2011年1月17日

[installer 2639] Apache Tomcat 6.0.30, 7.0.6

Apache Tomcat 6.0.30, 7.0.6 出ていました。

セキュリティホールの修正が含まれています(7.0系は 7.0.5 で修正が
含まれていました)。
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
参照のこと。

7.0系は 7.0.6 で beta の文字が外れました。

☆ Apache Tomcat 6.0.30
http://tomcat.apache.org/
http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.30/src/apache-tomcat-6.0.30-src.tar.gz

Tomcat 6.0.30 (jfclere)
General
* filter input of manager app servlets. (kkolinko)
* 43960: Expose available property of StandardWrapper via JMX. (markt)
* Update to Commons Daemon 1.0.5. (mturk)
* Switch to using the Eclipse compiler JAR directly rather than
creating it from the larger JDT download. (markt)
* Allow the off-line building of the extras package. (markt)
* Update to Commons Pool 1.5.5. (markt)
* 49728, 50084: Improve PID file handling when another process is
managing the PID file and Tomcat does not have write access. (markt)
* 49909, 50201: Provide a mechanism to log requests rejected before
they reach the AccessLogValve to appear in the access log. (markt/kkolinko)

Catalina
* 38113: Provide a system property that enables a strict
interpretation of the specification for getQueryString() when an
empty query string is provided by the user agent. (markt)
* Return a copy of the current URLs for the WebappClassLoader to
prevent modification. This facilitated, although it wasn't the root
cause, CVE-2010-1622. (markt)
* 48837: Extend thread local memory leak detection to include classes
loaded by subordinate class loaders to the web application's class
loader such as the Jasper class loader. Patch provided by Sylvain
Laurent. (kkolinko)
* 48973: Avoid creating a SESSIONS.ser file when stopping an
application if there's no session. Patch provided by Marc
Guillemot. (slaurent)
* 49030: Failure during start of one connector should not leave some
connectors started and some ignored. (kkolinko)
* 49195: Don't report an error when shutting down a Windows service
for a Tomcat instance that has a disabled shutdown port. (markt)
* 49209: Fix problem with JDBC driver memory leak prevention when
running under a security manager. Patch provided by Sylvain
Laurent. (markt)
* 49613: Improve performance when using SSL for applications that make
multiple class to Request.getAttributeNames(). Patch provided by
Sampo Savolainen. (markt)
* 49657: Handle CGI executables with spaces in the path. (markt)
* 49667: Ensure that using the JDBC driver memory leak prevention code
does not cause a one of the memory leaks it is meant to avoid. (markt)
* 49749: Respect httpOnly setting of Context when creating SSO
cookie. (markt)
* Provide better web application state information via JMX. (markt)
* 49811: Add an option to disable URL rewriting on a per Context
basis. (markt)
* 49856: Expose the executor name for the connector via JMX. (markt)
* 49915: Make error more obvious, particularly when accessed via
JConsole, if StandardServer.storeConfig() is called when there is no
StoreConfig implementation present. (markt)
* 49965: Use correct i18n resources for StringManager in
JAASRealm. (kkolinko)
* 49987: Fix potential data race in the population of the Servlet
Context initialisation parameters. (markt)
* Code clean-up. Avoid some casts in StandardContext. (markt)
* Add security policy and token poller protection to the JRE memory
leak protection provided in Tomcat 6. (markt/kkolinko)
* 50026: Add support for mapping the default servlet to URLs other
than /. (timw)
* 50128: Improve exception handling in PersistentManagerBase when
running with a security manager. (kkolinko)
* 50131: Avoid possible NPE in debug output in PersistentValve. Patch
provided by sebb. (kkolinko)
* 50138: Fix threading issues in
org.apache.catalina.security.SecurityUtil. (markt)
* Add a new filter, org.apache.catalina.filters.CsrfPreventionFilter,
to provide generic cross-site request forgery (CSRF) protection for
web applications. (markt)
* Make sure Contexts defined in server.xml pick up any configClass
setting from the parent Host. (markt)
* 50222: Modify memory leak prevention code so it pins the system
class loader in memory rather than than the common class loader,
which is better for embedded systems. (schultz)
* Make memory leak prevention code that clears ThreadLocal instances
more robust against objects with toString() methods that throw
exceptions. (markt)
* 50282: Load javax.security.auth.login.Configuration with
JreMemoryLeakPreventionListener to avoid memory leak when stopping a
webapp that would use JAAS. (slaurent)
* 50413: Ensure 304s are not returned when using static files as error
pages. (markt)
* 50453: Correctly handle multiple X-Forwarded-For headers in the
RemoteIpValve. Patch provided by Jim Riggs. (markt)
* 50459: Fix thread/classloader binding issues in
StandardContext. (slaurent)
* 50527: Improve an error message shown by HttpServlet. (markt)
* 50556: Improve JreMemoryLeakPreventionListener to prevent a
potential class loader leak caused by a thread spawned when the
class com.sun.jndi.ldap.LdapPoolManager is initialized and the
system property com.sun.jndi.ldap.connect.pool.timeout is set to a
value greater than 0. (slaurent)

Coyote
* 47913: Return the IP address rather than null for getRemoteHost()
with the APR connector if the IP address does not resolve. (markt)
* Avoid a NPE for APR connector unlockAccept with default
soTimeout. (mturk)
* 48545: Allow JSSE trust stores to be used without providing a
password. Based on a patch by smmwpf54. (kkolinko)
* 48738: Add support for flushing gzipped output. Based on a patch by
Jiong Wang. (markt)
* Avoid a NPE in the DeltaManager when a parallel request invalidates
the session before the current request has a chance to send the
replication message. (markt)
* 48925: request.getLocalAddr() returns null when using the default Jk
AJP/1.3 connector. (rjung)
* 49497: Stop accepting new requests (inc keep-alive) once the BIO
connector is paused and the current request has finished
processing. (markt)
* 49521: Disable scanning for a free port in Jk AJP/1.3 connector by
default. Do not change maxPort field value of ChannelSocket in its
setPort() and init() methods. Add support for maxPort attribute on a
Connector element as a synonym for channelSocket.maxPort. (kkolinko)
* 49625: Ensure Vary header is set if response may be compressed
rather than only setting it if it is compressed. (markt)
* 49730: Fix race condition in StandardThreadExecutor that can lead to
long delays in processing requests. Patch provided by Sylvain
Laurent. (markt)
* 49860: Add support for trailing headers in chunked HTTP
requests. The header length is limited to 8192 by default and the
limit can be changed via a system property. (markt/kkolinko)
* 49972: Fix potential thread safe issue when formatting dates for use
in HTTP headers. (markt)
* 50072: NIO connector can mis-read request line if not sent in a
single packet. (markt/kkolinko)
* Improve recycling of processors in Http11NioProtocol. (kkolinko)
* 50273: Provide a workaround for an HP-UX issue that can result in
large numbers of SEVERE log messages appearing in the logs as a
result of normal operation. (markt)
* Make SSL certificate encoding algorithm consistent between
connectors by using the JVM default for all connectors. This also
fixes an issue with the NIO connector on IBM JVMs. (markt)
* 50467: Protected against NPE triggered by a race condition that
causes the NIO poller to fail, preventing the processing of further
requests. (markt)

Jasper
* 49217: Ensure that identifiers used in EL meet the requirements of
the Java Language Specification. This check is off by default and
can be enabled by setting a system property. (markt)
* 49555: Correctly handled Tag Libraries where functions are defined
in static inner classes. (markt)
* 49665: Provide better information including JSP file name and
location when a missing file is detected during TLD handling. Patch
provided by Ted Leung. (markt)
* 49985: Fix thread safety issue in EL parser. (markt)
* 49986: Fix thread safety issue in JSP reloading. (timw))
* 49998: Make jsp:root detection work with single quoted attributes as
well. (timw)
* 50066: Compile a recursive tag file if it depends on a JAR. Patch
provided by Sylvain Laurent. (markt)
* 50078: Fix threading issues in EL caches and make cache sizes
configurable. Threading patch provided by Takayoshi Kimura. (markt)
* 50105: When processing composite EL expressions use Enum.name()
rather than Enum.toString() as required by the EL
specification. (markt)
* 50228: Improve recycling of BodyContentImpl. This avoids keeping a
cached reference to a webapp-provided Writer used in
JspFragment.invoke() calls. (kkolinko)
* 50460: Fix memory leak in JspDocumentParser triggered by first
access to a jspx page. (kkolinko)
* 50500: Use correct coercions (as per the EL spec) for arithmetic
operations involving string values containing '.', 'e' or 'E'. Based
on a patch by Brian Weisleder. (markt)

Cluster
* 49343: When ChannelException is thrown, remove listener from
channel. (kfujino)
* Add Null check when CHANGE_SESSION_ID message received. (kfujino)
* When a cluster node disappears when using the backup manager, handle
the failed ping message rather than propagating the exception (which
just logs the stack trace but doesn't do anything to deal with the
failure). (markt)
* 49905: Fix potential memory leak when using asynchronous session
replication. (markt)
* 49924: When non-primary node changes into a primary node, make sure
isPrimarySession is changed to true. (kfujino)
* Add support for maxActiveSessions attribute to BackupManager. (kfujino)
* Improve sending an access message in DeltaManager. Use
maxInactiveInterval not of the Manager, but of the session. If
maxInactiveInterval is negative, the access message is not being
sent. (kfujino)
* 50547: Add time stamp for CHANGE_SESSION_ID message and
SESSION_EXPIRED message. (kfujino)

Webapps
* 49585: Update JSVC documentation to reflect new packaging of Commons
Daemon. (markt)
* Configure the Manager web application to use the new CSRF
protection. To take advantage of this protection, the manager role
must be removed from all users and the new manager-gui and
manager-script roles used instead. (markt)
* Configure the Host Manager web application to use the new CSRF
protection. To take advantge of this protection, the admin role must
be removed from all users and the new admin-gui and admin-script
roles used instead. (markt)
* 50303: Update JNDI how-to to reflect new JavaMail and JAF download
locations and that JAF is now included in Java SE 6. (markt)
* CVE-2010-4172: Multiple XSS in Manager application. (markt/kkolinko)
* Improve Tomcat Logging documentation. (kkolinko)
* 50242: Provide a sample log4j configuration that more closely
matches the default JULI configuration. Patch provided by
Christopher Schultz. (kkolinko)
* 50294: Add more information to documentation regarding format of
configuration files. Patch provided by Luke Meyer. (markt)
* Configure the Manager and Host-Manager web applications to use
HttpOnly flag for their session cookies. (kkolinko)
* 50316: Fix display of negative values in the Manager web
application. (kkolinko)
* Improve documentation of database connection factory. (rjung)

Other
* 48716: Do not call reset if the default LogManager is in
use. (markt)
* Use native line endings for example Eclipse configuration files in
source distribution. (markt)
* 49428: Add a work-around for the known namespace issues for some
Microsoft WebDAV clients. Based on the patch provided by Panagiotis
Astithas. (kkolinko)
* 49861: Fix formatting of log messages in JXM remote listener. Do not
use commas when printing RMI port numbers. (markt)
* 50140: Don't ignore a user specified install directory on 64-bit
platforms when using the Windows installer. (markt)
* 50552: Avoid NPE that hides error message when using Ant
tasks. (schultz)
* Numerous improvements to the Windows installer: update
install/uninstall icons, create an installation log, allow 32-bit
JVMs to be selected when installing on a 64-bit platform, replace
the .ini files with the script equivalents, use the new manager and
host-manager roles, provide the ability to edit the roles for the
added user, add support for the /? command line switch, clean up
fully after installation, add DetailPrint statements for operations
that may take time and improve the descriptions of the
components. (kkolinko, mturk, markt)

☆ Apache Tomcat 7.0.6
http://tomcat.apache.org/
http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.6/src/apache-tomcat-7.0.6-src.tar.gz

Tomcat 7.0.6 (markt)
General
* Update to Commons Daemon 1.0.5. (mturk)

Catalina
* 8705: org.apache.catalina.SessionListener now extends
java.util.EventListener. (markt)
* 10526: Add an option to the Authenticators to force the creation of
a session on authentication which may offer some performance
benefits. (markt)
* 10972: Improve error message if the className attribute is missing
on an element in server.xml where it is required. (markt)
* 48692: Provide option to parse application/x-www-form-urlencoded PUT
requests. (schultz)
* 48822: Include context name in case of error while stopping or
starting a context during its reload. Patch provided by Marc
Guillemot. (slaurent)
* 48837: Extend thread local memory leak detection to include classes
loaded by subordinate class loaders to the web application's class
loader such as the Jasper class loader. Based on a patch by Sylvain
Laurent. (markt)
* 48973: Avoid creating a SESSIONS.ser file when stopping an
application if there's no session. Patch provided by Marc
Guillemot. (slaurent)
* 49000: No longer accept specification invalid name only cookies by
default. This behaviour can be restored using a system
property. (markt)
* 49159: Improve memory leak protection by renewing threads of the
pool when a web application is stopped. (slaurent)
* 49372: Re-fix after connector re-factoring. If connector
initialisation fails (e.g. if a port is alreasy in use) do not
trigger an LifecycleException for an invalid state transition. (markt)
* 49543 Allow Tomcat to use shared data sources with per application
credentials. (fhanik)
* 49650: Remove unnecessary entries package.access property defined in
catalina.properties. Patch provided by Owen Farrell. (markt)
* 50106: Correct several MBean descriptors. Patch provided by Eiji
Takahashi. (markt)
* Further performance improvements to session ID generation. Remove
legacy configuration options that are no longer required. Provide
additional options to control the SecureRandom instances used to
generate session IDs. (markt)
* 50201: Update the access log reference in StandardEngine when the
ROOT web application is redeployed, started, stopped or defaultHost
is changed. (markt/kkolinko)
* 50282: Load javax.security.auth.login.Configuration with
JreMemoryLeakPreventionListener to avoid memory leak when stopping a
web application that would use JAAS. (slaurent)
* 50351: Fix the regression that broke BeanFactory resources caused by
the previous fix for 50159. (markt)
* 50352: Ensure that AsyncListener.onComplete() is fired when
AsyncContext.complete() is called. (markt)
* 50358: Set the correct LifecycleState when stopping instances of the
deprecated Embedded class. (markt)
* Further Lifecycle refactoring for Connectors and associated
components. (markt)
* Correct handling of versioned web applications in deployer. (markt)
* Correct removal of LifeCycleListenters from Containers via JMX. (markt)
* Don't use nulls to construct log messages. (markt)
* Code clean-up. Replace use of inefficient constructors with more
efficient alternatives. (markt)
* 50411: Ensure sessions are removed from the Store associated with a
PersistentManager. (markt)
* 50413: Ensure 304 responses are not returned when using static files
as error pages. (markt/kkolinko)
* 50448: Fix possible IllegalStateException caused by recent session
management refactoring. (markt)
* Ensure aliases settings for a context are retained after a context
is reloaded. (markt)
* Log a warning if context.xml files define values for properties that
do not exist (e.g. if there is a typo in a property name). (markt)
* 50453: Correctly handle multiple X-Forwarded-For headers in the
RemoteIpFilter and RemoteIpValve. Patch provided by Jim Riggs. (markt)
* 50541: Add support for setting the size limit and time limit for
LDAP seaches when using the JNDI Realm with userSearch. (markt)
* All configuration options that use regular expression now require a
single regular expression (using java.util.regex) rather than a list
of comma-separated or semi-colon-separated expressions. (markt)
* 50496: Bytes sent in the access log are now counted after
compression, chunking etc rather than before. (markt)
* 50550: When a new directory is created (e.g. via WebDAV) ensure that
a subsequent request for that directory does not result in a 404
response. (markt)
* 50554: Code clean up. (markt)
* 50556: Improve JreMemoryLeakPreventionListener to prevent a
potential class loader leak caused by a thread spawned when the
class com.sun.jndi.ldap.LdapPoolManager is initialized and the
system property com.sun.jndi.ldap.connect.pool.timeout is set to a
value greater than 0. (slaurent)

Coyote
* 47319: Return the client's IP address rather than null for calls to
getRemoteHost() when the APR connector is used with
enableLookups="true" but the IP address is not resolveable. (markt)
* 50108: Add get/set methods for Connector property
minSpareThreads. Patch provided by Eiji Takahashi. (markt)
* 50360: Provide an option to control when the socket associated with
a connector is bound. By default, the socket is bound on
Connector.init() and released on Connector.destroy() as per the
current behaviour but this can be changed so that the socket is
bound on Connector.start() and released on Connector.stop(). This
fix also includes further Lifecycle refactoring for Connectors and
associated components. (markt)
* Remove a huge memory leak in the NIO connector introduced by the fix
for 49884. (markt)
* 50467: Protected against NPE triggered by a race condition that
causes the NIO poller to fail, preventing the processing of further
requests. (markt)

Jasper
* 13731: Make variables in _jspService() method final where possible. (markt)
* 50408: Fix NoSuchMethodException when using scoped variables with EL
method invocation. (markt)
* 50460: Avoid leak caused by using a cached exception instance in
JspDocumentParser and ProxyDirContext. (kkolinko)
* 50500: Use correct coercions (as per the EL spec) for arithmetic
operations involving string values containing '.', 'e' or 'E'. Based
on a patch by Brian Weisleder. (markt)

Cluster
* 50185: Add additional trace level logging to Tribes to assist with
fault diagnosis. Based on a patch by Ariel. (markt)
* Don't try and obtain session data from the cluster if the current
node is the only node in the cluster. Log requesting session data as
INFO rather than WARNING. (markt)
* 50503: When web application has a version, Engine level Clustering
works correctly. (kfujino)
* 50547: Add time stamp for CHANGE_SESSION_ID message and
SESSION_EXPIRED message. (kfujino)

Web applications
* 21157: Ensure cookies are written before the response is commited in
the Cookie example. Patch provided by Stefan Radzom. (markt)
* 50294: Add more information to documentation regarding format of
configuration files. Patch provided by Luke Meyer. (markt)
* Correctly validate provided context path so sessions for the ROOT
web application can be viewed through the HTML Manager. (markt)
* Improve documentation of database connection factory. (rjung)
* 50488: Update classpath required when using jsvc and add a note
regarding server VMs. (markt)
* Further filtering of Manager display output. (kkolinko)

Other
* Don't configure Windows installer to use PID file since it is not
removed when the service stops which prevents the service from
starting. (markt)
* 14416: Make TagLibraryInfo.getTag() more robust at handling nulls. (markt)
* 50552: Avoid NPE that hides error message when using Ant tasks. (schultz)
* Provide two alternative locations for the libraries downloaded from
the ASF web site at build time. Use the main distribution site as
default and the archive one as fallback. (kkolinko)


Tomcat 7.0.5 (markt) beta, 2010-12-01
General
* Update to Commons Daemon 1.0.4. (mturk)

Catalina
* 3839: Provide a mechanism to gracefully handle the case where users
book-mark the form login page or otherwise misuse the FORM
authentication process. Based on a suggestion by Mark Morris. (markt)
* 49180: Add option to disable log rotation in juli FileHandler. Patch
provided by Pid (pidster at apache). (funkman)
* 49991: Ensure servlet request listeners are fired for the login and
error pages during FORM authentication. (markt)
* 50107: When removing a Host via JMX, do not attempt to destroy the
host's pipeline twice. Patch provided by Eiji Takahashi. (markt)
* 50138: Fix threading issues in
org.apache.catalina.security.SecurityUtil. (markt)
* 50157: Ensure MapperListener is only added to a container object
once. (markt)
* 50159: Add a new attribute for <Resource> elements, singleton, that
controls whether or not a new object is created every time a JNDI
lookup is performed to obtain the resource. The default value is
true, which will return the same instance of the resource in every
JNDI lookup. (markt)
* 50168: Separate the Lifecycle.DESTROY_EVENT into
Lifecycle.BEFORE_DESTROY_EVENT and Lifecycle.AFTER_DESTROY_EVENT.
Use the additional state to ensure that Context objects are only
destroyed once. (markt)
* 50169: Ensure that when a Container is started that it doesn't try
and register with the mapper unless its parent has already
started. Patch provided by Eiji Takahashi. (markt)
* 50222: Modify memory leak prevention code so it pins the system
class loader in memory rather than than the common class loader,
which is better for embedded systems. Patch provided by Christopher
Schultz. (markt)
* Improve debug logging for MapperListener registration. (markt)
* Expose names of LifecycleListeners and ContainerListeners for
StandardContext via JMX. (markt)
* Add a new option, resourceOnlyServlets, to Context elements that
provides a mechanism for working around the issues caused by new
requirements for welcome file mapping introduced in Servlet 3.0. By
default, the existing Tomcat 6.0.x welcome file handling is
used. (markt)
* Make Tomcat more tolerant of null when generating JMX names for
Valves. (markt)
* Make AccessLogValve attribute enabled changeable via JMX. (pero)
* Correct infinite loop if ServletRequest.startAsync(ServletRequest,
ServletResponse) was called. (markt)
* 50232: Remove dependency between StoreBase and PersistentManager and
associated code clean-up. Patch provided by Tiago Batista. (markt)
* 50252: Prevent ClassCastException when using a <ResourceLink>. Patch
provided by Eiji Takahashi. (markt)
* Reduce synchronization in session managers to improve performance of
session creation. (markt)
* If starting children automatically when adding them to a container
(e.g. when adding a Context to a Host) don't lock the parent's set
of children whilst the new child is being started since this can
block other threads and cause issues such as lost cluster messages. (markt)
* Implement support for parallel deployment. This allows multiple
versions of the same web application to be deployed to the same
context path at the same time. Users without a current session will
be mapped to the latest version of the web application. Users with a
current session will continue to use the version of the web
application with which the session is associated until the session
expires. (markt)
* 50308: Allow asynchronous request processing to call
AsyncContext.dispatch() once the asynchronous request has timed
out. (markt)
* Make memory leak prevention code that clears ThreadLocal instances
more robust against objects with toString() methods that throw
exceptions. (markt)

Coyote
* 49860: Complete support for handling trailing headers in chunked
HTTP requests. (markt)
* Impose a limit on the length of the trailing headers. The limit is
configurable with a system property and is 8192 by default. (kkolinko)
* 50207: Ensure Comet timeout events are triggered. This bug was a
regression triggered by the fix for 49884. (markt)

Jasper
* 49297: Enforce the rules in the JSP specification for parsing the
attributes of custom and standard actions that require that the
attribute names are unique within an element and that there is
whitespace before the attribute name. The whitespace test can be
disabled by setting the system property
org.apache.jasper.compiler.Parser.STRICT_WHITESPACE to
false. Attributes of the page directive have slightly different
rules. The implementation of that part of the fix is based on a
patch by genspring. (markt)
* 50105: When processing composite EL expressions use Enum.name()
rather than Enum.toString() as required by the EL specification. (markt)
* Fix minor thread-safety and performance issues in the implementation
of maxLoadedJsps. (rjung)
* Add support for unloading JSPs that have not been requested for a
long time using the new parameter jspIdleTimeout. (rjung)
* Add logging and JMX support to JSP unloading. (rjung)
* 50192: Improve performance for EL when running under a security
manager. Based on a patch by Robert Goff. (markt)
* 50228: Improve recycling of BodyContentImpl. This avoids keeping a
cached reference to a webapp-provided Writer used in
JspFragment.invoke() calls. (kkolinko)
* 50273: Provide a workaround for an HP-UX issue that can result in
large numbers of SEVERE log messages appearing in the logs as a
result of normal operation. (markt)
* 50293: Increase the size of internal ELResolver array from 2 to 8
since in typical usage there are at least 5 resolvers. Based on a
patch by Robert Goff. (markt)

Cluster
* Add support for maxActiveSessions attribute to BackupManager. (kfujino)
* Improve sending an access message in DeltaManager.
maxInactiveInterval of not Manager but the session is used. If
maxInactiveInterval is negative, an access message is not sending. (kfujino)
* 50183: BIO sender was not scheduling tasks to the executor during
normal operation. Patch provided by Ariel. (markt)
* 50184: Add an option to the RpcChannel to enable the Channel send
options to be set for the reply message. Based on a patch by Ariel. (markt)
* Ensure that a new Context waiting for session data from other nodes
in the cluster does not block the processing of clustering messages
for other Contexts. (markt)

Web applications
* 49426: Localize messages in the Manager application based on the
Locale of the user rather than the default Locale of the server. (markt)
* Localize messages in the Host Manager application based on the
Locale of the user rather than the default Locale of the server. (markt)
* 50242: Provide a sample log4j configuration that more closely
matches the default JULI configuration. Patch provided by
Christopher Schultz. (markt)
* Restore the ability to edit the contents of /WEB-INF and /META-INF
via WebDAV via the provision of a new configuration option,
allowSpecialPaths. (markt)
* Correct broken links for on-line JavaDocs. (markt)
* 50230: Add new DistributedManager interface that is implemented by
the Backup Manager to remove circular dependency between
tomcat-catalina-ha and tomcat-catalina modules. Also allows
third-party distributed Manager implementations to report full
session information through the HTML Manager. (markt)
* Improve Tomcat Logging documentation. (kkolinko)
* 50303: Update JNDI how-to to reflect the new JavaMail download
location and that JAF is now included in Java SE 6. (markt)
* Fix ordering functionality on sessions page for the HTML Manager
application. (markt)
* Fix primary sessions not always being treated as such in the HTML
Manager application. (markt)
* Fix message not being displayed after session attribute removal in
the HTML Manager application. (markt)
* 50310: Fix display of Servlet information in the Manager application. (markt)
* CVE-2010-4172: Multiple XSS in the Manager application. (markt/kkolinko)
* 50316: Fix display of negative values in the Manager application. (kkolinko)
* 50318: Avoid NPE when trying to view session detail for an expired
session in the Manager application. (markt)

Other
* Correct a handful of Javadoc warnings. (markt)
* 22965: Fix some typos and formatting issues in the global web.xml
file. Based on a patch by Yann Cebron. (markt)
* Extend Checkstyle validation checks to check for unused imports. (markt)
* General code clean-up to reduce (not eliminate) the number of
warnings reported by IDEs. (markt)
* 50140: Don't ignore a user specified installation directory when
performing a silent install with the Windows installer on 64-bit
platforms. (markt)
* Reimplemented Windows installer dialogs, using modern libraries
(nsDialogs, MUI2). (kkolinko)
* When installing with the Windows installer on 64-bit platforms,
allow the user to select either a 32-bit JDK or a 64-bit JDK. If a
32-bit JDK is selected, the 32-bit service wrapper and the 32-bit
native DLL will be installed. If a 64-bit JDK is selected, the
64-bit service wrapper and the 64-bit native DLL will be
installed. (markt/kkolinko)
* Create Windows shortcuts for the Manager and Host Manager
webapps. (kkolinko)
* Support /? command line option in the Windows Installer. (kkolinko)
* Display and allow to change roles for the Tomcat admin user in the
Windows installer. (kkolinko)
* In the Windows installer: do not leave stale server.xml and
tomcat-users.xml fragments in the $TEMP folder. (kkolinko)
* 49819: Redesign of home page by Pid (pidster at apache). (timw)

----
こがよういちろう


投稿者 xml-rpc : 2011年1月17日 15:03
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/101371
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。