Autor Thema: Webserversoftware diverses ...  (Gelesen 5663 mal)

0 Mitglieder und 1 Gast betrachten dieses Thema.

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache-Webserver 2.4 freigegeben
« Antwort #15 am: 21 Februar, 2012, 19:20 »
Die Apache Software Foundation hat genau zum 17. Geburtstag des Webservers, der den Grundstein der Organisation legte, in Version 2.4 mit zahlreichen Neuerungen veröffentlicht.

Apache stammt noch aus der Frühzeit des Web, als es nur wenige Clients und noch weniger Server gab. Er entstand 1995 als Fork des Webservers NCSA httpd, der am National Center for Supercomputing Applications (NCSA) der USA entwickelt wurde. Als die Entwicklung zum Stillstand kam, nachdem der ursprüngliche Entwickler Rob McCool das NCSA verlassen hatte, bildete sich eine Gemeinschaft von Entwicklern, die online zusammenarbeiteten, um die Software zu verbessern. Die ersten Mitglieder dieser sich selbst als »Apache Group« bezeichnenden Gemeinschaft waren Brian Behlendorf, Roy Fielding, Rob Hartill, David Robinson, Cliff Skolnick, Randy Terbush, Robert Thau und Andrew Wilson. Daraus entstand im März 1999 die Apache Software Foundation (ASF), die sich um die Entwicklung von Apache und einer Reihe weiterer Projekte kümmert. Zu den weiteren Aufgaben der gemeinnützigen Organisation gehören der rechtliche Schutz aller Projekte und Mitarbeiter, der Schutz der Marke »Apache« und die Pflege der mittlerweile weit verbreiteten Apache-Lizenz.

Noch vor zwei Jahren wurde die Zahl der Webpräsenzen, die mit Apache ausgeliefert werden, auf 112 Millionen geschätzt. Jetzt sind es nach Angaben der ASF fast 400 Millionen. Der größte Teil davon dürfte mit Apache 2.2 bedient werden, der vor über sechs Jahren veröffentlicht wurde. Die Ausgereiftheit des Servers sorgt für relativ lange Entwicklungszyklen, so war Apache 2.4 schon vor fast einem Jahr im Wesentichen fertig.

Apache 2.4 bietet höhere Leistung als Apache 2.2, da die Entwickler den Speicherbedarf und den Ressourcenbedarf gesenkt und gleichzeitig die Parallelität erhöht haben. Ein- und Ausgaben können zudem asynchron ausgeführt werden. Zu den weiteren Neuerungen zählen eine dynamische Konfiguration von Reverse-Proxys, mehr Granularität beim Einstellen von Timeouts und Ressourcenbegrenzungen und bessere Anpassbarkeit der Caches an hohe Lasten oder Proxy-Aufgaben. Der erweiterbare Server wurde zudem um eine große Zahl von Modulen ergänzt. Darunter befindet sich erweiterte Proxy-Module, ein Sitzungsmodul, ein Lua-Modul, ein Modul zur Bandbreitenbegrenzung und diverse Filtermodule. Eine Liste aller neuen Funktionen ist in einer Übersicht verfügbar. Die Webseite httpd.apache.org enthält Download-Möglichkeiten sowie umfassende Dokumentation.

Quelle : www.pro-linux.de/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline ritschibie

  • Aufpass-Cubie
  • *****
  • Beiträge: 10503
  • Ich liebe dieses Forum!
Apache Software Foundation veröffentlicht Apache Deltacloud 1.0
« Antwort #16 am: 02 August, 2012, 10:24 »
Die Apache Deltacloud, ein Top-Level-Projekt der Apache Software Foundation, ist in der Version 1.0 erschienen. Mit Hilfe von Apache Deltacloud lassen sich
Infrastructure-as-a-Service-Clouds (IaaS) von unterschiedlichen Herstellern über ein einheitliches API ansprechen.

Das Deltacloud-Projekt wurde im September 2009 von Red Hat ins Leben gerufen und im Jahr 2011 an die Apache Software Foundation übergeben. Die in Ruby entwickelte Software steht seitdem unter der Apache-2-Lizenz zur freien Verfügung. Die Inbetriebnahme der neuen Version 1.0 erklärt die zugehörige Installationsanleitung.

Deltacloud unterstützt eine große Zahl an Cloud-Anbietern und Cloud-Instrastruktur-Lösungen (Stacks), neben Amazon EC2, IBM SBC, VMware vSphere, Rackspace und Red Hats RHEV-M auch bekannte Open-Source-Lösungen wie Eucalytpus, OpenNebula und OpenStack. Unter den Neuerungen ist vor allem das EC2-Frontend zu nennen, das die API von Amazons Elastic Compute Cloud zur Verfügung stellt. So ist es möglich, für EC2 geschriebene Anwendungen einfach auf eine andere Cloud-Infrastruktur zu portieren.

Apache Delta-Cloud selbst stellt drei verschiedene APIs zur Verfügung, mit denen sich alle relevanten Cloud-Backends ansprechen lassen. Neben der Deltacloud-eigenen REST-API gibt es ein Frontend für das von der Distributed Management Task Force entwickelte Cloud Infrastructure Management Interface sowie das erwähnte EC2-kompatible API.

Quelle: www.pro-linux.de
Intel Core i7-4770K - ASRock Z87 Extreme6/ac - Crucial Ballistix Sport DIMM Kit 16GB, DDR3-1600 - Gigabyte Radeon R9 290 WindForce 3X OC
TBS DVB-S2 Dual Tuner TV Card Dual CI  - DVBViewer pro 5.3 und Smartdvb 4.x.x beta - 80 cm Schüssel, 2xQuad-LNB - Astra (19.2E)/Hotbird (13E)
I-net mit Motzfuchs ; WLAN: Fritz 7390; BS: Windows 10

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache-Patch ignoriert DNT des Internet-Explorers
« Antwort #17 am: 09 September, 2012, 20:30 »
Der Do-not-Tracker-Header des Internet Explorers 10 wird durch einen Patch des Apache-Webservers völlig ignoriert. Der Programmierer Roy T. Fielding hatte sich für Änderung des Quellcodes entschieden, da Microsoft mit seiner Vorkonfiguration des DNT-Wertes gegen den neuen offenen Standard verstoße. Im Netz sorgt der Patch allerdings für ernste Diskussionen.

Der "Do-not-Track"-Header (DNT) soll Internetnutzern künftig die Möglichkeit bieten, ihre Aktionen im Netz ohne ein Tracking der Seiteninhaber durchführen zu können. Besonders Marketingabteilungen speichern gerne individuelle Verhaltensmuster ihrer Besucher, um daraufhin individuelle Werbung einblenden zu lassen. Da dieses Vorgehen nicht jedem Internetnutzer recht ist, kann er in aktuellen Browsern optional einen DNT mit dem Wert 1 senden. Dies äußert gegenüber jeder Internetseite den Wunsch, nicht „getrackt“ zu werden.

Voraussetzung für den Erfolg dieses Prinzip ist selbstverständlich, dass sich auch die jeweiligen Seitenbetreiber an den offenen Standard halten. Kritiker sind allerdings der Meinung, dass Microsoft mit seinem neuen Internet Explorer 10 diesen Prozess behindere. Denn das Programm stellt bereits im Rahmen seiner Standardkonfiguration den DNT-Wert auf 1. Dies widerspricht allerdings der Regel, dass der Do-not-Tracker-Header nur auf ausdrücklichen Wunsch des Nutzers gesendet werden darf. Experten vermuten, dass Marketing-Verantwortliche den DNT schlichtweg ignorieren, wenn ihn ohnehin ein Großteil der Internetnutzer versendet.

Aus diesem Grund ergriff der Adobe-Mitarbeiter Roy T. Fielding die Initiative und veröffentlichte einen Patch für den freien Webserver Apache. Dieser soll den DNT-Wert jedes Internet Explorer schlichtweg völlig ignorieren. Damit sind auch Nutzer des Browsers, die sich ausdrücklich mehr Privatsphäre wünschen, außen vor.

Allein in den Kommentaren der Plattform Github äußern nun etliche Nutzer herbe Kritik an dem veröffentlichten Patch. Unter anderem wirft man Fielding, der zudem auch beim W3C tätig ist vor, dass er seine Macht zur Durchsetzung eigener Vorlieben missbrauche. Auch rechtliche Probleme sind denkbar. Schließlich könnten sich Nutzer beschweren, die den DNT im Internet Explorer tatsächlich bewusst auf 1 gesetzt haben. Weiter steht die dritte Regel des DNT-Standards, auf die sich der Programmierer beruft ohnehin erst seit dem 7. September fest. Bislang handelt es sich zudem nur um einen inoffiziellen „Editor Draft“, was Fieldings handeln ebenfalls in Frage stellt.

Microsoft hat sich zu den neusten Entwicklungen des Streits noch nicht geäußert. Da der amerikanische Konzern für sein Verhalten ursprünglich sogar von der EU-Komission gelobt wurde, könnte sich die Auseinandersetzung durchaus weiter hochschaukeln.

Quelle : www.gulli.com

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Support für Apache-Webserver 2.0 eingestellt
« Antwort #18 am: 15 Juli, 2013, 13:57 »
Mit der Freigabe der Version 2.0.65 haben die Entwickler des populären Apache-Webservers die Pflege der alten Version 2.0 eingestellt. Anwender sind angehalten, ihre Installationen, sofern noch nicht passiert, schnellstmöglich auf eine aktuelle Version des Servers zu migrieren.

Apache 2.0 wurde Anfang 2000 veröffentlicht. Knapp zwei Jahre später markierte die Version 2.0.35 die erste stabile (General Availability) Version des Servers. Zu den wichtigsten Neuerungen der Version 2.0 gehörte unter anderem ein hybrider Thread/Prozess-Modus unter Unix, welches vor allem die Skalierbarkeit des Systemes erhöhen sollte. Ferner brachte diese Version ein neues API und ein neues Build-System, welches die Installation des Servers vereinfachte, mit sich. Eine Unterstützung des IPv6-Protokolls floss ebenso in Apache 2.0 ein wie eine optionale Unterstützung von SSL. Weiterhin verbesserten die Entwickler die Unterstützung von Nicht-Unix-Systemen.

Knapp 13 Jahre später ist Apache 2.0 Geschichte. Wie die Entwickler auf der Liste des Projektes bekannt gaben, endete mit der Freigabe der Version 2.0.65 die Pflege des Servers. Die letzte Version des Webservers schließt sechs CVE-Sicherheitslücken. Unter anderem haben die Entwickler einen Fehler behoben, der dazu ausgenutzt werden konnte, mittels eines speziell präparierten Requests Code in den Server einzuschleusen. Zudem wurde ein Integer-Overflow in der ap_pregsub()-Funktion korrigiert, der von einem Angreifer dazu genutzt werden konnte, unter bestimmten Umständen unbefugt Zugriffsprivilegien zu erlangen. Anwender wurden trotz allem gebeten, ab sofort nicht mehr Apache 2.0 zu nutzen, sondern auf eine neue Version umzuschwenken.

Apache HTTP-Server 2.0.65 kann ab sofort von der Seite des Projektes heruntergeladen werden. Zudem steht ab sofort auch eine aktualisierte Version von Apache 2.2 zum Bezug bereit. Die aktuellste Version des Servers trägt die Versionsnummer 2.4.4 und wurde im Februar dieses Jahres veröffentlicht.

Quelle: www.pro-linux.de

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.0.21
« Antwort #19 am: 28 März, 2015, 10:10 »
Changelog
Catalina:

Add: 49785: Enable StartTLS connections for JNDIRealm.
Fix: When docBase refers internal war and unpackWARs is set to false, avoid registration of the invalid redeploy resource that has been added ".war" extension in duplicate.
Fix: If WAR exists, it is not necessary to trigger a reload when adding a Directory.
Fix: 55988: Add support for Java 8 JSSE server-preferred TLS cipher suite ordering. This feature requires Java 8.
Fix: 56608: When deploying an external WAR, add watched resources in the expanded directory based on whether the expanded directory is expected to exist rather than if it does exist.
Fix: When triggering a reload due to a modified watched resource, ensure that multiple changed watched resources only trigger one reload rather than a series of reloads.
Fix: 57601: Ensure that HEAD requests return the correct content length (i.e. the same as for a GET) when the requested resource includes a resource served by the Default servlet.
Fix: 57602: Ensure that HEAD requests return the correct content length (i.e. the same as for a GET) when the requested resource includes a resource served by a servlet that extends HttpServlet.
Fix: 57621: When an async request completes, ensure that any remaining request body data is swallowed.
Fix: 57637: Do not create unnecessary sessions when using PersistentValve.
Fix: 57645: Correct a regression in the fix for 57190 that incorrectly required the path passed to ServletContext.getContext(String) to be an exact match to a path to an existing context.
Fix: Make sure that unpackWAR attribute of Context is handled correctly in HostConfig.
Fix: When deploying a WAR file that contains a context.xml file and unpackWARs is false ignore any context.xml file that may exist in an expanded directory associated with the WAR.
Fix: 57675: Correctly quote strings when using the extended access log.
Add: Enable Tomcat to detect when a WAR file has been changed while Tomcat is not running. Tomcat does this by adding a META-INF/war-tracking file to the expanded directory and setting the last modified time of this file to the last modified time of the WAR. If Tomcat detects a modified WAR via this mechanism the web application will be redeployed (i.e. the expanded directory will be removed and the modified WAR expanded in its place).
Fix: 57704: Fix potential NPEs during web application start/stop when org.apache.tomcat.InstanceManager is not initialized.
Add: Use the simplified digest output for digest.bat|sh when generating digests with no salt and a single iteration to make it easier to use with DIGEST authentication.
Fix: Add support for LAST_ACCESS_AT_START system property to SingleSignOn.
Code: Refactor Authenticator implementations to reduce code duplication.
Fix: 57724: Handle the case in the CORS filter where a user agent includes an origin header for a non-CORS request.
Fix: When searching for SCIs o.a.catalina.Context.getParentClassLoader will be used instead of java.lang.ClassLoader.getParent. Thus one can provide the correct parent class loader when running embedded Tomcat in other environments such as OSGi.
Fix: 57743: Fix a locked file / resource leak issue when a JAR is accessed just before or during web application undeploy.

Coyote:

Add: 57540: Make TLS/SSL protocol available in a new request attribute (org.apache.tomcat.util.net.secure_protocol_version). (Note that AJP connectors will require mod_jk 1.2.41 or later, or an as-yet-unknown version of mod_proxy_ajp, or configure the proxy to send the AJP_SSL_PROTOCOL request attribute to Tomcat.)
Fix: Fix a cipher ordering issue when using the OpenSSL syntax for JSSE cipher configuration to ensure that ephemeral ECDH with AES is preferred to ephemeral ECDH with anything else.
Fix: 57570: Make the processing of trailer headers with chunked input optional and disabled by default.
Fix: 57592: Correctly handle the case where an AsyncContext is used for non-blocking I/O and is completed during a write operation.
Fix: 57638: Avoid an IllegalArgumentException when an AJP request body chunk larger than the socket read buffer is being read. This typically requires a larger than default AJP packetSize.
Fix: 57674: Avoid a BufferOverflowException when an AJP response body chunk larger than the socket write buffer is being written. This typically requires a larger than default AJP packetSize.
Update: Align the OpenSSL syntax cipher configuration with the OpenSSL 1.0.2 branch.
Fix: Numerous fixes to the APR/native connector to improve robustness.
Fix: Stop caching and re-using SocketWrapper instances. With the introduction of upgrade and non-blocking I/O, I/O can occur on non-container threads. This makes it nearly impossible to track whether a SocketWrapper is still being references or not. making re-use a risky proposition.
Code: Refactor Connector authentication (only used by AJP) into a separate method.
Add: 57708: Implement a new feature for AJP connectors - Tomcat Authorization. If the new tomcatAuthorization attribute is set to true (it is disabled by default) Tomcat will take an authenticated user name from the AJP protocol and use the appropriate Realm for the request to authorize (i.e. add roles) to that user.
Fix: Fix an issue that meant that any pipe-lined data read by Tomcat before an asynchronous request completed was lost during the completion of the asynchronous request. This mean that the pipe-lined request(s) would be lost and/or corrupted.
Update: Update the minimum recommended version of the Tomcat Native library (if used) to 1.1.33.

Jasper:

Fix: 57135: Package imports via javax.el.ImportHandler should only import public, concrete classes.
Fix: 57583: Cache 'Not Found' results in javax.el.ImportHandler.resolveClass() to save repeated attempts to load classes that are known not to exist to improve performance.
Fix: 57626: Correct a regression introduced in the 8.0.16 fix for ensuring Jars were closed after use, that broke recompilation of modified JSPs that depended on a tag file packaged in a Jar.
Fix: 57627: Correctly determine last modified times for dependencies when a tag file packaged in a JAR depends on a tag file packaged in a second JAR.
Fix: 57647: Ensure INFO message is logged when scanning jars for TLDs if the scan does not find a TLD in any jar. Previously a message would only be logged if a TLD was not found in all scanned jars.
Update: 57662: Update all references to the ECJ compiler to version 4.4.2.

Cluster:

Fix: Remove unnecessary method that always returns true. The domain filtering works on DomainFilterInterceptor.

WebSocket:

Fix: Correct a bug in the permessage-deflate implementation that meant that the incorrect op-codes were used if an uncompressed message was converted into more than one compressed message.
Add: 57676: List conflicting WebSocket endpoint classes when there is a path conflict.

Web applications:

Fix: 56058: Add links to the AccessLogValve documentation for configuring reverse proxies and/or Tomcat to ensure that the desired information is used entered in the access log when Tomcat is running behind a reverse proxy.
Fix: 57587: Update the JNDI Datasource HOWTO for DBCP2. Patch provided by Phil Steitz.
Fix: Remove incorrect note from context configuration page in the documentation web application that stated WAR files located outside the appBase were never unpacked.
Fix: 57683: Ensure that if a client aborts their connection to the stock ticker example (the only way a client can disconnect), the example continues to work for existing and new clients.
Fix: Make it clear that when using digested passwords with DIGEST authentication that no salt and only a single iteration must be used when generating the digest.
Update: Update examples to use Apache Standard Taglib 1.2.5.

Extras:

Fix: 57377: Remove the restriction that prevented the use of SSL when specifying a bind address with the JMXRemoteLifecycleListener. Also enable SSL to be configured for the registry as well as the server.

Tribes:

Fix: When a map member has been added to ReplicatedMap, make sure to add it to backup nodes list of all other members.
Fix: Make sure that refuse the messages from a different domain in DomainFilterInterceptor.

Other:

Update: Update optional Checkstyle library to 6.4.1.
Fix: 57703: Update the http-method definition for web applications using a Servlet 2.5 descriptor as per Servlet 2.5 MR 6.
Update: Update to Tomcat Native Library version 1.1.33 to pick up the Windows binaries that are based on OpenSSL 1.0.1m and APR 1.5.1.
[close]

http://httpd.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.0.22
« Antwort #20 am: 08 Mai, 2015, 17:20 »
Changelog

Catalina

Fix: 57736: Change the format of the Tomcat specific URLs for resources inside JARs that are in turn packed in a WAR. The ^/ sequence has been replaced by */ so that the resulting URLs are compliant with RFC 2396 and do not trigger exceptions when converted to URIs. The old format will continue to be accepted. (markt)
Fix: 57752: Exclude non-cached resources from the Cache statistics for resource lookups. Patch provided by Adam Mlodzinski. (markt)
Add: Allow logging of the remote port in the access log using the format pattern %{remote}p. (rjung)
Fix: 57556: Refine the previous fix fo rthis issue so that the real path returned only has a trialing separator if the requested path ended with /. (markt)
Fix: 57765: When checking last modified times as part of the automatic deployment process, account for the fact that File.lastModified() has a resolution of one second to ensure that if a file has been modified within the last second, the latest version of the file is always used. Note that a side-effect of this change is that files with modification times in the future are treated as if they are unmodified. (markt)
Fix: Align redeploy resource modification checking with reload modification checking so that now, in both cases, a change in modification time rather than an increase in modification time is used to determine if the resource has changed. (markt)
Fix: Cleanup o.a.tomcat.util.digester.Digester from debug messages that do not give any valuable information. Patch provided by Polina Genova. (violetagg)
Fix: 57772: When reloading a web application and a directory representing an expanded WAR needs to be deleted, delete the directory after the web application has been stopped rather than before to avoid potential ClassNotFoundExceptions. (markt)
Fix: Fix wrong logger name of org.apache.catalina.webresources.StandardRoot. (kfujino)
Fix: 57801: Improve the error message in the start script in case the PID read from the PID file is already owned by a process. (rjung)
Fix: 57841: Improve error logging during web application start.
Fix: 57856: Ensure that any scheme/port changes implemented by the RemoteIpFilter also affect HttpServletResponse.sendRedirect().
Fix: 57863: Fix the RewriteMap support in RewriteValve that did not use the correct key value to look up entries.

Coyote:

Fix: 57779: When an I/O error occurs on a non-container thread only dispatch to a container thread to handle the error if using Servlet 3+ asynchronous processing. This avoids potential deadlocks if an application is performing I/O on a non-container thread without using the Servlet 3+ asynchronous API.
Code: Remove the experimental support for SPDY. No current user agent supports the version of SPDY that the experiment targetted. Note: HTTP/2 support is under development for Tomcat 9 and may be back-ported to Tomcat 8 once complete.
Fix: Possible incomplete writes with SSL NIO2.
Fix: Incorrect reads with SSL NIO2 caused by a bad strategy for handling IO differences between NIO and NIO2 that don't seem to be justified.
Fix: After some errors, the pending flags could remain set when using SSL NIO2.
Fix: 57833: When using JKS based keystores for NIO or NIO2, ensure that the key alias is always converted to lower caes since that is what JKS key stores expect. Based on a patch by Santosh Giri Govind M.
Fix: 57837: Add text/css to the default list of compressable MIME types.

Jasper:

Fix: 57845: Ensure that, if the same JSP is accessed directly and via a declaration in web.xml, updates to the JSP are visible (subject to the normal rules on re-compilation) regardless of how the JSP is accessed.
Fix: 57855: Explicitly handle the case where a MethodExpression is invoked with null or the wrong number of parameters. Rather than failing with an ArrayIndexOutOfBoundsException or a NullPointerException throw an IllegalArgumentException with a useful error message.

Cluster:

Fix: Avoid unnecessary call of DeltaRequest.addSessionListener() in non-primary nodes.
Add: Add new attribute that send all actions for session across Tomcat cluster nodes.
Fix: Remove unused pathname attribute in mbean definition of BackupManager.

WebSocket:

Fix: 57761: Ensure that the opening HTTP request is correctly formatted when the WebSocket client connects to a server root.
Fix: 57762: Ensure that the WebSocket client correctly detects when the connection to the server is dropped.
Fix: 57776: Revert the 8.0.21 fix for the permessage-deflate implementation and incorrect op-codes since the fix was unnecessary (the bug only affected trunk) and the fix broke rather than fixed permessage-deflate if an uncompressed message was converted into more than one compressed message.
Fix: Fix log name typo in WsRemoteEndpointImplServer class, caused by a copy-paste.
Fix: 57788: Avoid NPE when looking up a class hierarchy without finding anything.

Web applications:

Add: 57759: Add information to the keyAlias documentation to make it clear that the order keys are read from the keystore is implementation dependent.
Fix: 57864: Update the documentation web application to make it clearer that hex values are not valid for cluster send options. Based on a patch by Kyohei Nakamura.

Tribes:

Fix: Fix a concurrency issue when a backup message that has all session data and a backup message that has diff data are processing at the same time. This fix ensures that MapOwner is set to ReplicatedMapEntry.

Other:

Fix: Add missing pom for tomcat-storeconfig.
Update: Update optional Checkstyle library to 6.5.
Fix: 57707: Improve error message when trying to run a release build on a non-Windows platform and Wine is not available.
[close]

http://httpd.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache HTTP Server 2.4.16
« Antwort #21 am: 17 Juli, 2015, 17:30 »
Changelog
http: Fix LimitRequestBody checks when there is no more bytes to read. [Michael Kaufmann ]
mod_alias: Revert expression parser support for Alias, ScriptAlias and Redirect due to a regression (introduced in 2.4.13, not released).
mod_reqtimeout: Don't let pipelining checks and keep-alive times interfere with the timeouts computed for subsequent requests. PR 56729. [Eric Covener, Yann Ylavic]
core: Avoid a possible truncation of the faulty header included in the HTML response when LimitRequestFieldSize is reached. [Yann Ylavic]
mod_ldap: In some case, LDAP_NO_SUCH_ATTRIBUTE could be returned instead of an error during a compare operation. [Eric Covener]
[close]

https://httpd.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.0.26
« Antwort #22 am: 26 August, 2015, 16:15 »
Changelog

Add: 58255: Document the Semaphore valve.

8.0.25:

Catalina:

Fix: Make the WAR manifest file available for WebResource instances from an unpacked WAR in the same way the manifest is available if the WAR is not unpacked. (markt)
Fix: Ensure that only /WEB-INF/classes/ and /WEB-INF/lib/ are excluded from the web resource caching. (Resources loaded from these locations are cached by the web application class loader.) (markt)
Add: 57741: Enable the CGI servlet to use the standard error page mechanism. Note that if the CGI servlet's debug init parameter is set to 10 or higher then the standard error page mechanism will be bypassed and a debug response generated by the CGI servlet will be returned instead. (markt)
Fix: 58031: Make the (first) reason parameter parsing failed available as a request attribute and then use it to provide a better status code via the FailedRequstFilter (if configured). (markt)
Fix: 58086: Correct a regression in the fix for 58086 that incorrectly handled WAR URLs. (violetagg)
Fix: 58096: Classes loaded from /WEB-INF/classes/ should use that directory as their code base. (markt)
Fix: Fix possible resource leaks by closing streams properly. Issues reported by Coverity Scan. (violetagg)
Fix: 58116: Fix regression in the fix for 57281 that broke Comet support when running under a security manager. Based on a patch provided by Johno Crawford. (markt)
Fix: 58125: Avoid a possible ClassCircularityError when running under a security manager. (markt)
Fix: 58179: Fix a thread safety issues that could mean concurrent threads setting the same attribute on a ServletContext could both see null as the old value. (markt)
Fix: Allow web archives bigger than 2G to be deployed using ANT tasks. (violetagg)
Fix: 58192: Correct a regression in the previous fix for 58023. Ensure that classes are associated with their manifest even if the class file is first read (and cached) without the manifest. (markt)
Fix: Fix thread safety issue in the AsyncContext implementation that meant a sequence of start();dispatch(); calls using non-container threads could result in a previous dispatch interfering with a subsequent start. (markt)
Fix: 58228: Make behaviour of ServletContext.getResource() and ServletContext.getResourceAsStream() consistent with each other and the expected behaviour of the GET_RESOURCE_REQUIRE_SLASH system property. (markt)
Fix: 58230: Fix input stream corruption if non-blocking I/O is used and the first read is made immediately after the switch to async mode rather than in response to onDataAvaiable() and that read does not read all the available data. (markt)
Fix: Ensure that log4javascript*.jar was not excluded from the standard JAR scanning by default. (markt)

Coyote:

Fix: 57943: Prevent the same socket being added to the cache twice. Patch based on analysis by Ian Luo / Sun Qi. (markt)
Fix: Add text/javascript,application/javascript to the default list of compressable MIME types. (violetagg)
Fix: 58103: When pipelining requests, and the previous request was an async request, ensure that the socket is removed from the waiting requests so that the async timeout thread doesn't process it during the next request. (markt)
Fix: 58151: Correctly handle EOF in the AJP APR/native connector to prevent the connector entering a loop and generate excessive CPU load. (markt)
Fix: In the AJP and HTTP NIO connectors, ensure that the socket timeout is correctly set before adding the socket back to the poller for read. (markt)
Fix: 58157: Ensure that the handling of async timeouts does not result in an unnecessary dispatch to a container thread that could result in the current socket being added to the Poller multiple times with multiple attempts to process the same event for the same socket. (markt)
Fix: Correct a coupe of edge cases in RequestUtil.normalize(). (markt)

Jasper:

Fix: 58110: Like scriptlet sections, declaration sections of JSP pages have a one-to-one mapping of lines to the generated .java file. Use this information to provide more accurate error messages if a compilation error occurs in a declaration section. (markt)
Fix: 58119: When tags are compiled they must be placed in the org/apache/jsp/tag/web directory. Correct a regression in the fix for 52725. (violetagg)
Fix: Fix a resource leak in JspC identified by Eclipse. (markt)
Fix: 58178: Expressions in a tag file should use the tag file's PageContext rather than that of the containing page. (markt)
Fix: Following on from the fix for 58178, expressions in a tag file should use the tag file's imports rather than those of the containing page. (markt)

WebSocket:

Fix: 58166: Allow applications to send close codes in the range 3000-4999 inclusive. (markt)
Fix: 58232: Avoid possible NPE when adding endpoints programmatically to the javax.websocket.server.ServerContainer. Based on a patch provided by bastian.(violetagg)

Web applications:

Fix: Correct the incorrect document of QueryTimeoutInterceptor. The setting value is not in milliseconds but in seconds. (kfujino)
Fix: 58112: Update the documentation for using the Catalina tasks in an Apache Ant build file. (markt)
Fix: Improve the Javadoc for some of the APR socket read functions that have inconsistent behaviour for return values. (markt)

jdbc-pool:

Fix: 58042: The default value of logFailed attribute of SlowQueryReport is changed to false so that the failed queries are not logged by default. (kfujino)
Fix: Fix potential NPE in QueryTimeoutInterceptor. (kfujino)
Fix: Add support for stopping the pool cleaner via JMX. (kfujino)
Fix: The fairness attribute and ignoreExceptionOnPreLoad attribute do not allow a change via JMX. (kfujino)
Fix: If the timeBetweenEvictionRunsMillis attribute is changed via jmx, it should restart the pool cleaner because this attribute affects the execution interval of the pool cleaner. (kfujino)
Fix: Eliminate the dependence on maxActive of busy queues and idle queue in order to enable the expansion of the pool size via JMX. (kfujino)

Other:

Update: Update optional Checkstyle library to 6.8.1. (kkolinko)
Fix: Update sample Eclipse IDE configuration to exclude test/webapp* and similar paths from compiler sourcepath. (kkolinko)
Update: Update package renamed Apache Commons Pool to Commons Pool 2.4.2. (markt)
Update: Update package renamed Apache Commons DBCP to Commons DBCP 2.1.1. (markt)
Add: Support the use of the threads attribute on Ant's junit task. Note that using this with a value of greater than one will disbale Cobertura code coverage. (markt)
[close]

http://httpd.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.0.27
« Antwort #23 am: 02 Oktober, 2015, 18:38 »
Changelog
Fix: 58187: Correct a regression in the fix for 57765 that meant that deployment of web applications deployed via the Manager application was delayed until the next execution of the automatic deployment background process. (markt)
Fix: 58284: Correctly implement session serialization so non-serializable attributes are skipped with a warning. Patch provided by Andrew Shore. (markt)
Fix: 58313: Fix concurrent access of encoders map when clearing encoders prior to switch to async. (markt)
Fix: 58320: Fix concurrent access of request attributes which is possible during asynchronous processing. (markt)
Fix: 58352: Always trigger a thread dump if Tomcat fails to stop gracefully from catalina.sh even if using -force. Patch provided by Alexandre Garnier. (markt)
Fix: 58368: Fix a rare data race in the code that obtains the ApplicationFilterFactory instance. (markt)
Fix: 58369: Fix a rare data race in the code that obtains the CookieProcessor for a StandardContext instance. (markt)
Fix: Ensure the JAASRealm uses the configured CredentialHandler. (markt)
Fix: 58372: Fix rare data races closed and suspended flags that could be triggered by async and/or comet processing. (markt)
Fix: 58373: Fix rare data race with the application event listeners for StandardContext. (markt)
Fix: 58374: Fix a rare data race in the AsyncContext implementation for access to the internal Tomcat request object to which it holds a reference. (markt)
Fix: 58380: Fix two rare data races in the standard session implementation on the flag that tracks if the session is new and on the field that tracks the maximum inactive period. (markt)
Fix: 58385: Fix a rare data race in the internal flag Tomcat uses to keep track of whether or not a request is being used for Comet processing. (markt)
Fix: 58394: Fix a rare data race in Mapper when adding or removing a host. (markt)
Fix: 58398: Fix a rare data race in LifecycleSupport. (markt)
Fix: 58412: Ensure that the AsyncFileHandler has the source class and method name available for logging. (fschumacher)
Fix: 58416: Correctly detect when a forced stop fails to stop Tomcat because the Tomcat process is waiting on some system call or is uninterruptible. (markt)
Fix: 58436: Fix some rare data races in JULI's ClassLoaderLogManager during shutdown. (markt)
Fix: 58845: Fix off-by one error in calculation of valid characters in a cookie domain. Patch provided by Thorsten Ehlers. (markt)

Coyote:

Fix: Correct some edge cases in RequestUtil.normalize(). (markt)
Fix: 58275: The IBM JREs accept cipher suite names starting with TLS_ or SSL_ but when listing the supported cipher suites only the SSL_ version is reported. This can break Tomcat's check that at least one requested cipher suite is supported. Tomcat now includes a work-around so either form of the cipher suite name can be used when running on an IBM JRE. (markt)
Fix: 58357: For reasons not currently understood when the APR/native connector is used with OpenSSL reads can return an error code when there is no apparent error. This was work-around for HTTP upgrade connections by treating this as EAGAIN. The same fix has now been applied to the standard HTTP connector. (markt)
Code: Minor clean-up in NIO2 SSL handshake code to address some theoretical concurrency issues. (markt)
Fix: 58367: Fix a rare data race in the code that obtains the reason phrase for a given HTTP response code. (markt)
Fix: 58370: Fix a rare data race in the connector shutdown code. (markt)
Fix: 58371: Fix a rare data race when accessing request URI in String form when switching from non-async to async due to early triggering of the gathering of request statistics. (markt)
Fix: 58375: Fix a rare data race on the internal flag Tomcat uses to mark a response as committed. (markt)
Fix: 58377: Fix a rare data race on the internal flag Tomcat uses to mark a request as using HTTP keep-alive when switching to asynchronous processing. (markt)
Fix: 58379: Fix a rare data race on the interal reference Tomcat retains to the socket when switching to asynchronous processing. (markt)
Fix: 58387: Fix a rare data race when closing Comet connections. (markt)
Fix: 58388: Fix a data race when determining if Comet processing is occurring on a container or non-container thread. (markt)
Fix: 58389: Fix a rare data race while shutting down the thread pools on Connector stop. (markt)
Code: Clean up use of error flag on socket wrapper prompted by 58390. (markt)
Code: Remove some unnecessary code from the NIO Poller and fix 58396 as a side-effect. (markt)
Fix: 57799: Remove useless sendfile check for NIO SSL. (remm)

Jasper:

Fix: 57136: Correct a regression in the previous fix for this issue. \${ should only an escape for ${ within an EL expression. Within a JSP page \$ should be an escape for $. The EL specification applies when parsing the expression delimited by ${ and }. Parsing of the delimiting ${ and } is the responsibility of the JSP specification. (markt)
Fix: 58296: Fix a memory leak in the JSP unloading feature that meant that using a value other than -1 for maxLoadedJsps triggered a memory leak once the limit was reached. (markt)
Fix: 58327: Cache the expression string for value expression literals since it is frequently used and may be expensive to evaluate. Patch provided by Andreas Kohn. (markt)
Fix: 58340: Improve error reporting for tag files packaged in JARs. (markt)
Fix: 58424: When parsing TLD files, allow whitespace around boolean configuration values. (schultz)
Fix: Fix a possible resource leak reported by coverity scan. (fschumacher)
Fix: 58427: Enforce the JSP specification defined limitations of which elements are allowed in an implicit.tld file. (markt)
Fix: 58444: Ensure that JSPs work with any custom base class that meets the requirements defined in the JSP specification without requiring that base class to implement Tomcat specific code. (markt)

Cluster:

Fix: Fix a default clusterListeners in SimpleTcpCluster. The optimal default value is different for each session manager. ClusterSessionListener is never used in BackupManager. (kfujino)
Fix: Correct log messages in case of using BackupManager. (kfujino)

WebSocket:

Fix: 58342: Fix a copy and paste error that meant MessageHandler removal could fail for binary and pong MessageHandlers. Patch provided by DJ. (markt)
Fix: Data races detected by RV-Predict, mostly caused by completion handlers running in separate threads. (markt)
Fix: 58414: Correctly handle sending zero length messages when using per message deflate. (markt)

Web applications:

Fix: Correct documentation for cluster-howto. (kfujino)
Fix: Add missing documentation for property alwaysAddExpires for the LegacyCookieProcessor. (markt)

Tribes:

Add: Add support for configurations of ChannelListener and MembershipListener in server.xml. (kfujino)
Fix: Correct log messages in case of using ReplicatedMap. (kfujino)
Fix: 58381: Fix a rare data race in the NioReceiver. (markt)
Fix: 58382: Fix multiple rare data races in the default membership implementation. (markt)
Fix: 58383: Fix a data race in SenderState. (markt)
Fix: 58386: Fix a data race in ObjectReader. (markt)
Fix: 58391: Fix multiple data races in NonBlockingCoordinator, most of which were associated with ensuring that log messages contained the correct information. (markt)
Fix: 58392: Fix a data race in DomainFilterInterceptor. (markt)
Fix: 58393: Fix a data race on the listener in McastService. (markt)
Fix: 58395: Fix multiple data races in MemberImpl that were likely to cause issues if certain properties were updated concurrently (such updates are unlikely in normal usage). (markt)
Code: Remove some unnecessary code from PooledParallelSender and fix 58397. (markt)

jdbc-pool:

Fix: Make sure the pool has been properly configured when attributes that related to the pool size are changed via JMX. (kfujino)

Other:

Fix: Ensure logging works for all tests in a class rather than just the first one executed. (markt)
Add: 58344: Add build properties to enable tests to be executed against alternative binaries. Based on a patch by Petr Sumbera. (markt)
[close]

http://httpd.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.0.28
« Antwort #24 am: 27 Oktober, 2015, 13:40 »
Changelog

Catalina

    Add: Add support for the custom classpath protocol in URLs. It an be used anywhere Tomcat accepts a URL for a configuration parameter. (markt)
    Fix: 56777: Allow file based configuration resources (user database, certificate revocation lists, keystores an dtrust stores) to be configured using URLs as well as files. (markt)
    Fix: Perform null-checking on input and stored credentials in all Realms before passing credentials off to CredentialHandlers for matching. (schultz)

Coyote

    Update: Add the new ciphers from RFC6655 and RFC7251 to the OpenSSL to JSSE cipher mapping. (markt)
    Update: Remove DES, RC2 and RC4 from DEFAULT for the OpenSSL to JSSE cipher mapping to align with the OpenSSL development branch. (markt)

Jasper

    Fix: Improve the error message when JSP parser encounters an error parsing an attribute value. (markt)

Web applications

    Update: 58474: Provide a reference to the differences between CATALINA_HOME and CATALINA_BASE in the sample application that is part of the documentation web application. (markt)

Extras

    Fix: Ensure JULI adapters does not include the LogFactoryImpl class. Patch provided by Benjamin Gandon. (markt)

[close]

http://httpd.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.0.29
« Antwort #25 am: 02 Dezember, 2015, 17:20 »
Whats new:>>

Add an option to control (per context) quoting of EL expressions in JSP attributes.
Correct a regression in the fix for 56777 that added support for URIs in config file locations.
Add a new RestCsrfPreventionFilter that provides basic CSRF protection for REST APIs.
Use instance manager for WebSocket server endpoint instances.

http://httpd.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.0.30
« Antwort #26 am: 08 Dezember, 2015, 16:15 »
Whats new:>>

Location headers for redirects now use relative URIs. This can be controlled per Context with the useRelativeRedirects attribute.
Correct a regression in 8.0.29 that broke redirects for context roots.
Restore the default setting of quoteAttributeEL in Jasper to true to align with 8.0.26/7.0.64 and earlier as well as other JSP implementations.

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache HTTPD 2.4.18
« Antwort #27 am: 13 Dezember, 2015, 19:20 »
Changelog
Changes with Apache 2.4.18

  *) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection
     if conn_rec itself holds no valid SSLConnRec*. Fixes PR58666.
     [Stefan Eissing]

  *) mod_http2: connection level window for flow control is set to protocol
     maximum of 2GB-1, preventing window exhaustion when sending data on many
     streams with higher cumulative window size.
     Reducing write frequency unless push promises need to be flushed.
     [Stefan Eissing]
 
  *) mod_http2: required minimum version of libnghttp2 is 1.2.1
     [Stefan Eissing]
 
  *) mod_proxy_fdpass: Fix AH01153 error when using the default configuration.
     In earlier version of httpd, you can explicitelly set the 'flusher' parameter
     to 'flush' as a workaround. (i.e. flusher=flush)
     Add documentation for the 'flusher' parameter when defining a proxy worker.
     [Christophe Jaillet]

  *) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure
     to only staple responses with certificate status "good". [Kaspar Brand]

  *) mod_http2: new directive 'H2PushPriority' to allow priority specifications
     on server pushed streams according to their content-type.
     [Stefan Eissing]
     
  *) mod_http2: fixes crash on connection abort for a busy connection.
     fixes crash on a request that did not produce any response.
     [Stefan Eissing]

  *) mod_http2: trailers are sent after reponse body if set in request_rec
     trailers_out before the end-of-request bucket is sent through the
     output filters. [Stefan Eissing]

  *) mod_http2: incoming trailers (headers after request body) are properly
     forwarded to the processing engine. [Stefan Eissing]

  *) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server
     pushes a server/virtual host. Pushes are initiated by the presence
     of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing]
     
  *) mod_http2: write performance of http2 improved for larger resources,
     especially static files. [Stefan Eissing]
     
  *) core: if the first HTTP/1.1 request on a connection goes to a server that
     prefers different protocols, these protocols are announced in a Upgrade:
     header on the response, mentioning the preferred protocols.
     [Stefan Eissing]
     
  *) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs'
     to control TLS record sizes during connection lifetime.
     [Stefan Eissing]
     
  *) mod_http2: new directive 'H2ModernTLSOnly' to enforce security
     requirements of RFC 7540 on TLS connections. [Stefan Eissing]
     
  *) core: add ap_get_protocol_upgrades() to retrieve the list of protocols
     that a client could possibly upgrade to. Use in first request on a
     connection to announce protocol choices. [Stefan Eissing]

  *) mod_http2: reworked deallocation on connection shutdown and worker
     abort. Separate parent pool for all workers. worker threads are joined
     on planned worker shutdown. [Yann Ylavic, Stefan Eissing]
     
  *) mod_ssl: when receiving requests for other virtual hosts than the handshake
     server, the SSL parameters are checked for equality. With equal
     configuration, requests are passed for processing. Any change will trigger
     the old behaviour of "421 Misdirected Request".
     SSL now remembers the cipher suite that was used for the last handshake.
     This is compared against for any vhost/directory cipher specification.
     Detailed examination of renegotiation is only done when these do not
     match.
     Renegotiation is 403ed when a master connection is present. Exact reason
     is given additionally in a request note. [Stefan Eissing]

  *) core: Fix scoreboard crash (SIGBUS) on hardware requiring strict 64bit
     alignment (SPARC64, PPC64).  [Yann Ylavic]

  *) mod_cache: Accept HT (Horizontal Tab) when parsing cache related header
     fields as described in RFC7230. [Christophe Jaillet]

  *) core/util_script: making REDIRECT_URL a full URL is now opt-in
     via new 'QualifyRedirectURL' directive.

  *) core: Limit to ten the number of tolerated empty lines between request,
     and consume them before the pipelining check to avoid possible response
     delay when reading the next request without flushing.  [Yann Ylavic]

  *) mod_ssl: Extend expression parser registration to support ssl variables
     in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
     syntax "ssl(VARNAME)". [Rainer Jung]
[close]

Download : Klick

https://httpd.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 9.0.0 M4
« Antwort #28 am: 17 März, 2016, 13:40 »
Changelog

Catalina:

Fix: Ensure that /WEB-INF/classes is never processed as a web fragment. (markt)
Update: Switch default connector when native is installed. Unless configured otherwise, the NIO endpoint will be used by default. If SSL is configured, OpenSSL will be used rather than JSSE. (remm)
Fix: Correct a regression in the fix for 58867. When configuring a Context to use an external directory for the docBase, and that directory happens to be located along side the original WAR, use the directory as the docBase rather than expanding the WAR into the appBase and using the newly created expanded directory as the docBase. (markt)
Add: 58351: Make the server build date and server version number accessible via JMX. Patch provided by Huxing Zhang. (markt)
Add: 58988: Special characters in the substitutions for the RewriteValve can now be quoted with a backslash. (fschumacher)
Fix: 58999: Fix class and resource name filtering in WebappClassLoader. It throws a StringIndexOutOfBoundsException if the name is exactly "org" or "javax". (rjung)
Add: Add JASPIC (JSR-196) support. (markt)
Add: Make checking for var and map replacement in RewriteValve a bit stricter and correct detection of colon in var replacement. (fschumacher)
Fix: Refactor the web application class loader to reduce the impact of JAR scanning on the memory footprint of the web application. (markt)
Fix: Fix some resource leaks in the error handling for accessing files from JARs and WARs. (markt)
Fix: Refactor the JAR and JAR-in-WAR resource handling to reduce the memory footprint of the web application. (markt)
Fix: Refactor the web.xml parsing so a new parser is created every time the web application starts rather than creating and caching the parser when the Context is created. This enables the parser to take account of modified Context configuration parameters and reduces (slightly) the memory footprint of a running Tomcat instance. (markt)
Update: Switch to the web application class loader to the ParallelWebappClassLoader by default. (markt)
Fix: 57809: Remove the custom context attribute that held the effective web.xml. Components needing access to configuration information may access it via the Servlet API. (markt)
Fix: Refactor JAR scanning to reduce memory footprint. (markt)
Fix: 59001: Correctly handle the case when Tomcat is installed on a path where one of the segments ends in an exclamation mark. (markt)
Fix: Expand the fix for 59001 to cover the special sequences used in Tomcat's custom jar:war: URLs. (markt)
Fix: 59043: Avoid warning while expiring sessions associated with a single sign on if HttpServletRequest.logout() is used. (markt)
Fix: 59054: Ensure that using the CrawlerSessionManagerValve in a distributed environment does not trigger an error when the Valve registers itself in the session. (markt)
Fix: Add socket properties support to storeconfig. (remm)
Fix: Fix incorrect parsing of the NE and NC flags in rewrite rules. (remm)
Fix: 59065: Correct the timing of the check for colons in paths on non-Windows systems implemented in catalina.sh so it works correctly with Cygwin. Patch provided by Ed Randall. (markt)
Fix: When a Host is configured with an appBase that does not exist, create the appBase before trying to expand an external WAR file into it. (markt)
Fix: 59115: When using the Servlet 3.0 file upload, the submitted file name may be provided as a token or a quoted-string. If a quoted-string, unquote the string before returning it to the user. (markt)
Fix: 59123: Close NamingEnumeration objects used by the JNDIRealm once they are no longer required. (fschumacher/markt)
Add: Implement the proposed Servlet 4.0 API to provide mapping type information for the current request. (markt)
Fix: 59138: Correct a false positive warning for ThreadLocal related memory leaks when the key class but not the value class has been loaded by the web application class loader. (markt)
Add: 59017: Make the pre-compressed file support in the Default Servlet generic so any compression may be used rather than just gzip. Patch provided by Mikko Tiihonen. (markt)
Fix: 59145: Don't log an invalid warning when a user logs out of a session associated with SSO. (markt)
Fix: 59150: Add an additional flag on APR listener to allow disabling automatic use of OpenSSL. (remm)
Fix: 59151: Fix a regression in the fix for 56917 that added additional (and arguably unnecessary) validation to the provided redirect location. (markt)
Fix: 59154: Fix a NullPointerException in the JASSMemoryLoginModue resulting from the introduction of the CredentialHandler to Realms. (schultz/markt)

Coyote:

Fix: Handle the case in the NIO2 connector where the required TLS buffer sizes increase after the connection has been initiated. (markt/remm)
Fix: Bad processing of handshake errors in NIO2. (remm)
Fix: Use JSSE session configuration options with OpenSSL. (remm)
Fix: 59015: Fix potential cause of endless APR Poller loop during shutdown if the Poller experiences an error during the shutdown process. (markt)
Fix: Align cipher aliases for kECDHE and ECDHE with the current OpenSSL implementation. (markt)
Fix: 59081: Retain the user defined cipher order when defining ciphers. (markt)
Fix: 59089: Correctly ignore HTTP headers that include non-token characters in the header name. (markt)

Jasper:

Update: Update to the Eclipse JDT Compiler 4.5.1. (markt)
Fix: 57583: Improve the performance of javax.servlet.jsp.el.ScopedAttributeELResolver when resolving attributes that do not exist. This improvement only works when Jasper is used with with Tomcat's EL implementation. (markt)
WebSocket:
Fix: Fix a timing issue on session close that could result in an exception being thrown for an incomplete message even through the message was completed. (markt)
Fix: Correctly handle compression of partial messages when the final message fragment has a zero length payload. (markt)
Fix: 59119: Correct read logic for WebSocket client when using secure connections. (markt)
Fix: 59134: Correct client connect logic for secure connections made through a proxy. (markt)

Web applications:

Fix: Correct an error in the documentation of the expected behaviour for automatic deployment. If a WAR is updated and an expanded directory is present, the directory will always be deleted and recreated by expanding the WAR if unpackWARs is true. (markt)
Fix: 48674: Implement an option within the Host Manager web application to persist the current configuration. Based on a patch by Coty Sutherland. (markt)
Fix: 58935: Remove incorrect references in the documentation to using jar:file: URLs with the Manager application. (markt)
Fix: Correct the description of the ServletRequest.getServerPort() in Proxy How-To. Issue reported via comments.apache.org. (violetagg)
Add: The Manager and Host Manager applications are now only accessible via localhost by default. (markt)

Tribes:

Fix: If promoting a proxy node to a primary node when getting a session, notify the change of the new primary node to the original backup node. (kfujino)

Other:

Fix: 58283: Change the default download location for libraries during the build process from /usr/share/java to ${user.home}/temp. Patch provided by Ahmed Hosni. (markt)
Fix: 59031: When using the Windows uninstaller, do not remove the contents of any directories that have been symlinked into the Tomcat directory structure. (markt)
Update: Update the packaged version of the Tomcat Native Library to 1.2.5 to pick up the Windows binaries that are based on OpenSSL 1.0.2g and APR 1.5.1. (markt)
Update: Modify the default tomcat-user

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.0.33
« Antwort #29 am: 31 März, 2016, 18:45 »
Changelog

Catalina

    Fix: Correct a regression in the fix for 58867. When configuring a Context to use an external directory for the docBase, and that directory happens to be located along side the original WAR, use the directory as the docBase rather than expanding the WAR into the appBase and using the newly created expanded directory as the docBase. (markt)
    Add: 58351: Make the server build date and server version number accessible via JMX. Patch provided by Huxing Zhang. (markt)
    Add: 58988: Special characters in the substitutions for the RewriteValve can now be quoted with a backslash. (fschumacher)
    Fix: 58999: Fix class and resource name filtering in WebappClassLoader. It throws a StringIndexOutOfBoundsException if the name is exactly "org" or "javax". (rjung)
    Code: Remove unnecessary code. There is no support for context level cluster. (kfujino)
    Add: Make checking for var and map replacement in RewriteValve a bit stricter and correct detection of colon in var replacement. (fschumacher)
    Fix: Fix the type of InstanceManager attribute of mbean definition of StandardContext. (kfujino)
    Fix: Refactor the web application class loader to reduce the impact of JAR scanning on the memory footprint of the web application. (markt)
    Fix: Fix some resource leaks in the error handling for accessing files from JARs and WARs. (markt)
    Fix: Refactor the JAR and JAR-in-WAR resource handling to reduce the memory footprint of the web application. (markt)
    Fix: 57809: Deprecate the custom context attribute org.apache.tomcat.util.scan.MergedWebXml which will be removed in Tomcat 9. (markt)
    Fix: 59001: Correctly handle the case when Tomcat is installed on a path where one of the segments ends in an exclamation mark. (markt)
    Fix: Expand the fix for 59001 to cover the special sequences used in Tomcat's custom jar:war: URLs. (markt)
    Fix: 59043: Avoid warning while expiring sessions associated with a single sign on if HttpServletRequest.logout() is used. (markt)
    Fix: 59054: Ensure that using the CrawlerSessionManagerValve in a distributed environment does not trigger an error when the Valve registers itself in the session. (markt)
    Fix: Storeconfig handling of alternate cookie processors. (markt/remm)
    Fix: Storeconfig handling for socket properties. (remm)
    Add: Log a warning message if a user tries to configure the default session timeout via the deprecated (and ignored) Manager.setMaxInactiveInterval() method. (markt)
    Fix: Fix incorrect parsing of the NE and NC flags in rewrite rules. (remm)
    Fix: 59065: Correct the timing of the check for colons in paths on non-Windows systems implemented in catalina.sh so it works correctly with Cygwin. Patch provided by Ed Randall. (markt)
    Fix: When a Host is configured with an appBase that does not exist, create the appBase before trying to expand an external WAR file into it. (markt)
    Fix: 59115: When using the Servlet 3.0 file upload, the submitted file name may be provided as a token or a quoted-string. If a quoted-string, unquote the string before returning it to the user. (markt)
    Fix: 59123: Close NamingEnumeration objects used by the JNDIRealm once they are no longer required. (fschumacher/markt)
    Fix: 59138: Correct a false positive warning for ThreadLocal related memory leaks when the key class but not the value class has been loaded by the web application class loader. (markt)
    Fix: 59145: Don't log an invalid warning when a user logs out of a session associated with SSO. (markt)
    Fix: 59151: Fix a regression in the fix for 56917 that added additional (and arguably unnecessary) validation to the provided redirect location. (markt)
    Fix: 59154: Fix a NullPointerException in the JASSMemoryLoginModue resulting from the introduction of the CredentialHandler to Realms. (schultz/markt)

Coyote

    Fix: 58646: Correct a problem with sendfile that resulted in a Processor being added to the cache twice leading to broken responses. (markt)
    Fix: 59015: Fix potential cause of endless APR Poller loop during shutdown if the Poller experiences an error during the shutdown process. (markt)
    Fix: Align cipher aliases for kECDHE and ECDHE with the current OpenSSL implementation. (markt)
    Fix: 59081: Retain the user defined cipher order when defining ciphers using the OpenSSL format. (markt)
    Fix: 59089: Correctly ignore HTTP headers that include non-token characters in the header name. (markt)
    Add: Add support for additional OpenSSL cipher aliases from OpenSSL master when specifying ciphers using the OpenSSL syntax. (markt)

Jasper

    Fix: 57583: Improve the performance of javax.servlet.jsp.el.ScopedAttributeELResolver when resolving attributes that do not exist. This improvement only works when Jasper is used with with Tomcat's EL implementation. (markt)
    Update: 58111: Update to the Eclipse JDT Compiler 4.5. (markt)
    Add: Add Java 9 support for JSPs. (markt)

WebSocket

    Fix: 59014: Ensure that a WebSocket close message can be sent after a close message has been received. (markt)
    Fix: Correctly handle compression of partial messages when the final message fragment has a zero length payload. (markt)
    Fix: 59119: Correct read logic for WebSocket client when using secure connections. (markt)
    Fix: 59134: Correct client connect logic for secure connections made through a proxy. (markt)
    Fix: 59189: Explicitly release the native memory held by the Inflater and Deflater when using PerMessageDeflate and the WebSocket session ends. Based on a patch by Henrik Olsson. (markt)

Web applications

    Fix: Correct an error in the documentation of the expected behaviour for automatic deployment. If a WAR is updated and an expanded directory is present, the directory will always be deleted and recreated by expanding the WAR if unpackWARs is true. (markt)
    Fix: 58935: Remove incorrect references in the documentation to using jar:file: URLs with the Manager application. (markt)
    Fix: Correct the description of the ServletRequest.getServerPort() in Proxy How-To. Issue reported via comments.apache.org. (violetagg)
    Fix: Fix a potenital indefinite wait in the Comet Chat servlet in the examples web application. (markt)

Tribes

    Fix: If promoting a proxy node to a primary node when getting a session, notify the change of the new primary node to the original backup node. (kfujino)

Other

    Fix: 58283: Change the default download location for libraries during the build process from /usr/share/java to ${user.home}/temp. Patch provided by Ahmed Hosni. (markt)
    Fix: 59031: When using the Windows uninstaller, do not remove the contents of any directories that have been symlinked into the Tomcat directory structure. (markt)
    Update: Update the packaged version of the Tomcat Native Library to 1.2.5 to pick up the Windows binaries that are based on OpenSSL 1.0.2g and APR 1.5.1. (markt)
    Update: Modify the default tomcat-users.xml file to make it harder for users to configure the entries intended for use with the examples web application for the Manager application. (markt)

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )