63684: Wrapper never passed to
RealmBase.hasRole() for given security constraints.
(michaelo)
Avoid a potential NullPointerException on Service stop if a
Service is embedded directly (i.e. with no Server) in an applciation
and JNDI is enabled. Patch provided by S. Ali Tokmen. (markt)
Add a new PropertySource implementation,
EnvironmentPropertySource, that can be used to do property
replacement in configuration files with environment variables. Based on
a pull request provided by Thomas Meyer. (markt)
Coyote
63682: Fix a potential hang when using the asynchronous
Servlet API to write the response body and the stream and/or connection
window reaches 0 bytes in size. (markt)
63690: Use the average of the current and previous sizes when
calculating overhead for HTTP/2 DATA and
WINDOW_UPDATE frames to avoid false positives as a result
of client side buffering behaviour that causes a small percentage of
non-final DATA frames to be smaller than expected. (markt)
63706: Avoid NPE accessing https port with plaintext. (remm)
Correct typos in the names of the configuration attributes
overheadDataThreshold and
overheadWindowUpdateThreshold. (markt)
If the HTTP/2 connection requires an initial window size larger than the
default, send a WINDOW_UPDATE to increase the flow control window for the
connection so that the initial size of the flow control window for the
connection is consistent with the increased value. (markt)
63710: When using HTTP/2, ensure that a
content-length header is not set for those responses with
status codes that do not permit one. (markt)
63737: Correct various issues when parsing the
accept-encoding header to determine if gzip encoding is
supported including only parsing the first header found. (markt)
Web applications
Correct the source code links on the index page for the ROOT web
application to point to Git rather than Subversion. (markt)
Fix various issues with the Javadoc generated for the documentation web
application to enable release builds to be built with Java 10 onwards.
(markt)
Fix a large number of Javadoc and documentation typos. Patch provided by
KangZhiDong. (markt)
Spelling and formatting corrections for the cluster how-to. Pull request
provided by Bill Mitchell. (markt)
Other
Back-port various corrections and improvements to the English versions
of the i18n messages. (markt)
Include the available German translations in the standard Tomcat
distribution. Back-port additions and updates to the German i18n
messages. (markt)
Back-port various corrections and improvements to the Spanish i18n
messages. (markt)
Back-port various corrections and improvements to the French i18n
messages. (markt)
Back-port various corrections and improvements to the Japanese i18n
messages. (markt)
Back-port various corrections and improvements to the Russian i18n
messages. (markt)
Add Korean translations to the standard Tomcat distribution. (markt)
Add Simplifed Chinese translations to the standard Tomcat distribution.
(markt)
62140: Additional usage documentation in comments for
catalina.[bat|sh]. (markt)
Fix JSSE_OPTS quoting in catalina.bat.
Contributed by Peter Uhnak. (fschumacher)
63625: Update to Commons Daemon 1.2.1. This corrects several
regressions in Commons Daemon 1.2.1, most notably the Windows Service
crashing on start when using 32-bit JVMs. (markt)
63689: Correct a regression in the fix for 63285
that meant that when installing a service, the service display name was
not set. (markt)
When performing a silent install with the Windows Installer, ensure that
the registry entires are added to the 64-bit registry when using a
64-bit JVM. (markt)
Remove unused i18n messages and associated translations. Patch provided
by KangZhiDong. (markt)
2019-08-21 Tomcat 8.5.45 (markt)
Coyote
Remove the code in the sendfile poller that ensured smaller pollsets
were used with older, no longer supported versions of Windows that
could not support larger pollsets. (markt)
not released Tomcat 8.5.44 (markt)
Catalina
62258: Don't trigger the standard error page mechanism when
the error has caused the connection to the client to be closed as no-one
will ever see the error page. (markt)
63627: Implement more fine-grained handling in
RealmBase.authenticate(GSSContext, boolean). (michaelo)
62496: Add option to write auth information (remote user/auth type)
to response headers. (michaelo)
51497: Add an option, ipv6Canonical, to the
AccessLogValve that causes IPv6 addresses to be output in
canonical form defined by RFC 5952. (ognjen/markt)
57665: Add support for the X-Forwarded-Host
header to the RemoteIpFilter and RemoteIpValve.
(markt)
63550: Only try the alternateURL in the
JNDIRealm if one has been specified. (markt)
63556: Mark request as forwarded in RemoteIpValve and
RemoteIpFilter (michaelo)
If an unhandled exception occurs on a asynchronous thread started via
AsyncContext.start(Runnable), process it using the standard
error page mechanism. (markt)
Discard large byte buffers allocated using setBufferSize when recycling
the request. (remm)
63579: Correct parsing of malformed OPTIONS requests and
reject them with a 400 response rather than triggering an internal error
that results in a 500 response. (markt)
Correct version information in X-Powered-By header. (markt)
63608: Align the implementation of the negative match feature
for patterns used with the RewriteValve with the
description in the documentation. (markt)
Avoid a NullPointerException in the
CrawlerSessionManagerValve if no ROOT Context is deployed
and a request does not map to any of the other deployed Contexts. Patch
provided by Jop Zinkweg. (markt)
63636: Context.findRoleMapping() never called
in StandardWrapper.findSecurityReference(). (michaelo)
Coyote
63524: Improve the handling of PEM file based keys and
certificates that do not include a full certificate chain when
configuring the internal, in-memory key store. Improve the handling of
PKCS#1 formatted private keys when configuring the internal, in-memory
key store. (markt)
63568: Avoid error when trying to set tcpNoDelay on socket
types that do not support it, which can occur when using the NIO
inherited channel capability. Submitted by František Kučera. (remm)
Correct parsing of invalid host names that contain bytes in the range
128 to 255 and reject them with a 400 response rather than triggering an
internal error that results in a 500 response. (markt)
63578: Improve handling of invalid requests so that 400
responses are returned to the client rather than 500 responses. (markt)
Fix h2spec test suite failure. It is an error if a Huffman encoded
string literal contains the EOS symbol. (jfclere)
Connections that fail the TLS handshake will now appear in the access
logs with a 400 status code. (markt)
Timeouts for HTTP/2 connections were not always correctly handled
leaving some connections open for longer than expected. (markt)
Expand the HTTP/2 excessive overhead protection to cover various forms
of abusive client behaviour and close the connection if any such
behaviour is detected. (markt)
Fix a crash on shutdown with the APR/native connector when a blocking
I/O operation was still in progress when the connector stopped. (markt)
Web applications
63597: Update the custom 404 error page for the Host Manager
to take account of previous refactoring so that the page is used for
404 errors rather than falling back to the default error page. (markt)
Other
63285: Modify service.bat so that when
installing a Windows service, by default, it changes the name of the
executables used by the Windows service to match the service name. This
makes the installation behaviour consistent with the Windows installer.
The original executable names will be restored when the Windows service
is removed. The renaming can be disabled by using the new
--no-rename option after the service name. (markt)
Switch from Checkstyle to the JRE6 backport and update to version 8.22.
This allows Tomcat 8.5 to use the newer Checkstyle releases while still
building with Java 7. (markt)
62696: The digital signature for the Windows installer now
uses SHA-256 for hashes. (markt)
63310: Update to Commons Daemon 1.2.0. This provides improved
support for Java 11. This also changes the user configured by the
Windows installer for the Windows service from Local System
to the lower privileged Local Service. (markt)
55969: Tighten up the security of the Apache Tomcat
installation created by the Windows installer. Change the default
shutdown port used by the Windows installer from 8005 to
-1 (disabled). Limit access to the chosen installation
directory to local administrators, Local System and Local Service.
(markt)
63285: Add an option to service.bat so that when
installing a Windows service, the name of the executables used by the
Windows service may be changed to match the service name. This makes the
installation behaviour consistent with the Windows installer. The
original executable names will be restored when the Windows service is
removed. The renaming can be enabled by using the new
--rename option after the service name. (markt)
63567: Restore the passing of $LOGGING_MANAGER
to the jvm in catalina.sh when calling stop.
(markt)
Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) to
pick up the fix for CODEC-134. (markt)
Update the internal fork of Commons Pool2 to 796e32d (2018-08-01) to
pick up the changes Commons Pool2 2.7.0. (markt)
63684: 
Add a new 
63625: Update to Commons Daemon 1.2.1. This corrects several
regressions in Commons Daemon 1.2.1, most notably the Windows Service
crashing on start when using 32-bit JVMs. (markt)
Remove the code in the sendfile poller that ensured smaller pollsets
were used with older, no longer supported versions of Windows that
could not support larger pollsets. (markt)