Catalina
64582: Pre-load the
CoyoteOutputStream
class to prevent a potential exception when running under a security manager. Patch provided by Johnathan Gilday. (markt)64593: If a request is not matched to a Context, delay issuing the 404 response to give the rewrite valve, if configured, an opportunity to rewrite the request. (remm/markt)
Change top package name for generated emebedded classes to avoid conflict with default host name on case insensitive filesystems. (remm)
Add missing code generation for remaining digester rules. (remm)
Add a dedicated loader for generated code to avoid dynamic class loading. (remm)
Refactor the Default servlet to provide a single method that can be overridden (
generateETag()
) should a custom entity tag format be required. (markt)Improve the validation of entity tags provided with conditional requests. Requests with headers that contain invalid entity tags will be rejected with a 400 response code. Improve the matching algorithm used to compare entity tags in conditional requests with the entity tag for the requested resource. Based on a pull request by Sergey Ponomarev. (markt)
Correct the description of the storage format for salted hashes in the Javadoc for
MessageDigestCredentialHandler
and refactor the associated code for clarity. Based on a patch provided by Milo van der Zee. (markt)Correct the path vaidation to allow the use of the file system root for the
docBase
attribute of aContext
. Note that such a configuration should be used with caution. (markt)Added filtering expression for requests that are not supposed to use session in
PersistentValve
. (kfujino)Use the correct method to calculate session idle time in
PersistentValve
. (kfujino)Fix path used by the health check valve when it is not associated with a
Context
. (remm)64712: The JASPIC authenticator now checks the
ServerAuthModule
forjakarta.servlet.http.authType
and, if present, uses the value provided. Based on a patch by Robert Rodewald. (markt)64713: The JASPIC authenticator now checks the value of
jakarta.servlet.http.registerSession
set by theServerAuthModule
when decideing whether or nor to register the session. Based on a patch by Robert Rodewald. (markt)
Coyote
57661: For requests containing the
Expect: 100-continue
header, add optional support to delay sending an intermediate 100 status response until the servlet reads the request body, allowing the servlet the opportunity to respond without asking for the request body. Based on a pull request by malaysf. (markt)Remove deprecated
CookieProcessor.generateHeader
method. (remm)Refactor the implementation of
ServletInputStream.available()
to provide a more accurate return value, particularly when end of stream has been reached. (markt)Refactor the stopping of the acceptor to ensure that the acceptor thread stops when a connector is started immediately after it is stopped. (markt)
64614: Improve compatibility with FIPS keystores. When a FIPS keystore is configured and the keystore contains multiple keys, the alias attribute will be ignored and the key used will be implementation dependent. (jfclere)
64621: Improve handling HTTP/2 stream reset frames received from clients. (markt)
64660: Avoid a potential NPE in the AprEndpoint if a socket is closed in one thread at the same time as the poller is processing an event for that socket in another. (markt)
64671: Avoid several potential NPEs introduced in the changes in the previous release to reduce the memory footprint of closed HTTP/2 streams. (markt)
Refactor the HTTP/2 implementation to more consistently return a stream closed error if errors occur after a stream has been reset by the client. (markt)
Improve handling of HTTP/2 stream level flow control errors and notidy the stream immediately if it is waiting for an allocation when the flow control error occurs. (markt)
Ensure that window update frames are sent for HTTP/2 connections to account for DATA frames containing padding including when the associated stream has been closed. (markt)
Ensure that window update frames are sent for HTTP/2 connections and streams to account for DATA frames containing zero-length padding. (markt)
64710: Revert the changes to reduce the memory footprint of closed HTTP/2 streams as they triggered multiple regressions in the form of
NullPointerException
s. (markt)Ensure that the HTTP/2 overhead protection check is performed after each HTTP/2 frame is processed. (markt)
WebSocket
Requests received via proxies may be marked as using the
ws
orwss
protocol rather thanhttp
orhttps
. Ensure that such requests are not rejected. PR provided by Ronny Perinke. (markt)Fix a potential issue where the write lock for a WebSocket connection may not be released if an exception occurs during the write. (markt)
64644: Add support for a read idle timeout and a write idle timeout to the WebSocket session via custom properties in the user properties instance associated with the session. Based on a pull request by sakshamverma. (markt)
Web applications
Remove the localization of the text output of the Manager application list of contexts and the Host Manager application list of hosts so that the output is more consistent. PR provided by Holomark. (markt)
Clean-up / standardize the XSL files used to generate the documentation. PR provided by John Bampton. (markt)
62723: Clarify the effects of some options for cluster
channelSendOptions
. Patch provided by Mitch Claborn. (schultz)Remove the out of date functional specification secton from the documentation web application. (markt)
Extracted CSS styles from the Manager we application for better code maintenance and replaced the GIF logo with SVG. (isapir)
Add document for
PersistentValve
. (kfujino)
Other
Correct a regression in the fix for 64540 and include
org.apache.tomcat.util.modeler.modules
andorg.apache.tomcat.util.net.jsse
in the list of exported packages. (markt)Remove the local copy of the
javax.transaction.xa
package which is only used during compilation. The package is provided by the JRE from Java 1.4 onwards so the local copy should be unnecessary. (markt)Rename the local copy of the
javax.xml.ws
package tojakarta.xml.ws
. (markt)Improve the quality of the Japanese translations provided with Apache Tomcat. Includes contributions from Yuki Shira. (markt)
64645: Use a non-zero exit code if the
service.bat
does not complete normally. (markt)Update the internal fork of Apache Commons BCEL to 6.5.0. Code clean-up only. (markt)
Update the internal fork of Apache Commons Codec to 53c93d0 (2020-08-18, 1.15-SNAPSHOT). Code clean-up. (markt)
Update the internal fork of Apache Commons FileUpload to c25a4e3 (2020-08-26, 2.0-SNAPSHOT). Code clean-up and RFC 2231 support. (markt)
Update the internal fork of Apache Commons Pool to 2.8.1. Code clean-up and improved abandoned pool handling. (markt)
Update the internal fork of Apache Commons DBCP to 6d232e5 (2020-08-11, 2.8.0-SNAPSHOT). Code clean-up various bug fixes. (markt)
Update the packaged version of the Tomcat Native Library to 1.2.25. (markt)