Autor Thema: Webserversoftware diverses ...  (Gelesen 15543 mal)

0 Mitglieder und 1 Gast betrachten dieses Thema.

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.5.8
« Antwort #30 am: 04 Dezember, 2016, 19:20 »
Changelog

Coyote:

Fix: Check that threadPriority values used in AbstractProtocol are valid. (fschumacher)



Apache Tomcat 8.5.7

    Catalina:

    Fix: When creating a new Connector via JMX, ensure that both HTTP/1.1 and AJP/1.3 connectors can be created. (markt)
    Fix: Include the Context name in the log message when an item cannot be added to the cache. (markt)
    Fix: Exclude JAR files in /WEB-INF/lib from the static resource cache. (markt)
    Fix: When calling getResourceAsStream() on a directory, ensure that null is returned. (markt)
    Fix: 60161: Allow creating subcategories of the container logger, and use it for the rewrite valve. (remm)
    Fix: Correctly test for control characters when reading the provided shutdown password. (markt)
    Fix: 60297: Simplify connector creation in embedded mode. (remm)
    Fix: Refactor creation of containers in embedded mode for more consistency and flexibility. (remm)
    Add: Introduce new methods read(ByteBuffer)/ write(ByteBuffer) in o.a.catalina.connector.CoyoteInputStream/ o.a.catalina.connector.CoyoteOutputStream. (violetagg)
    Fix: When configuring the JMX remote listener, specify the allowed types for the credentials. (markt)

    Coyote:

    Fix: Correct the HPACK header table size configuration that transposed the client and server table sizes when creating the encoder and decoder. (markt)
    Fix: Don't continue to process an HTTP/2 stream if it is reset during header parsing. (markt)
    Fix: HTTP/2 uses separate headers for each Cookie. As required by RFC 7540, merge these into a single Cookie header before processing continues. (markt)
    Fix: Align the HTTP/2 implementation with the HTTP/1.1 implementation and return a 500 response when an unhandled exception occurs during request processing. (markt)
    Fix: Correct the HTTP header parser so that DEL is not treated as a valid token character. (markt)
    Add: Add checks around the handling of HTTP/2 pseudo headers. (markt)
    Add: Add support for trailer headers to the HTTP/2 implementation. (markt)
    Fix: 60232: When processing headers for an HTTP/2 stream, ensure that the read buffer is large enough for the header being processed. (markt)
    Add: Add configuration options to the HTTP/2 implementation to control the maximum number of headers allowed, the maximum size of headers allowed, the maximum number of trailer headers allowed, the maximum size of trailer headers allowed and the maximum number of cookies allowed. (markt)
    Fix: Correctly differentiate between sending and receiving a reset frame when tracking the state of an HTTP/2 stream. (markt)
    Fix: 60319: When using an Executor, disconnect it from the Connector attributes maxThreads, minSpareThreads and threadPriority to enable the configuration settings to be consistently reported. These Connector attributes will be reported as -1 when an Executor is in use. The values used by the executor may be set and obtained via the Executor. (markt)
    Fix: If an I/O error occurs during async processing on a non-container thread, ensure that the onError() event is triggered. (markt)
    Fix: Improve detection of I/O errors during async processing on non-container threads and trigger async error handling when they are detected. (markt)
    Add: Add additional checks for valid characters to the HTTP request line parsing so invalid request lines are rejected sooner. (markt)

    Jasper:

    Update: Update to the Eclipse JDT Compiler 4.6.1. (markt)

    Web applications:

    Add: Add HTTP/2 configuration information to the documentation web application. (markt)
    Fix: Fix default value of validationInterval attribute in jdbc-pool. (kfujino)
    Fix: Correct a typo in CGI How-To. Issue reported via comments.apache.org. (violetagg)

    Tribes:

    Fix: When the proxy node sends a backup retrieve message, ensure that using the channelSendOptions that has been set rather than the default channelSendOptions. (kfujino)

    Other:

    Add: Add the JASPIC API jar to the Maven Central publication script. (markt)
    Fix: Remove classes from tomcat-util-scan.jar that are duplicates of those in tomcat-util.jar. (markt)

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 9.0.0 M17
« Antwort #31 am: 09 März, 2017, 19:15 »
Changelog

Catalina:

Add: Extend the JreMemoryLeakPreventionListener to provide protection against ForkJoinPool.commonPool() related memory leaks. (markt)

Coyote:

Fix: Ensure UpgradeProcessor instances associated with closed connections are removed from the map of current connections to Processors. (markt)
Fix: Remove a workaround for a problem previously reported with WebSocket, TLS and APR that treated some error conditions as not errors. The original problem cannot be reproduced with the current code and the work-around is now causing problems. (markt)

Jasper:

Fix: 60497: Follow up fix using a better variable name for the tag reuse flag. (remm)
Fix: Revert use of try/finally for simple tags. (remm)

WebSocket:

Fix: Prevent potential processing loop on unexpected WebSocket connection closure. (markt)
jdbc-pool
Add: Enable reset the statistics without restarting the pool. (kfujino)

Other

Update: Update the NSIS Installer used to build the Windows installer to version 3.01. (markt)
Fix: Spelling corrections provided by Josh Soref. (violetagg)

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.5.14
« Antwort #32 am: 19 April, 2017, 17:15 »
Whats new:>>

Correct a regression that broke JMX operations (including the Manager web application) if the operation took parameters
Calls to isReady() no longer throw exceptions after timeouts for async servlets

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.5.23
« Antwort #33 am: 02 Oktober, 2017, 17:45 »
Whats new:>>

A fix for CVE-2017-12617.
Stricter validation of the HTTP Host header.
Add ExtractingRoot, a new WebResourceRoot implementation that extracts JARs to the work directory for improved performance when deploying packed WAR files.
Added support for the OpenSSL SSL_CONF API. To support this the minimum required Tomcat Native version is 1.2.14.

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.5.27
« Antwort #34 am: 24 Januar, 2018, 13:45 »
Whats new:>>

Add support for GZIP compression with HTTP/2
Expand the TLS functionality exposed via the Manager application
Return a simple, plain text error message if a client attempts to make a plain text HTTP connection to a TLS enabled NIO or NIO2 Connector.
Add a new system property (org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE) to control the size of the buffer used by Jasper when buffering tag bodies.

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 7.0.85
« Antwort #35 am: 15 Februar, 2018, 05:40 »
Changelog

Tomcat 7.0.85 (violetagg)

    Catalina

        fix   Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt)
        fix   Avoid duplicate load attempts if one has been made already. (remm)
        fix   Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
        fix   58143: Fix calling classloading transformers broken in 7.0.70 by the fix for 59619. This was observed when using Spring weaving. (rjung)
        fix   62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt)
        fix   62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt)
        fix   62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt)
        fix   When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt)
        fix   Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt)
        fix   Minor optimization when calling class tranformers. (rjung)

    Web applications

        add   48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)

    Other

        update   Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.5.29
« Antwort #36 am: 12 März, 2018, 17:45 »
Whats new:>>

TLS stability improvements.
Correct a regression in the fix for 60276 that meant compression was applied to all MIME types. Patch provided by Stefan Knoblich.
Add documentation for the Host Manager web application.

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 9.0.7
« Antwort #37 am: 10 April, 2018, 05:20 »
Whats new:>>

Add support for the maxDays attribute to the AccessLogValve and ExtendedAccessLogValve. This allows the maximum number of days for which rotated access logs should be retained before deletion to be defined.
Avoid infinite recursion, when trying to validate a session while loading it with PersistentManager.
Correct two protocol errors with HTTP/2 PUSH_PROMISE frames.
The OpenSSL engine SSL session will now ignore invalid accesses.

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 7.0.86
« Antwort #38 am: 16 April, 2018, 19:45 »
Whats new:>>

Add support for the maxDays attribute to the AccessLogValve and ExtendedAccessLogValve. This allows the maximum number of days for which rotated access logs should be retained before deletion to be defined.
Avoid infinite recursion, when trying to validate a session while loading it with PersistentManager.

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.5.31
« Antwort #39 am: 05 Mai, 2018, 09:15 »
Changelog

Catalina:

Fix: 62263: Avoid a NullPointerException when the RemoteIpValve processes a request for which no Context can be found. (markt)
Fix: Fix a rare edge case that is unlikely to occur in real usage. This edge case meant that writing long streams of UTF-8 characters to the HTTP response that consisted almost entirely of surrogate pairs could result in one surrogate pair being dropped. (markt)
Fix: Register MBean when DataSource Resource type="javax.sql.XADataSource". Patch provided by Masafumi Miura. (csutherl)
Add: Update the internal fork of Apache Commons BCEL to r1829827 to add early access Java 11 support to the annotation scanning code. (markt)
Fix: 62297: Enable the CrawlerSessionManagerValve to correctly handle bots that crawl multiple hosts and/or web applications when the Valve is configured on a Host or an Engine. (fschumacher)
Fix: 62309: Fix a SecurityException when using JASPIC under a SecurityManager when authentication is not mandatory. (markt)
Fix: 62329: Correctly list resources in JAR files when directories do not have dedicated entries. Patch provided by Meelis Müür. (markt)
Add: Collapse multiple leading / characters to a single / in the return value of HttpServletRequest#getContextPath() to avoid issues if the value is used with HttpServletResponse#sendRedirect(). This behaviour is enabled by default and configurable via the new Context attribute allowMultipleLeadingForwardSlashInPath. (markt)
Fix: Improve handing of overflow in the UTF-8 decoder with supplementary characters. (markt)

Coyote:

Fix: Correct off-by-one error in thread pool that allowed thread pools to increase in size to one more than the configured limit. Patch provided by usc. (markt)
Fix: Prevent unexpected TLS handshake failures caused by errors during a previous handshake that were not correctly cleaned-up when using the NIO or NIO2 connector with the OpenSSLImplementation. (markt)
Add: Enable strict validation of the provided host name and port for all connectors. Requests with invalid host names and/or ports will be rejected with a 400 response. (markt)
Add: 62273: Implement configuration options to work-around specification non-compliant user agents (including all the major browsers) that do not correctly %nn encode URI paths and query strings as required by RFC 7230 and RFC 3986. (markt)

Jasper:

Enable ECJ version 4.7 and later to be used as a drop in replacement for the ECJ version that ships with Apache Tomcat. (markt)
Fix: Enable Java 10 to be specified as a JSP source and/or target if a newer ECJ version is used. (markt)
Fix: 62287: Do not rely on hash codes to test instances of ValueExpressionImpl for equality. Patch provided by Mark Struberg. (markt)

WebSocket:

62301: Correct a regression in the fix for 61491 that didn't correctly handle a final empty message part in all circumstances when using PerMessageDeflate. (markt)
Fix: 62332: Ensure WebSocket connections are closed after an I/O error is experienced reading from the client. (markt)

Other:

Fix: Avoid warning when running under Cygwin when the JAVA_ENDORSED_DIRS environment variable is not set. Patch provided by Zemian Deng. (markt)

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 9.0.8
« Antwort #40 am: 06 Mai, 2018, 09:45 »
Changelog

Catalina

    Fix: 62263: Avoid a NullPointerException when the RemoteIpValve processes a request for which no Context can be found. (markt)
    Add: 62258: Don't trigger the standard error page mechanism when the error has caused the connection to the client to be closed as no-one will ever see the error page. (markt)
    Fix: Register MBean when DataSource Resource type="javax.sql.XADataSource". Patch provided by Masafumi Miura. (csutherl)
    Fix: Fix a rare edge case that is unlikely to occur in real usage. This edge case meant that writing long streams of UTF-8 characters to the HTTP response that consisted almost entirely of surrogate pairs could result in one surrogate pair being dropped. (markt)
    Add: Update the internal fork of Apache Commons BCEL to r1829827 to add early access Java 11 support to the annotation scanning code. (markt)
    Fix: 62297: Enable the CrawlerSessionManagerValve to correctly handle bots that crawl multiple hosts and/or web applications when the Valve is configured on a Host or an Engine. (fschumacher)
    Fix: 62309: Fix a SecurityException when using JASPIC under a SecurityManager when authentication is not mandatory. (markt)
    Fix: 62329: Correctly list resources in JAR files when directories do not have dedicated entries. Patch provided by Meelis Müür. (markt)
    Add: Collapse multiple leading / characters to a single / in the return value of HttpServletRequest#getContextPath() to avoid issues if the value is used with HttpServletResponse#sendRedirect(). This behaviour is enabled by default and configurable via the new Context attribute allowMultipleLeadingForwardSlashInPath. (markt)
    Fix: Improve handing of overflow in the UTF-8 decoder with supplementary characters. (markt)

Coyote

    Fix: Correct off-by-one error in thread pool that allowed thread pools to increase in size to one more than the configured limit. Patch provided by usc. (markt)
    Fix: Prevent unexpected TLS handshake failures caused by errors during a previous handshake that were not correctly cleaned-up when using the NIO or NIO2 connector with the OpenSSLImplementation. (markt)
    Add: 62273: Implement configuration options to work-around specification non-compliant user agents (including all the major browsers) that do not correctly %nn encode URI paths and query strings as required by RFC 7230 and RFC 3986. (markt)
    Fix: Fix sync for NIO2 async IO blocking read/writes. (remm)

Jasper

    Update: Update the Eclipse Compiler for Java to 4.7.3a. (markt)
    Update: Allow 9 to be used to specify Java 9 as the compiler source and/or compiler target for JSP compilation. The Early Access value of 1.9 is still supported. (markt)
    Add: Add support for specifing Java 10 (with the value 10) as the compiler source and/or compiler target for JSP compilation. (markt)
    Fix: 62287: Do not rely on hash codes to test instances of ValueExpressionImpl for equality. Patch provided by Mark Struberg. (markt)

WebSocket

    Fix: 62301: Correct a regression in the fix for 61491 that didn't correctly handle a final empty message part in all circumstances when using PerMessageDeflate. (markt)
    Fix: 62332: Ensure WebSocket connections are closed after an I/O error is experienced reading from the client. (markt)

Other

    Fix: Avoid warning when running under Cygwin when the JAVA_ENDORSED_DIRS environment variable is not set. Patch provided by Zemian Deng. (markt)

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 9.0.10
« Antwort #41 am: 27 Juni, 2018, 13:17 »
Changelog

Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges are defined using CIDR notation. Based on a patch by Francis Galiegue.
Use NIO2 API for websockets writes.
Update the packaged version of the Tomcat Native Library to 1.2.17 to pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL 1.0.2o.
Correct a regression in the Host validation by removing the requirement that the final component of a FQDN must be alphabetic.

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 9.0.14
« Antwort #42 am: 13 Dezember, 2018, 20:50 »
Release Notes

                     Apache Tomcat Version 9.0.14
                            Release Notes


=========
CONTENTS:
=========

* Dependency Changes
* API Stability
* Bundled APIs
* Web application reloading and static fields in shared libraries
* Security manager URLs
* Symlinking static resources
* Viewing the Tomcat Change Log
* Cryptographic software notice
* When all else fails


===================
Dependency Changes:
===================
Tomcat 9.0 is designed to run on Java SE 8 and later.


==============
API Stability:
==============

The public interfaces for the following classes are fixed and will not be
changed at all during the remaining lifetime of the 9.x series:
- All classes in the javax namespace

The public interfaces for the following classes may be added to in order to
resolve bugs and/or add new features. No existing interface method will be
removed or changed although it may be deprecated.
- org.apache.catalina.* (excluding sub-packages)

Note: As Tomcat 9 matures, the above list will be added to. The list is not
      considered complete at this time.

The remaining classes are considered part of the Tomcat internals and may change
without notice between point releases.


=============
Bundled APIs:
=============
A standard installation of Tomcat 9.0 makes all of the following APIs available
for use by web applications (by placing them in "lib"):
* annotations-api.jar (Annotations package)
* catalina.jar (Tomcat Catalina implementation)
* catalina-ant.jar (Tomcat Catalina Ant tasks)
* catalina-ha.jar (High availability package)
* catalina-storeconfig.jar (Generation of XML configuration from current state)
* catalina-tribes.jar (Group communication)
* ecj-4.9.jar (Eclipse JDT Java compiler)
* el-api.jar (EL 3.0 API)
* jasper.jar (Jasper 2 Compiler and Runtime)
* jasper-el.jar (Jasper 2 EL implementation)
* jsp-api.jar (JSP 2.3 API)
* servlet-api.jar (Servlet 4.0 API)
* tomcat-api.jar (Interfaces shared by Catalina and Jasper)
* tomcat-coyote.jar (Tomcat connectors and utility classes)
* tomcat-dbcp.jar (package renamed database connection pool based on Commons DBCP 2)
* tomcat-jdbc.jar (Tomcat's database connection pooling solution)
* tomcat-jni.jar (Interface to the native component of the APR/native connector)
* tomcat-util.jar (Various utilities)
* tomcat-websocket.jar (WebSocket 1.1 implementation)
* websocket-api.jar (WebSocket 1.1 API)

You can make additional APIs available to all of your web applications by
putting unpacked classes into a "classes" directory (not created by default),
or by placing them in JAR files in the "lib" directory.

To override the XML parser implementation or interfaces, use the appropriate
feature for your JVM. For Java <= 8 use the endorsed standards override
feature. The default configuration defines JARs located in "endorsed" as endorsed.
For Java 9+ use the upgradeable modules feature.


================================================================
Web application reloading and static fields in shared libraries:
================================================================
Some shared libraries (many are part of the JDK) keep references to objects
instantiated by the web application. To avoid class loading related problems
(ClassCastExceptions, messages indicating that the classloader
is stopped, etc.), the shared libraries state should be reinitialized.

Something which might help is to avoid putting classes which would be
referenced by a shared static field in the web application classloader,
and putting them in the shared classloader instead (JARs should be put in the
"lib" folder, and classes should be put in the "classes" folder).


======================
Security manager URLs:
======================
In order to grant security permissions to JARs located inside the
web application repository, use URLs of of the following format
in your policy file:

file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar


============================
Symlinking static resources:
============================
By default, Unix symlinks will not work when used in a web application to link
resources located outside the web application root directory.

This behavior is optional, and the "allowLinking" flag may be used to disable
the check.


==============================
Viewing the Tomcat Change Log:
==============================
The full change log is available from https://tomcat.apache.org and is also
included in the documentation web application.


=============================
Cryptographic software notice
=============================
This distribution includes cryptographic software.  The country in
which you currently reside may have restrictions on the import,
possession, use, and/or re-export to another country, of
encryption software.  BEFORE using any encryption software, please
check your country's laws, regulations and policies concerning the
import, possession, or use, and re-export of encryption software, to
see if this is permitted.  See <http://www.wassenaar.org/> for more
information.

The U.S. Government Department of Commerce, Bureau of Industry and
Security (BIS), has classified this software as Export Commodity
Control Number (ECCN) 5D002.C.1, which includes information security
software using or performing cryptographic functions with asymmetric
algorithms.  The form and manner of this Apache Software Foundation
distribution makes it eligible for export under the License Exception
ENC Technology Software Unrestricted (TSU) exception (see the BIS
Export Administration Regulations, Section 740.13) for both object
code and source code.

The following provides more details on the included cryptographic
software:

  - Tomcat includes code designed to work with JSSE
  - Tomcat includes code designed to work with OpenSSL

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 7.0.93
« Antwort #43 am: 23 Februar, 2019, 09:10 »
Changelog

Catalina:

fix 54741: Add a new method, Tomcat.addWebapp(String,URL), that allows a web application to be deployed from a URL when using Tomcat in embedded mode. (markt)
add 62897: Provide a property (clearReferencesThreadLocals) on the standard Context implementation that enables the check for memory leaks via ThreadLocals to be disabled because this check depends on the use of an API that has been deprecated in later versions of Java. (markt)
fix 62978: Update the RemoteIpValve to handle multiple values in the x-forwarded-proto header. Patch provided by Tom Groot. (markt)
fix Update the RemoteIpFilter to handle multiple values in the x-forwarded-proto header. Based on a patch provided by Tom Groot. (markt)
code 62986: Refactor the code that performs class scanning during web application start to make integration simpler for downstream users. Based on a patch provided by rmannibucau. (markt)
fix Implement the requirements of section 8.2.2 2c of the Servlet specification and prevent a web application from deploying if it has fragments with duplicate names and is configured to use relative ordering of fragments. (markt)
update Update the recommended minimum Tomcat Native version to 1.2.19. (markt)
fix Ensure that the ServletOutputStream implementation is consistent with the requirements of asynchronous I/O and that all of the write methods use a single write rather than multiple writes. (markt)
fix Correct the Javadoc for Context.getDocBase() and Context.setDocBase() and remove text that indicates that a URL may be used for the docBase as this has not been the case for quite some time. (markt)
add Ensure that Tomcat is fully terminated when running as a service. (markt)
fix 63003: Extend the unloadDelay attribute on a Context to include in-flight asynchronous requests. (markt)
add 63026: Add a new attribute, forceDnHexEscape, to the JNDIRealm that forces escaping in the String representation of a distinguished name to use the nn form. This may avoid issues with realms using Active Directory which appears to be more tolerant of optional escaping when the nn form is used. (markt)
update Update the recommended minimum Tomcat Native version to 1.2.21. (markt)
update Simplify the value of jarsToSkip property in catalina.properties file for tomcat-i18n jar files. Use prefix pattern instead of listing each language. (kkolinko)

WebSocket:

fix 57974: Ensure implementation of Session.getOpenSessions() returns correct value for both client-side and server-side calls. (markt)
fix 63019: Use payload remaining bytes rather than limit when writing. Submitted by Benoit Courtilly. (remm)
fix When running under a SecurityManager, ensure that the ServiceLoader look-up for the default javax.websocket.server.ServerEndpointConfig.Configurator implementation completes correctly rather than silently using the hard-coded fall-back. (markt)
fix Ensure that the network connection is closed if the client receives an I/O error trying to communicate with the server. (markt)
fix Ignore synthetic methods when scanning POJO methods. (markt)
fix Implement the requirements of section 5.2.1 of the WebSocket 1.1 specification and ensure that if the deployment of one Endpoint fails, no Endpoints are deployed for that web application. (markt)
fix Implement the requirements of section 4.3 of the WebSocket 1.1 specification and ensure that the deployment of an Endpoint fails if @PathParam is used with an invalid parameter type. (markt)
fix Ensure a DeploymentException rather than an IllegalArgumentException is thrown if a method annotated with @OnMessage does not conform to the requirements set out in the Javadoc. (markt)
fix Improve algorithm that determines if two @OnMessage annotations have been added for the same message type. Prior to this change some matches were missed. (markt)
code Remove the STREAMS_DROP_EMPTY_MESSAGES system property that was introduced to work-around four failing TCK tests. An alternative solution has been implemented. Sending messages via getSendStream() and getSendWriter() will now only result in messages on the wire if data is written to the OutputStream or Writer. Writing zero length data will result in an empty message. Note that sending a message via an Encoder may result in the message being send via getSendStream() or getSendWriter(). (markt)

Web applications:

fix 63103: Remove the unused source.jsp file and associated tag from the examples web application as it is no longer used. (markt)
fix 63143: Ensure that the Manager web application respects the language preferences of the user as configured in the browser when the language of the default system locale is not English. (markt)
fix Use client's preferred language for the Server Status page of the Manager web application. Review and fix several cases when the client's language preference was not respected in Manager and Host Manager web applications. (kkolinko)
fix Fix messages used by Manager and Host Manager web applications. Disambiguate message keys used when adding or removing a host. Improve display of summary values on the status page: separate terms and values with a whitespace. Improve wording of messages for expire sessions command. (kkolinko)
fix Do not add CSRF nonce parameter and suppress Referer header for external links in Manager and Host Manager web applications. (kkolinko)

Other:

fix Prevent an error when running in a Cygwin shell and the JAVA_ENDORSED_DIRS system property is empty. Patch provided by Zemian Deng. (markt)
update Update the packaged version of the Tomcat Native Library to 1.2.19 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1a. (markt)
fix Correct AsyncFileHandler to FileHandler in logging.properties. (huxing)
update Update the packaged version of the Tomcat Native Library to 1.2.21 to pick up the memory leak fixes when using NIO/NIO2 with OpenSSL. (markt)
fix Enable compilation and test execution with Java 11. Note that the deprecated class org.apache.catalina.util.Base64 will be excluded from the build in this case as it depends on JRE classes that have been removed in Java 11 onwards. (markt)
update Update the NSIS Installer used to build the Windows installer to version 3.04. (markt)
add Expand the coverage and quality of the Russian translations provided with Apache Tomcat. (kkolinko)

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 191383
  • Ohne Input kein Output
    • DVB-Cube
Apache Tomcat 8.5.39
« Antwort #44 am: 20 März, 2019, 13:25 »
Changelog

Catalina:

Fix: Minor HTTP/2 push fixes. (remm)
Fix: Refactor how cookies are transferred from the base request to a PushBuilder so that they are accessible, and may be edited, via the standard PushBuilder methods for working with HTTP headers. (markt)
Add: Refactor error handling to enable errors that occur before processing is passed to the application to be handled by the application provided error handling and/or the container provided error handling (ErrorReportValve) as appropriate. (markt)
Add: Pass 404 errors triggered by a missing ROOT web application to the container error handling to generate the response body. (markt)
Add: Pass 400 errors triggered by invalid request targets to the container error handling to generate the response body. (markt)
Add: Pass errors triggered by invalid requests or unavailable services to the application provided error handling and/or the container provided error handling (ErrorReportValve) as appropriate. (markt)
Code: Refactor the MBean implementations for the internal Tomcat components to reduce code duplication. (markt)
Update: Simplify the value of jarsToSkip property in catalina.properties file for tomcat-i18n jar files. Use prefix pattern instead of listing each language. (kkolinko)
Fix: Restore the getter and setter for the access log valve attribute maxLogMessageBufferSize that were accidentally removed. (markt)
Add: 63206: Add a new attribute to Context - createUploadTargets which, if true enables Tomcat to create the temporary upload location used by a Servlet if the location specified by the Servlet does not already exist. The deafult value is false. (markt)
Fix: 63210: Ensure that the Apache Commons DBCP 2 based default connection pool is correctly shutdown when it is no longer required. This ensures that a non-daemon thread is not left running that will prevent Tomcat from shutting down cleanly. (markt)
Fix: 63213: Ensure the correct escaping of group names when searching for nested groups when the JNDIRealm is configured with roleNested set to true. (markt)
Fix: 63236: Use String.intern() as suggested by Phillip Webb to reduce memory wasted due to String duplication. This changes saves ~245k when starting a clean installation. With additional thanks to YourKit Java profiler for helping to track down the wasted memory and the root causes. (markt)
Fix: 63246: Fix a potential NullPointerException when calling AsyncContext.dispatch(). (markt)

Coyote:

Fix: Ensure that the toString(), toBytes() and toChars() methods of MessageBytes behave consistently and do not throw a NullPointerException both on newly created objects and immediately after a call to recycle(). This should not impact typical Tomcat users. It may impact users who use these classes directly in their own code. (markt)
Fix: When performing an HTTP/1.1 upgrade to HTTP/2 (h2c) ensure that the hostname and port from the HTTP/1.1 Host header of the upgraded request are made available via the standard methods ServletRequest.getServerName() and ServletRequest.getServerPort(). (markt)
Fix: Make PEM file parser a public utility class. (remm)
Fix: Refactor the APR/Native endpoint TLS configuration code to enable JSSE style configuration - including JKS keystores - to be used with the APR/Native connector. (markt)
Add: With the TLS configuration refactoring, the configuration attributes sessionCacheSize and sessionTimeout are no longer limited to JSSE implementations. They may now be used with OpenSSL implementations as well. (markt)
Fix: Refactor NIO2 read pending strategy for the classic IO API. (remm)
Fix: 63182: Avoid extra read notifications for HTTP/1.1 with NIO2 when using asynchronous threads. (remm)
Add: 63205: Add a work-around for a known JRE KeyStore loading bug. (markt)
Update: Sync with NIO2 async API from Tomcat 9 branch. (remm)
Fix: NIO2 should try to use SocketTimeoutException everywhere rather than a mix of it and InterruptedByTimeout. (remm)
Fix: Correct an error in the request validation that meant that HTTP/2 push requests always resulted in a 400 response. (markt)
Fix: 63223: Correctly account for push requests when tracking currently active HTTP/2 streams. (markt)
Fix: Verify HTTP/2 stream is still writable before assuming a timeout occurred. (remm)
Fix: Avoid some overflow cases with OpenSSL to improve efficiency, as the OpenSSL engine has an internal buffer. (remm)
Fix: Harmonize HTTP/1.1 NIO2 keepalive code. (remm)

WebSocket:

Code: Remove the STREAMS_DROP_EMPTY_MESSAGES system property that was introduced to work-around four failing TCK tests. An alternative solution has been implemented. Sending messages via getSendStream() and getSendWriter() will now only result in messages on the wire if data is written to the OutputStream or Writer. Writing zero length data will result in an empty message. Note that sending a message via an Encoder may result in the message being send via getSendStream() or getSendWriter(). (markt)

Web applications:

Fix: Use client's preferred language for the Server Status page of the Manager web application. Review and fix several cases when the client's language preference was not respected in Manager and Host Manager web applications. (kkolinko)
Fix: Fix messages used by Manager and Host Manager web applications. Disambiguate message keys used when adding or removing a host. Improve display of summary values on the status page: separate terms and values with a whitespace. Improve wording of messages for expire sessions command. (kkolinko)
Fix: Do not add CSRF nonce parameter and suppress Referer header for external links in Manager and Host Manager web applications. (kkolinko)
Tribes:

Fix: Ensure that members registered in the addSuspects list are static members. (kfujino)

Other:

Add: Expand the coverage and quality of the Russian translations provided with Apache Tomcat. (kkolinko)
Fix: 63041: Revert the changes for 53930 that added support for the CATALINA_OUT_CMD environment variable as they prevented correct operation with systemd configurations that did not explicitly specify a PID file. (markt)

[close]

https://tomcat.apache.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )