Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-44326

Update Apache Tomcat 9.0.38



    • 21 Status:



      •  64582: Pre-load the CoyoteOutputStream class to prevent a potential exception when running under a security manager. Patch provided by Johnathan Gilday. (markt)
      •  64593: If a request is not matched to a Context, delay issuing the 404 response to give the rewrite valve, if configured, an opportunity to rewrite the request. (remm/markt)
      •  Change top package name for generated emebedded classes to avoid conflict with default host name on case insensitive filesystems. (remm)
      •  Add missing code generation for remaining digester rules. (remm)
      •  Add a dedicated loader for generated code to avoid dynamic class loading. (remm)
      •  Refactor the Default servlet to provide a single method that can be overridden (generateETag()) should a custom entity tag format be required. (markt)
      •  Improve the validation of entity tags provided with conditional requests. Requests with headers that contain invalid entity tags will be rejected with a 400 response code. Improve the matching algorithm used to compare entity tags in conditional requests with the entity tag for the requested resource. Based on a pull request by Sergey Ponomarev. (markt)
      •  Correct the description of the storage format for salted hashes in the Javadoc for MessageDigestCredentialHandler and refactor the associated code for clarity. Based on a patch provided by Milo van der Zee. (markt)
      •  Correct the path vaidation to allow the use of the file system root for the docBase attribute of a Context. Note that such a configuration should be used with caution. (markt)
      •  Added filtering expression for requests that are not supposed to use session in PersistentValve. (kfujino)
      •  Use the correct method to calculate session idle time in PersistentValve. (kfujino)
      •  Fix path used by the health check valve when it is not associated with a Context. (remm)
      •  64712: The JASPIC authenticator now checks the ServerAuthModule for jakarta.servlet.http.authType and, if present, uses the value provided. Based on a patch by Robert Rodewald. (markt)
      •  64713: The JASPIC authenticator now checks the value of jakarta.servlet.http.registerSession set by the ServerAuthModule when decideing whether or nor to register the session. Based on a patch by Robert Rodewald. (markt)


      •  57661: For requests containing the Expect: 100-continue header, add optional support to delay sending an intermediate 100 status response until the servlet reads the request body, allowing the servlet the opportunity to respond without asking for the request body. Based on a pull request by malaysf. (markt)
      •  Refactor the implementation of ServletInputStream.available() to provide a more accurate return value, particularly when end of stream has been reached. (markt)
      •  Refactor the stopping of the acceptor to ensure that the acceptor thread stops when a connector is started immediately after it is stopped. (markt)
      •  64614: Improve compatibility with FIPS keystores. When a FIPS keystore is configured and the keystore contains multiple keys, the alias attribute will be ignored and the key used will be implementation dependent. (jfclere)
      •  64621: Improve handling HTTP/2 stream reset frames received from clients. (markt)
      •  64660: Avoid a potential NPE in the AprEndpoint if a socket is closed in one thread at the same time as the poller is processing an event for that socket in another. (markt)
      •  64671: Avoid several potential NPEs introduced in the changes in the previous release to reduce the memory footprint of closed HTTP/2 streams. (markt)
      •  Refactor the HTTP/2 implementation to more consistently return a stream closed error if errors occur after a stream has been reset by the client. (markt)
      •  Improve handling of HTTP/2 stream level flow control errors and notify the stream immediately if it is waiting for an allocation when the flow control error occurs. (markt)
      •  Ensure that window update frames are sent for HTTP/2 connections to account for DATA frames containing padding including when the associated stream has been closed. (markt)
      •  Ensure that window update frames are sent for HTTP/2 connections and streams to account for DATA frames containing zero-length padding. (markt)
      •  64710: Revert the changes to reduce the memory footprint of closed HTTP/2 streams as they triggered multiple regressions in the form of {{NullPointerException}}s. (markt)
      •  Ensure that the HTTP/2 overhead protection check is performed after each HTTP/2 frame is processed. (markt)


      •  Requests received via proxies may be marked as using the ws or wss protocol rather than http or https. Ensure that such requests are not rejected. PR provided by Ronny Perinke. (markt)
      •  Fix a potential issue where the write lock for a WebSocket connection may not be released if an exception occurs during the write. (markt)
      •  64644: Add support for a read idle timeout and a write idle timeout to the WebSocket session via custom properties in the user properties instance associated with the session. Based on a pull request by sakshamverma. (markt)

        Web applications

      •  Remove the localization of the text output of the Manager application list of contexts and the Host Manager application list of hosts so that the output is more consistent. PR provided by Holomark. (markt)
      •  Clean-up / standardize the XSL files used to generate the documentation. PR provided by John Bampton. (markt)
      •  62723: Clarify the effects of some options for cluster channelSendOptions. Patch provided by Mitch Claborn. (schultz)
      •  Remove the out of date functional specification secton from the documentation web application. (markt)
      •  Extracted CSS styles from the Manager we application for better code maintenance and replaced the GIF logo with SVG. (isapir)
      •  Add document for PersistentValve. (kfujino)


      •  Correct a regression in the fix for 64540 and include org.apache.tomcat.util.modeler.modules and org.apache.tomcat.util.net.jsse in the list of exported packages. (markt)
      •  Remove the local copy of javax.transaction.xa package which is only used during compilation. The package is provided by the JRE from Java 1.4 onwards so the local copy should be unnecessary. (markt)
      •  Improve the quality of the Japanese translations provided with Apache Tomcat. Includes contributions from Yuki Shira. (markt)
      •  64645: Use a non-zero exit code if the service.bat does not complete normally. (markt)
      •  Update the internal fork of Apache Commons BCEL to 6.5.0. Code clean-up only. (markt)
      •  Update the internal fork of Apache Commons Codec to 53c93d0 (2020-08-18, 1.15-SNAPSHOT). Code clean-up. (markt)
      •  Update the internal fork of Apache Commons FileUpload to c25a4e3 (2020-08-26, 2.0-SNAPSHOT). Code clean-up and RFC 2231 support. (markt)
      •  Update the internal fork of Apache Commons Pool to 2.8.1. Code clean-up and improved abandoned pool handling. (markt)
      •  Update the internal fork of Apache Commons DBCP to 6d232e5 (2020-08-11, 2.8.0-SNAPSHOT). Code clean-up various bug fixes. (markt)
      •  Update the packaged version of the Tomcat Native Library to 1.2.25. (markt)

        Gliffy Diagrams





                dhorwitz David Horwitz
                dhorwitz David Horwitz
                0 Vote for this issue
                1 Start watching this issue



                    Git Integration