2011年12月 5日

[installer 3035] Apache Tomcat 6.0.35

Apache Tomcat 6.0.35 出ています。

セキュリティホールの修正が含まれています。
http://tomcat.apache.org/security-6.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3190
参照のこと。

☆ Apache Tomcat 6.0.35

http://tomcat.apache.org/
http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.35/src/apache-tomcat-6.0.35-src.tar.gz

Tomcat 6.0.35 (jfclere)
Catalina
* Fix regression in decoding of parameters that contain spaces. Patch
by Willem Fibbe. (kkolinko)


Tomcat 6.0.34 (jfclere)
Catalina
* 51550: Display an error page rather than an empty response for an
IllegalStateException caused by too many active sessions. (markt)
* 51640: Improve the memory leak prevention for leaks triggered by
java.sql.DriverManager. (markt/kkolinko)
* 51688: JreMemoryLeakPreventionListener now protects against AWT
thread creation. (schultz)
* 51758: The digester (used for processing XML files) used the logger
name org.apache.commons.digester.Digester rather than the expected
org.apache.tomcat.util.digester.Digester. The digester has been
changed to use the expected logger name. (kkolinko)
* 51862: Added a classesToInitialize attribute to
JreMemoryLeakPreventionListener to allow pre-loading of configurable
classes to avoid some classloader leaks. (slaurent)
* 51872: Ensure that the access log always uses the correct value for
the remote IP address associated with the request and that requests
with multiple errors do not result in multiple entries in the access
log. (markt)
* Allow to overwrite the check for distributability of session
attributes by session implementations. (rjung)
* Provide the log format "OneLineFormatter" for JULI that provides the
same information as the default plus thread name but on a single
line. (markt/rjung)
* Ensure the the memory leak protection for the HttpClient keep-alive
always operates even if the thread has already stopped. (markt)
* 51940: Do not limit saving of request bodies during FORM
authentication to POST requests since any HTTP method may include a
request body. Based on a patch by Nicholas Sushkin. (kkolinko)
* 52091: Address performance issues related to lock contention in
StandardWrapper. Based on patch provided by Taiki Sugawara. (kkolinko)
* In GenericPrincipal, SerializablePrincipal: Do not sort lists of
roles that have only one element. (kkolinko)
* Make configuration issue for CsrfPreventionFilter result in the
failure of the filter rather than just a warning message. (kkolinko)
* Ensure changes to the configuration of RemoteAddrValve and
RemoteHostValve via JMX are thread-safe. (kkolinko)
* Make configuration issue for RemoteAddrValve and RemoteHostValve
result in the failure of the valve rather than just a warning
message. (kkolinko)
* In RequestFilterValve (RemoteAddrValve, RemoteHostValve): refactor
value matching logic into separate method and expose this new method
isAllowed through JMX. (kkolinko)
* Improve performance of parameter processing for GET and POST
requests. Also add an option to limit the maximum number of
parameters processed per request. This defaults to 10000. Excessive
parameters are ignored. Note that FailedRequestFilter can be used to
reject the request if some parameters were ignored. (markt/kkolinko)
* New filter FailedRequestFilter that will reject a request if there
were errors during HTTP parameter parsing. (kkolinko)

Coyote
* 50394: Return -1 from read operation instead of throwing an
exception when encountering an EOF with the HTTP APR connector.
(kkolinko)
* 51698: Fix CVE-2011-3190. Prevent AJP message injection. (markt)
* Detect incomplete AJP messages and reject the associated request if
one is found. (markt)
* 51794: Fix race condition in NioEndpoint selector. Patch provided by
dlord. (fhanik)
* 51905: Fix infinite loop in AprEndpoint shutdown if acceptor unlock
fails. Reduce timeout before forcefully closing the socket from 30s
to 10s. (kkolinko)
* 52121: Fix possible output corruption when compression is enabled
for a connector and the response is flushed. Test case provided by
David Marcks. (kkolinko)
* Replace unneeded call that iterated events queue in NioEndpoint.Poller.
(kkolinko)
* Improve MimeHeaders.toString(). (kkolinko)
* Allow the BIO HTTP connector to be used with SSL when running under
Java 7. (markt)
* Improve multi-byte character handling in all connectors. (rjung)

Jasper
* 51220: Correct copy/paste error in original commit for this issue. (markt)
* 52091: Address performance issues related to log creation in
TagHandlerPool. Patch provided by Taiki Sugawara. (markt)

Cluster
* 51736: Make rpcTimeout configurable in BackupManager. (kfujino)
* New cluster manager attribute sessionAttributeFilter allows to
filter which session attributes are replicated using a regular
expression applied to the attribute name. (rjung)
* Avoid an unnecessary session ID change notice. Notice of changed
session ID by JvmRouteBinderValve is unnecessary to BackupManager.
In BackupManager, change of session ID is replicated by the call of
a setId() method. (kfujino)
* Fix unneeded duplicate resetDeltaRequest() call in
DeltaSession.setId(String). (kkolinko)
* When Context manager does not exist, no context manager message is
replied in order to avoid timeout (default 60 sec) of
GET_ALL_SESSIONS sync phase. (kfujino)


Webapps
* Correct the documentation for the connectionLinger attribute of the
HTTP connector. (markt)
* Show build date and version in the header on every documentation
page. (kkolinko)
* 52049: Improve setup instructions for running as a Windows service:
correct information on how a JRE is identified and selected. (markt)
* 52172: Clarify Tomcat build instructions. Patch provided by
bmargulies. (kkolinko)

Other
* Update the native component of the APR/native connectors to 1.1.22.
(markt)
* Update the recommended version of the native component of the
APR/native connectors to 1.1.22. (kkolinko)
* Update the Eclipse compiler (used for JSPs) to 3.7. (markt)
* Correct two typos in the Windows installer. (kkolinko)
* 52059: In Windows uninstaller: Do not forget to remove Tomcat keys
from 32-bit registry on deinstallation. (kkolinko)

----
こがよういちろう


投稿者 xml-rpc : 2011年12月 5日 15:46
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/107513
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。