko)
  • fix 56895: Correctly compose JAVA_OPTS in catalina.bat so that escape sequences are preserved. Patch by Lucas Theisen. (markt)
  • update 56988: Allow to use relative path in base.path setting when building Tomcat. (kkolinko)
  • fix 56990: Ensure that the ide-eclipse build target downloads all the libraries required by the default Eclipse configuration files and configures Eclipse to use Java 6 for the project. Add build target ide-eclipse-websocket that creates a separate linked project that compiles websocket classes of Tomcat 7 with Java 7 compiler. (kkolinko)

New in version 8.0.14 Beta (September 30th, 2014)

  • Other:
  • Fix: 56079: The Apache Tomcat Windows installer, the Apache Tomcat Windows service and the Apache Tomcat Windows service monitor application are now digitally signed. (markt)

New in version 8.0.12 Beta (September 3rd, 2014)

  • Jasper:
  • Fix: Correct a logic error in the JasperElResolver. There was no functional impact but the code was less efficient as a result of the error. Based on a patch by martinschaef. (markt)
  • Other:
  • Add: 56323: Include the *.bat files when installing Tomcat via the Windows installer. (markt)

New in version 8.0.11 Beta (August 27th, 2014)

  • Catalina:
  • Fix: 56658: Fix regression that a context was inaccessible after reload. (kkolinko)
  • Fix: 56710: Do not map requests to servlets when context is being reloaded. (kkolinko)
  • Fix: 56712: Fix session idle time calculations in PersistenceManager. (kkolinko)
  • Fix: 56717: Fix duplicate registration of MapperListener during repeated starts of embedded Tomcat. (kkolinko)
  • Add: 56724: Write an error message to Tomcat logs if container background thread is aborted unexpectedly. (kkolinko)
  • Fix: When scanning class files (e.g. for annotations) and reading the number of parameters in a MethodParameters structure only read a single byte (rather than two bytes) as per the JVM specification. Patch provided by Francesco Komauli. (markt)
  • Fix: Allow the JNDI Realm to start even if the directory is not available. The directory not being available is not fatal once the Realm is started and it need not be fatal when the Realm starts. Based on a patch by Cédric Couralet. (markt)
  • Fix: 56736: Avoid an incorrect IllegalStateException if the async timeout fires after a non-container thread has called AsyncContext.dispatch() but before a container thread starts processing the dispatch. (markt)
  • Fix: 56739: If an application handles an error on an application thread during asynchronous processing by calling HttpServletResponse.sendError(), then ensure that the application is given an opportunity to report that error via an appropriate application defined error page if one is configured. (markt)
  • Fix: 56784: Fix a couple of rare but theoretically possible atomicity bugs. (markt)
  • Fix: 56785: Avoid NullPointerException if directory exists on the class path that is not readable by the Tomcat user. (markt)
  • Fix: 56796: Remove unnecessary sleep when stopping a web application. (markt)
  • Fix: 56801: Improve performance of org.apache.tomcat.util.file.Matcher which is to filter JARs for scanning during web application start. Based on a patch by Sheldon Shao. (markt)
  • Fix: 56815: When the gzip option is enabled for the DefaultServlet ensure that a suitable Vary header is returned for resources that might be returned directly in compressed form. (markt)
  • Fix: Do not mark threads from the container thread pool as container threads when being used to process AsyncContext.start(Runnable) so processing is correctly transferred back to a genuine container thread when necessary. (markt)
  • Add: Add simple caching for calls to StandardRoot.getResources() in the new (for 8.0.x) resources implementation. (markt)
  • Fix: 56825: Enable pre-emptive authentication to work with the SSL authenticator. Based on a patch by jlmonteiro. (markt)
  • Fix: 56840: Avoid NPE when the rewrite valve is mapped to a context. (remm)
  • Fix: Correctly handle multiple accept-language headers rather than just using the first header to determine the user's preferred Locale. (markt)
  • Fix: 56848: Improve handling of accept-language headers. (markt)
  • Fix: 56857: Fix thread safety issue when calling ServletContext methods while running under a security manager. (markt)
  • Coyote:
  • Fix: Fix NIO2 sendfile state tracking and error handling to fix various corruption issues. (remm)
  • Fix: Missing timeout for NIO2 sendfile writes. (remm)
  • Fix: Allow inline processing for NIO2 sendfile and optimize keepalive behavior. (remm)
  • Fix: Fix excessive NIO2 sendfile direct memory use in some cases, sendfile will now instead use the regular socket write buffer as configured. (remm)
  • Fix: 56661: Fix getLocalAddr() for AJP connectors. The complete fix is only available with a recent AJP forwarder like the forthcoming mod_jk 1.2.41. (rjung)
  • Fix: Use default ciphers defined as HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5 so that no weak ciphers are enabled by default. (remm)
  • Fix: 56780: Enable Tomcat to start when using SSL with an IBM JRE in strict SP800-131a mode. (markt)
  • Fix: 56810: Remove use of Java 8 specific API calls in unit tests for OpenSSL to JSSE cipher conversion. (markt)
  • Jasper:
  • Fix: 56709: Fix system property name in a log message. Submitted by Robert Kish. (remm)
  • Fix: 56797: When matching a method in an EL expression, do not treat bridge methods as duplicates of the method they bridge to. In this case always call the target of the bridge method. (markt)
  • WebSocket:
  • Fix: 56746: Allow secure WebSocket client threads to use the current context class loader rather than explicitly setting it to the class loader that loaded the WebSocket implementation. This allows WebSocket client connections from within web applications to access, amongst other things, the JNDI resources associated with the web application. (markt)
  • Web applications:
  • Fix: Correct the label in the list of sessions by idle time for the bin that represents the idle time immediately below the maximum permitted idle time when using the expire command of the Manager application. (markt)
  • jdbc-pool:
  • Fix: 53088: More identifiable thread name. (fhanik)
  • Fix: 53200: Selective logging for slow versus failed queries. (fhanik)
  • Fix: 53853: More flexible classloading. (fhanik)
  • Fix: 54225: Disallow empty init SQL. (fhanik)
  • Fix: 54227: Evaluate max age upon borrow. (fhanik)
  • Fix: 54235: Disallow nested pools exploitating using data source. (fhanik)
  • Fix: 54395: Fix JDBC interceptor parsing bug. (fhanik)
  • Fix: 54537: Performance improvement in StatementFinalizer. (fhanik)
  • Fix: 54978: Make sure proper connection validation always happens, regardless of config. (fhanik)
  • Fix: 56318: Ability to trace statement creation in StatementFinalizer. (fhanik)
  • Fix: 56789: getPool() returns the actual pool, always. (fhanik)
  • Other:
  • Add: 56788: Display the full version in the list of installed applications when installed via the Windows installer package. Patch provided by Alexandre Garnier. (markt)
  • Add: 56829: Add the ability for users to define their own values for _RUNJAVA and _RUNJDB environment variables. Be more strict with executable filename on Windows (s/java/java.exe/). Based on a patch by Neeme Praks. (markt/kkolinko)

New in version 7.0.55 (August 22nd, 2014)

  • Update to the Eclipse JDT Compiler 4.4
  • Better error handling when the error occurs after the response has been committed
  • Various improvements to the Mapper including fixing some concurrency bugs
  • Update to Tomcat Native Library version 1.1.31 to pick up the Windows binaries that are based on OpenSSL 1.0.1h

New in version 7.0.54 (May 28th, 2014)

  • Extend and improve memory leak protection and fix a few leaks that crept in during the various refactorings
  • Add additional protection against a failure to correctly recycle the request and response objects
  • APR/native library version updated to 1.1.30.

New in version 8.0.1 Beta (February 4th, 2014)

  • Catalina:
  • Fix: Change default value of xmlBlockExternal attribute of Context. It is true now. (kkolinko)
  • Coyote:
  • Fix: Correct regression in the fix for 55996 that meant that asynchronous requests might timeout too early. (markt)
  • Jasper:
  • Fix: Change default value of the blockExternal attribute of JspC task. The default value is true. Add support for -no-blockExternal switch when JspC is run as a standalone application. (kkolinko)
  • WebSocket:
  • Fix: Do not return an empty string for the Sec-WebSocket-Protocol HTTP header when no sub-protocol has been requested or no sub-protocol could be agreed as RFC6455 requires that no Sec-WebSocket-Protocol header is returned in this case. (markt)

New in version 8.0.0 RC10 (January 14th, 2014)

  • Catalina:
  • Add: Implement JSR 340 - Servlet 3.1. The JSR 340 implementation includes contributions from Nick Williams and Jeremy Boynes. (markt)
  • Add: Implement JSR 245 MR2 - JSP 2.3. (markt)
  • Add: Implement JSR 341 - Unified Expression Language 3.0. (markt)
  • Add: Implement JSR 356 - WebSockets. The JSR 356 implementation includes contributions from Nick Williams, Rossen Stoyanchev and Niki Dokovski. (markt)
  • Update: 46727: Refactor default servlet to make it easier to sub-class to implement finer grained control of the file encoding. Based on a patch by Fred Toth. (markt)
  • Add: 45995: Align Tomcat with Apache httpd and perform MIME type mapping based on file extension in a case insensitive manner. (markt)
  • Code: Remove duplicate code that converted a Host's appBase attribute to a canonical file. (markt)
  • Code: 51408: Replace calls to Charset.defaultCharset() with an explicit reference to the ISO-8859-1 Charset. (markt)
  • Code: Refactor initialization code to use a single, consistent approach to determining the Catalina home (binary) and base (instance) directories. The search order for home is catalina.home system property, parent of current directory if boootstrap.jar is present and finally current working directory. The search order for Catalina base is catalina.base system property falling back to the value for Catalina home. (markt)
  • Update: 52092: JULI now uses the OneLineFormatter and AsyncFileHandler by default. (markt)
  • Fix: 52558: Refactor CometConnectionManagerValve so that it does not prevent the session from being serialized in when running in a cluster. (markt)
  • Fix: 52767: Remove reference to MySQL specific autoReconnect property in JDBCAccessLogValve. (markt)
  • Code: Make the Mapper type-safe. Hosts, Contexts and Wrappers are no longer handled as plain objects, instead they keep their type. Code using the Mapper doesn't need to cast objects returned by the mapper. (rjung)
  • Code: Move Manager, Loader and Resources from Container to Context since Context is the only place they are used. The documentation already states (and has done for some time) that Context is the only valid location for these nested components. (markt)
  • Code: Move the Mapper from the Connector to the Service since the Mapper is identical for all Connectors of a given Service and it is common for there to be multiple Connectors for a Service (http, https and ajp). This means there is now only ever one Mapper per Service rather than possibly multiple identically configured Mapper objects. (markt)
  • Code: Remove the per Context Mapper objects and use the Mapper from the Service. This removes the need to maintain two copies of the mappings for Servlets and Filters. (markt)
  • Add: Implement a new Resources implementation that merges Aliases, VirtualLoader, VirtualDirContext, JAR resources and external repositories into a single framework rather than a separate one for each feature. (markt)
  • Add: URL rewrite valve, similar in functionality to mod_rewrite. (remm)
  • Add: Port storeconfig functionality, which can persist to server.xml and context.xml runtime container configuration changes. (remm)
  • Add: 54095: Add support to the Default Servlet for serving gzipped versions of static resources directly from disk as an alternative to Tomcat compressing them on each request. Patch by Philippe Marschall. (markt)
  • Fix: 54708: Change the name of the working directory for the ROOT application (located under $CATALINA_BASE/work by default) from _ to ROOT. (markt)
  • Add: Change default configuration so that a change to the global web.xml file will trigger a reload of all web applications. (markt)
  • Fix: 55101: Make BASIC authentication more tolerant of whitespace. Patch provided by Brian Burch. (markt)
  • Fix: 55166: Move JSP descriptor and tag library descriptor schemas to servlet-api.jar to enable relative references between the schemas to be correctly resolved. (markt)
  • Code: Refactor the descriptor parsing code into a separate module that can be used by both Catalina and Jasper. Includes patches provided by Jeremy Boynes. (violetagg/markt)
  • Code: 55246: Move TLD scanning to a ServletContainerInitializer provided by Jasper. Includes removal of TldConfig lifecycle listener and associated Context properties. (jboynes)
  • Add: 55317: Facilitate weaving by allowing ClassFileTransformer to be added to WebppClassLoader. Patch by Nick Williams. (markt)
  • Fix: 55620: Enable Tomcat to start when either $CATALINA_HOME and/or $CATALINA_BASE contains a comma character. Prevent Tomcat from starting when $CATALINA_HOME and/or $CATALINA_BASE contains a semi-colon on Windows. Prevent Tomcat from starting when $CATALINA_HOME and/or $CATALINA_BASE contains a colon on Linux/FreeBSD/etc. (markt)
  • Code: Initialize the JSP runtime in Jasper's initializer to avoid need for a Jasper-specific lifecycle listener. JasperListener has been removed. (jboynes)
  • Fix: Change ordering of elements of JMX objects names so components are grouped more logically in JConsole. Generally, components are now grouped by Host and then by Context. (markt)
  • Coyote:
  • Add: Experimental support for SPDY. Includes contributions from Sheldon Shao. (costin)
  • Code: The default connector is now the Java NIO connector even when specifying HTTP/1.1 as protocol (fhanik)
  • Code: Update default value of pollerThreadCount for the NIO connector. The new default value will never go above 2 regardless of available processors. (fhanik)
  • Fix: 54010: Remove some unnecessary code (duplicate calls to configure the scheme as https for AJP requests originally received over HTTPS). (markt)
  • Code: Refactor char encoding/decoding using NIO APIs. (remm)
  • Update: Change the default URIEncoding for all connectors from ISO-8859-1 to UTF-8. (markt)
  • Jasper:
  • Code: Simplify API of ErrorDispatcher class by using varargs. (kkolinko)
  • Code: Update Jasper to use the new common web.xml parsing code. Includes patches by Jeremy Boynes. (markt/violetagg)
  • Add: Create test cases for JspC. Patch by Jeremy Boynes. (markt)
  • Code: 55246: TLD scanning is now performed by JasperInitializer (a ServletContainerInitializer) removing the need for support within the Servlet container itself. The scan is now performed only once rather than in two passes reducing startup time. (jboynes)
  • Fix: 55251: Do not allow JspC task to fail silently if the web.xml or web.xml fragment can not be generated. (markt)
  • Cluster:
  • Code: Remove unused JvmRouteSessionIDBinderListener and SessionIDMessage. (kfujino)
  • Code: Modify method signature in ReplicationValve. Cluster instance is not necessary to argument of method. (kfujino)
  • Code: Remove unused expireSessionsOnShutdown attribute in org.apache.catalina.ha.session.BackupManager. (kfujino)
  • Web applications:
  • Add: Extend the diagnostic information provided by the Manager web application to include details of the configured SSL ciphers suites for each connector. (markt)
  • Update: 48550: Update examples web application to use UTF-8. (markt)
  • Update: 55383: Improve the design and correct the HTML markup of the documentation web application. Patches provided by Konstantin Preißer. (markt)
  • Tribes:
  • Code: Refactor AbstractReplicatedMap to use generics. A key side-effect of this is that the class now implements Map rather than extends ConcurrentMap. (markt)
  • Other:
  • Code: Remove unused, deprecated code. (markt)
  • Code: Remove static info String and associated getInfo() method where present. (markt)
  • Update: (r1353242, r1353410): Remove Ant tasks jasper2 and jkstatus. The correct names are jasper and jkupdate. (kkolinko)
  • Fix: 53529: Clean-up the handling of InterruptedException throughout the code base. (markt)
  • Add: 54899: Provide an initial implementation of NetBeans support. Patch provided by Brian Burch. (markt)
  • Fix: 55166: Move the JSP descriptor and tag library descriptor schema defintion files from jsp-api.jar to servlet-api.jar so relative includes between the J2EE, Servlet and JSP schemas are correctly resolved. (markt)
  • Fix: 55372: When starting Tomcat with the jpda option to enable remote debugging, by default only listen on localhost for connections from a debugger. Prior to this change, Tomcat listened on all known addresses. (markt)