Changelog

Tomcat 10.0.0-M3 (markt)

Coyote

  • Fix: 64202: Use a loop on NIO blocking reads, as it is possible zero bytes are produced by a network read. (markt/remm)
  • Fix: 64210: Correct a regression in the improvements to HTTP header validation that caused requests to be incorrectly treated as invalid if a CRLF sequence was split between TCP packets. Improve validation of request lines, including for HTTP/0.9 requests. (markt)

Other

  • Fix: 64206: Correct a regression introduced in 10.0.0-M1 that meant that the HTTP port specified when using the Windows Installer was ignored and 8080 was always used. (markt)

not released Tomcat 10.0.0-M2 (markt)

Catalina

  • Code: Refactor HttpServlet.doOptions() to improve performance. (markt)
  • Update: Disable StandardManager session persistence by default. It can be enabled back in context.xml. (remm)
  • Add: Add extension point to DeltaSession to improve subclassing. Patch provided by ThStock. (schultz)
  • Fix: 64153: Ensure that the parent for the web application class loader is set consistently. (markt)
  • Fix: 64166: Ensure that the names returned by HttpServletResponse.getHeaderNames() are unique. (markt)
  • Code: Rename org.apache.tomcat.util.digester.Digester$EnvironmentPropertySource to org.apache.tomcat.util.digester.EnvironmentPropertySource. Patch provided by Bernd Bohmann. (markt)
  • Fix: 63286: Resolve inconsistencies with access log valve. This changes the element API to use a nanosecond resolution elapsed time argument. (remm)
  • Add: Add new attribute persistAuthentication to both StandardManager and PersistentManager to support authentication persistence. Patch provided by Carsten Klein. (markt)
  • Fix: 64184: Avoid repeated log messages if a MemoryUserDatabase is configured but the specified configuration file is missing. (markt)
  • Add: 64189: Expose the web application version String as a ServletContext attribute named org.apache.catalina.webappVersion. (markt)

Coyote

  • Fix: Fix support of native jakarta servlet attributes in AJP connector. (remm)
  • Update: 56966: Add use of System.nanoTime to track request execution time. (remm)
  • Fix: 64141: If using a CA certificate, remove a default value for the truststore file when not using a JSSE configuration. (remm)
  • Fix: Improve robustness of OpenSSLEngine shutdown. Based on code submitted by Manuel Dominguez Sarmiento. (remm)
  • Fix: Add the TLS request attributes used by IIS to the attributes that an AJP Connector will always accept. (markt)
  • Fix: A zero length AJP secret will now behave as if it has not been specified. (remm)
  • Fix: 64188: If an error occurs while committing or flushing the response when using a multiplexing protocol like HTTP/2 that requires the channel to be closed but not the connection, just close the channel and allow the other channels using the connection to continue. Based on a suggestion from Alejandro Anadon. (markt)
  • Fix: Correct the semantics of getEnableSessionCreation and setEnableSessionCreation for OpenSSLEngine. Pull request provided by Alexander Scheel. (markt)
  • Fix: 64192: Correctly handle case where unread data is returned to the read buffer when the read buffer is non empty. Ensure a gathering TLS read stops once the provided ByteBuffers are full or no more data is available. (markt)
  • Fix: Allow async requests to complete cleanly when the Connector is paused before complete() is called on a container thread. (markt)

Cluster

  • Fix: Allow configuring the DNSMembershipProvider using the dns alias. Submitted by Bernd Bohmann. (remm)

Web applications

  • Add: Expand the documentation for the address attribute of the AJP Connector and document that the AJP Connector also supports the ipv6v6only attribute with the APR/Native implementation. (markt)

Other

  • Update: Update the OWB module to Apache OpenWebBeans 2.0.15. (remm)
  • Update: Update the CXF module to Apache CXF 3.3.5. (remm)
  • Add: Expand the coverage of the Korean translations provided with Apache Tomcat. Contributions provided by B. Cansmile Cha. (markt)
  • Add: Expand the coverage of the French translations provided with Apache Tomcat. (remm)
  • Add: 64190: Add support for specifying milliseconds (using S, SS or SSS) in the timestamp used by JULI's OneLineFormatter. (markt)

2020-02-20 Tomcat 10.0.0-M1 (markt)

General

This release contains all of the changes upto and including those in Apache Tomcat 9.0.31 plus the additional changes listed below. (markt)

Catalina

  • Update: Refactor recycle facade system property into a new connector attribute named discardFacades and enable it by default. (remm)
  • Update: Update to Jakarta Servlet 5.0, Jakarta Server Pages 3.0. Jakarta Expression Language 4.0, Jakarta WebSocket 2.0, Jakarta Authentication 2.0 and Jakarta Annotations 2.0. (markt)
  • Update: Remove GenericPrincipal.getPassword. The credentials should remain managed by the realm. (remm)
  • Update: Add connection pooling to JNDI realm. (remm)
  • Update: Use <request-character-encoding> and <response-character-encoding> in conf/web.xml to set the default request and response character encodings to UTF-8. (markt)
  • Fix: Store config compatibility with HostWebXmlCacheCleaner listener. (remm)
  • Fix: Modify the RewriteValve to use ServletRequest.getServerName() to populate the HTTP_HOST variable rather than extracting it from the Host header as this allows HTTP/2 to be supported. (markt)
  • Fix: Switch Tomcat embedded to loading MIME type mappings from a property file generated from the default web.xml so the MIME type mappings are consistent regardless of how Tomcat is started. (markt)
  • Fix: Missing store config attributes for Resources elements. (remm)

Coyote

  • Update: Update endpoint cache sizes defaults. (remm)
  • Update: Remove unused NIO blocking selector. (remm)
  • Add: When using an AJP Connector, convert Java Servlet specific request attributes to the Jakarta Servlet equivalent. (markt)
  • Add: When reporting / logging invalid HTTP headers encode any non-printing characters using the 0xNN form. (markt)
  • Update: Remove duplication of HTTP/1.1 configuration on the HTTP/2 UpgradeProtocol element. Configuration from the main Connector element will now be used. (remm)
  • Fix: When the NIO or APR/native connectors were configured with useAsyncIO="true" and a zero length read or write was performed, the read/write would time out rather than return immediately. (markt)

Jasper

  • Code: Parameterize JSP version and API class names in localization messages to allow simpler re-use between major versions. (markt)
  • Fix: Ensure that TLD files listed in the jsp-config section of web.xml that are registered in the uriTldResourcePathMap with the URI specified in web.xml are also registered with the URI in the TLD file if it is different. Patch provided by Markus Lottmann. (markt)

Cluster

  • Fix: Fix cloud environment lookup order and add a dedicated DNS_MEMBERSHIP_SERVICE_NAME environment for use with the DNS membership provider. Submitted by Bernd Bohmann. (remm)

Other

  • Fix: 53620: JULI now only creates logging files when there is a log entry to write. Based on a patch by Karol Bucek. (markt)
  • Fix: Update implemented specification version information in a few places where it has not been updated for Jakarta EE 9. (markt)
  • Add: Expand the coverage of the French translations provided with Apache Tomcat. (remm)
  • Add: Expand the coverage of the Chinese translations provided with Apache Tomcat. Contribution provided by BoltzmannWxd. (markt)