2011年2月 7日

[installer 2676] Apache Tomcat 7.0.8

Apache Tomcat 7.0.8 出ています。

セキュリティホールの修正が含まれています。
http://tomcat.apache.org/security-7.html
参照のこと。

☆ Apache Tomcat 7.0.8
http://tomcat.apache.org/

http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.8/src/apache-tomcat-7.0.8-src.tar.gz

Tomcat 7.0.8 (markt)
Catalina
* Fix NPE in CoyoteAdapter when postParseRequest() call fails. (kkolinko)
* 50709: Make ApplicationContextFacade non-final to enable extension. (markt)
* When running under a security manager, user requests may fail with a
security exception. (markt)

Coyote
* Reduce level of log message for invalid URL parameters from WARNING
to INFO. (markt)
* Fix hanging Servlet 3 asynchronous requests when using the APR based
AJP connector. (markt)

Other
* Align server.xml installed by the Windows installer with the one
bundled in zip/tar.gz files. The differences are LockOutRealm being
used and AccessLogValve being enabled by default. (kkolinko)

Tomcat 7.0.7 (markt) not released
Catalina
* 18462: Don't merge stdout and stderr internally so users retain the
option to treat them separately. (markt)
* 18797: Provide protection against null or zero length names being
provided for users, roles and groups in the MemoryRealm and
UserDatabaseRealm. (markt)
* Improve fix for 50205 to trigger an error earlier if invalid
configuration is used. (markt)
* Provide additional control over component class loaders, primarily
for use when embedding. (markt)
* Fix NPE in RemoteAddrFilter, RemoteHostFilter. (kkolinko)
* 49711: HttpServletRequest#getParts will work in a filter or servlet
without an @MultipartConfig annotation or MultipartConfigElement if
the new "allowCasualMultipartParsing" context attribute is set to
"true". (schultz)
* 49978: Correct another instance where deployment incorrectly failed
if a directory in the work area already existed. (markt)
* 50582: Refactor access logging so chunked encoding is not forced for
all requests if bytes sent is logged. (markt)
* 50597: Don't instantiate a new instance of a Filter if an instance
was provided via the ServletContext.addFilter(String, Filter)
method. Patch provided by Ismael Juma. (markt)
* 50598: Correct URL for Manager text interface. (markt)
* 50620: Stop exceptions that occur during Session.endAccess() from
preventing the normal completion of Request.recycle(). (markt)
* 50629: Make StandardContext.bindThread() and
StandardContext.unbindThread() protected to allow use by
sub-classes. (markt)
* Use getName() instead of logName() in error messages in
StandardContext. (kkolinko)
* 50642: Move the sun.net.www.http.HttpClient keep-alive thread memory
leak protection from the JreMemoryLeakPreventionListener to the
WebappClassLoader since the thread that triggers the memory leak is
created on demand. (markt)
* 50673: Improve Catalina shutdown when running as a service. Do not
call System.exit(). (kkolinko)
* 50683: Ensure annotations are scanned when unpackWARs is set to
false in the Host where a web application is deployed. (markt)
* Improve HTTP specification compliance in support of Accept-Language
header. (kkolinko)

Coyote
* Prevent possible thread exhaustion if a Comet timeout event takes a
while to complete. (markt)
* Prvent multiple Comet END events if the CometServlet calls
event.close() during an END event. (markt)
* 50325: When the JVM indicates support for RFC 5746, disable Tomcat's
allowUnsafeLegacyRenegotiation configuration attribute and use the
JVM configuration to control renegotiation. (markt)
* 50405: Fix occassional NPE when using NIO connector and Comet. (markt)
* Ensure correct recycling of NIO input filters when processing Comet
events. (markt)
* 50627: Correct interaction of NIO socket and Poller when processing
Comet events. (markt)
* Correct interaction of APR socket and Poller when processing Comet
events. (markt)
* 50631: InternalNioInputBuffer should honor maxHttpHeadSize. (kkolinko)

Jasper
* Improve special case handling of
javax.servlet.jsp.el.ScopedAttributeELResolver in
javax.el.CompositeELResolver to handle sub-classes. (markt)
* 15688: Use fully-qualified class names in generated jsp files to
avoid naming conflicts with user imports. (markt)
* 46819: Remove redundant object instantiations in
JspRuntimeLibrary. Patch provided by Anthony Whitford. (markt)
* Improve error message when EL identifiers are not valid Java
identifiers and use i18n for the error message. (markt)
* 50680: Prevent an NPE when using tag files from an exploded JAR
file, e.g. from within an IDE. Patch provided by Larry Isaacs. (markt)

Cluster
* 50591: Fix NPE in ReplicationValve. (kkolinko)
* Internationalise the log messages for the FarmWarDeployer. (markt)
* 50600: Prevent a ConcurrentModificationException when removing a WAR
file via the FarmWarDeployer. (markt)
* Be consistent with locks on sessionCreationTiming,
sessionExpirationTiming in DeltaManager.resetStatistics(). (kkolinko)
* 50648: Correctly set the interrupt status if a thread using
RpcChannel is interrupted waiting for a message reply. Based on a
patch by Olivier Costet. (markt)
* 50646: Ensure larger Tribes messages are fully read. Patch provided
by Olivier Costet. (markt)
* 50679: Update the FarmWarDeployer to support parallel deployment. (markt)

Web applications
* 22278: Add a commented out RemoteAddrValve that limits access to the
Manager and Host Manager applications to localhost. Based on a patch
by Yann Cebron. (markt)
* Correct a handful of Javadoc warnings. (markt)
* Provide additional detail about how web application version order is
determined when using parallel deployment. (markt)
* Correct the documentation for the recoveryCount count attribute of
the the default cluster membership. (markt)
* 50441: Clarify when it is valid to set the docBase attribute in a
Context element. (markt)
* 50526: Provide additional documetation on configuring JavaMail
resources. (markt)
* 50599: Use correct names of roles required to access the Manager
application. (markt)

Other
* Extend the Checkstyle tests to check for license headers. (markt)
* Modify the build script so a release build always rebuilds the
dependencies to ensure that the correct Tomcat version appears in
the manifest. (markt)
* Code clean-up to remove unused code and reduce IDE warnings. (markt)
* 50601: Code clean-up. Patch provided by sebb. (markt)
* 50606: Improve CGIServlet: Provide support for specifying empty
value for the executable init-param. Provide support for explicit
additional arguments for the executable. Those were broken when
implementing fix for bug 49657. (kkolinko)

----
こがよういちろう


投稿者 xml-rpc : 2011年2月 7日 09:06
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/101809
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。