Changelog

Tomcat 8.5.46 (markt)

Catalina

  • Fix: 63684: Wrapper never passed to RealmBase.hasRole() for given security constraints. (michaelo)
  • Fix: Avoid a potential NullPointerException on Service stop if a Service is embedded directly (i.e. with no Server) in an applciation and JNDI is enabled. Patch provided by S. Ali Tokmen. (markt)
  • Add: Add a new PropertySource implementation, EnvironmentPropertySource, that can be used to do property replacement in configuration files with environment variables. Based on a pull request provided by Thomas Meyer. (markt)

Coyote

  • Fix: 63682: Fix a potential hang when using the asynchronous Servlet API to write the response body and the stream and/or connection window reaches 0 bytes in size. (markt)
  • Fix: 63690: Use the average of the current and previous sizes when calculating overhead for HTTP/2 DATA and WINDOW_UPDATE frames to avoid false positives as a result of client side buffering behaviour that causes a small percentage of non-final DATA frames to be smaller than expected. (markt)
  • Fix: 63706: Avoid NPE accessing https port with plaintext. (remm)
  • Fix: Correct typos in the names of the configuration attributes overheadDataThreshold and overheadWindowUpdateThreshold. (markt)
  • Fix: If the HTTP/2 connection requires an initial window size larger than the default, send a WINDOW_UPDATE to increase the flow control window for the connection so that the initial size of the flow control window for the connection is consistent with the increased value. (markt)
  • Fix: 63710: When using HTTP/2, ensure that a content-length header is not set for those responses with status codes that do not permit one. (markt)
  • Fix: 63737: Correct various issues when parsing the accept-encoding header to determine if gzip encoding is supported including only parsing the first header found. (markt)

Web applications

  • Fix: Correct the source code links on the index page for the ROOT web application to point to Git rather than Subversion. (markt)
  • Fix: Fix various issues with the Javadoc generated for the documentation web application to enable release builds to be built with Java 10 onwards. (markt)
  • Fix: Fix a large number of Javadoc and documentation typos. Patch provided by KangZhiDong. (markt)
  • Fix: Spelling and formatting corrections for the cluster how-to. Pull request provided by Bill Mitchell. (markt)

Other

  • Fix: Back-port various corrections and improvements to the English versions of the i18n messages. (markt)
  • Add: Include the available German translations in the standard Tomcat distribution. Back-port additions and updates to the German i18n messages. (markt)
  • Fix: Back-port various corrections and improvements to the Spanish i18n messages. (markt)
  • Fix: Back-port various corrections and improvements to the French i18n messages. (markt)
  • Fix: Back-port various corrections and improvements to the Japanese i18n messages. (markt)
  • Fix: Back-port various corrections and improvements to the Russian i18n messages. (markt)
  • Add: Add Korean translations to the standard Tomcat distribution. (markt)
  • Add: Add Simplifed Chinese translations to the standard Tomcat distribution. (markt)
  • Fix: 62140: Additional usage documentation in comments for catalina.[bat|sh]. (markt)
  • Fix: Fix JSSE_OPTS quoting in catalina.bat. Contributed by Peter Uhnak. (fschumacher)
  • Update: 63625: Update to Commons Daemon 1.2.1. This corrects several regressions in Commons Daemon 1.2.1, most notably the Windows Service crashing on start when using 32-bit JVMs. (markt)
  • Fix: 63689: Correct a regression in the fix for 63285 that meant that when installing a service, the service display name was not set. (markt)
  • Fix: When performing a silent install with the Windows Installer, ensure that the registry entires are added to the 64-bit registry when using a 64-bit JVM. (markt)
  • Fix: Remove unused i18n messages and associated translations. Patch provided by KangZhiDong. (markt)

2019-08-21 Tomcat 8.5.45 (markt)

Coyote

  • Code: Remove the code in the sendfile poller that ensured smaller pollsets were used with older, no longer supported versions of Windows that could not support larger pollsets. (markt)

not released Tomcat 8.5.44 (markt)

Catalina

  • Add: 62258: Don't trigger the standard error page mechanism when the error has caused the connection to the client to be closed as no-one will ever see the error page. (markt)
  • Update: 63627: Implement more fine-grained handling in RealmBase.authenticate(GSSContext, boolean). (michaelo)
  • Add: 62496: Add option to write auth information (remote user/auth type) to response headers. (michaelo)
  • Add: 51497: Add an option, ipv6Canonical, to the AccessLogValve that causes IPv6 addresses to be output in canonical form defined by RFC 5952. (ognjen/markt)
  • Add: 57665: Add support for the X-Forwarded-Host header to the RemoteIpFilter and RemoteIpValve. (markt)
  • Fix: 63550: Only try the alternateURL in the JNDIRealm if one has been specified. (markt)
  • Add: 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter (michaelo)
  • Fix: If an unhandled exception occurs on a asynchronous thread started via AsyncContext.start(Runnable), process it using the standard error page mechanism. (markt)
  • Fix: Discard large byte buffers allocated using setBufferSize when recycling the request. (remm)
  • Fix: 63579: Correct parsing of malformed OPTIONS requests and reject them with a 400 response rather than triggering an internal error that results in a 500 response. (markt)
  • Fix: Correct version information in X-Powered-By header. (markt)
  • Fix: 63608: Align the implementation of the negative match feature for patterns used with the RewriteValve with the description in the documentation. (markt)
  • Fix: Avoid a NullPointerException in the CrawlerSessionManagerValve if no ROOT Context is deployed and a request does not map to any of the other deployed Contexts. Patch provided by Jop Zinkweg. (markt)
  • Fix: 63636: Context.findRoleMapping() never called in StandardWrapper.findSecurityReference(). (michaelo)

Coyote

  • Fix: 63524: Improve the handling of PEM file based keys and certificates that do not include a full certificate chain when configuring the internal, in-memory key store. Improve the handling of PKCS#1 formatted private keys when configuring the internal, in-memory key store. (markt)
  • Fix: 63568: Avoid error when trying to set tcpNoDelay on socket types that do not support it, which can occur when using the NIO inherited channel capability. Submitted by František Kučera. (remm)
  • Fix: Correct parsing of invalid host names that contain bytes in the range 128 to 255 and reject them with a 400 response rather than triggering an internal error that results in a 500 response. (markt)
  • Fix: 63571: Allow users to configure infinite TLS session caches and/or timeouts. (markt)
  • Fix: 63578: Improve handling of invalid requests so that 400 responses are returned to the client rather than 500 responses. (markt)
  • Fix: Fix h2spec test suite failure. It is an error if a Huffman encoded string literal contains the EOS symbol. (jfclere)
  • Add: Connections that fail the TLS handshake will now appear in the access logs with a 400 status code. (markt)
  • Fix: Timeouts for HTTP/2 connections were not always correctly handled leaving some connections open for longer than expected. (markt)
  • Add: Expand the HTTP/2 excessive overhead protection to cover various forms of abusive client behaviour and close the connection if any such behaviour is detected. (markt)
  • Fix: Fix a crash on shutdown with the APR/native connector when a blocking I/O operation was still in progress when the connector stopped. (markt)

Web applications

  • Fix: 63597: Update the custom 404 error page for the Host Manager to take account of previous refactoring so that the page is used for 404 errors rather than falling back to the default error page. (markt)

Other

  • Fix: 63285: Modify service.bat so that when installing a Windows service, by default, it changes the name of the executables used by the Windows service to match the service name. This makes the installation behaviour consistent with the Windows installer. The original executable names will be restored when the Windows service is removed. The renaming can be disabled by using the new --no-rename option after the service name. (markt)
  • Update: Switch from Checkstyle to the JRE6 backport and update to version 8.22. This allows Tomcat 8.5 to use the newer Checkstyle releases while still building with Java 7. (markt)
  • Update: 62696: The digital signature for the Windows installer now uses SHA-256 for hashes. (markt)
  • Update: 63310: Update to Commons Daemon 1.2.0. This provides improved support for Java 11. This also changes the user configured by the Windows installer for the Windows service from Local System to the lower privileged Local Service. (markt)
  • Fix: 55969: Tighten up the security of the Apache Tomcat installation created by the Windows installer. Change the default shutdown port used by the Windows installer from 8005 to -1 (disabled). Limit access to the chosen installation directory to local administrators, Local System and Local Service. (markt)
  • Add: 63285: Add an option to service.bat so that when installing a Windows service, the name of the executables used by the Windows service may be changed to match the service name. This makes the installation behaviour consistent with the Windows installer. The original executable names will be restored when the Windows service is removed. The renaming can be enabled by using the new --rename option after the service name. (markt)
  • Fix: 63567: Restore the passing of $LOGGING_MANAGER to the jvm in catalina.sh when calling stop. (markt)
  • Update: Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) to pick up the fix for CODEC-134. (markt)
  • Update: Update the internal fork of Commons Pool2 to 796e32d (2018-08-01) to pick up the changes Commons Pool2 2.7.0. (markt)
  • Update: Update the internal fork of Commons