The Apache Jakarta Tomcat 5 Servlet/JSP Container

Changelog

General

30239: Updated IIS how-to to link to Wiki page with instrutions for IIS 5 and IIS 6 configurations. (yoavs) 30238: Replaced isapi_redirector.dll isapi_redirect.dll in installation script for consistency. (yoavs) 29584: Enhanced and clarified JNDI documentation. (yoavs) 30245: Corrected Connector documentation to list "address" as a common attribute. (yoavs) 29826: Modified setclasspath.bat exit code to 1. (yoavs) Updated status page, mostly rewritten. (yoavs) Updated Jakarta-Commons dependencies: BeanUtils to 1.7.0, Collections to 3.1. (yoavs) Removed classic compiler directives from Ant build, as we use modern anyways. (yoavs) Modified RELEASE-PLAN-5.0.html to indicate status given start of work on Tomcat 5.next. (yoavs) Added command lines utilities version.sh, version.bat to let you know what version is installed. (funkman)

Catalina

30602: Subject is not available during the first call to the servlet which use the basic authentication (jfarcand) 29831: Added support for Boolean property to BeanFactory. (yoavs) 28875: Made ErrorReportValve use UTF-8 encoding by default. (yoavs) 30325: Only set CATALINA_HOME if not already set (in bin/catalina.sh). (yoavs) 30144: Made SSIServlet check resource MimeType before using text/html and UTF-8 default. (yoavs) 29406: Made JAASRealm configurable as to whether it should use the context ClassLoader or the default ClassLoader by adding a useContextClassLoader boolean attribute. (yoavs) If ServletResponse.getWriter() is called and no char encoding has been specified, set response char encoding to default (ISO-8859-1) so that it is reflected in getContentType() and Content-Type header, as required by the Servlet Spec (Bugtraq 6152759) (luehe) 29869: Better JMX/JSR77 support in StandardContext and StandardWrapper. (remm) Fixed broken link to JK documenration from AJP Connector reference page. (yoavs) 30587: Typo in ExtendedAccessLogValve. (yoavs) 30561: Broken restart of NamingService. (yoavs) 29668: NPE in HostConfig, directory created for deployed WAR instead of xml file. (yoavs) 30179: Improved Bootstrap catalina.properties handling. (yoavs) 30762: Servlet#destroy was called before contextDestroyed. (yoavs) 30650: Added explicit comments on session equals() implementation. (yoavs)

Coyote

30770: Check that the browser actually sent a user-agent header before using it. (billbarker) Default charset not included in Content-Type response header if no char encoding was specified (see Bugtraq 6152759). (luehe)

Jasper

29971: Commented out page directive is parsed. (luehe) 30067: 'Scripting elements are disallowed here' exception behind scriptless tag. (luehe) 30073: NPE when compiling .jspx with broken xml format in jspcmode. (luehe) 30291: Smap for a tag should not include its body. (kinman) 30289: Incorrect Smap for multiple line java expression. (kinman)

Cluster

Webapps

29779: Admin/Examples SetCharacterEncodingFilter wrong package. (yoavs) 30354: manager-howto.xml used wrong Ant task. (yoavs)

General

Updated dependencies on commons-dbcp (to 1.2.1), commons-pool (to 1.2), and commons-logging (to 1.0.4). (yoavs) 29368: Replaced references to xmlParserAPIs.jar with xml-apis.jar, as the former is now deprecated in Xerces. Users wishing to use old versions of Xerces that don't have xml-apis.jar can still do so without a problem. Users wishing to build tomcat using xmlParserAPIs.jar instead of xml-apis.jar can also do so with a trivial edit in the build.xml file. (yoavs)

Catalina

29048: Made DataSourceRealm easier to extend. (yoavs) 29472: Embedded overrides add/remove Connector, but not findConnectors (luehe) 29561: NullPointerException in Compiler.java:547 (luehe) ServletResponse.setContentType sets response encoding after getWriter was called (Bugtraq 5062838) (luehe)

Coyote

Jasper

29597: Added -javaEncoding attribute support to JspC command-line. (yoavs) 29418: Same thing, -javaEncoding added to help with this umlauts bug. (yoavs)

Cluster

Webapps

Fix CGI servlet so it correctly handles binary responses (eg images) - Ported from TC4. (markt)

General

28335: Fixed JavaDocs. (yoavs) Changed build dependency on JUnit from 3.7 to 3.8.1. (yoavs) Added ant-launcher.jar (Ant 1.6 and later) to common/lib, as it's required by the Launcher scripts. (yoavs) 28989: Added ant-launcher.jar to launcher classpath. (yoavs) 24723: Corrected JNDI DataSources documentation and added explicit notes about a couple of common problems. (yoavs) 29258: Added explanation about jmx.jar bootstrap classpath setup to release notes. (yoavs)

Catalina

29133: Fixed stop -force option processing in bin/catalina.sh. (yoavs) 28943: Fixed CURRENT_DIR missing % signs in bin/startup.bat. (yoavs) 29255: common/lib/naming-factory.jar missing MailSession and SendMail factories. (yoavs) 29038: Create directories above context xml file as needed. (yoavs) 28533: Fixed without-jni check in jk_java.m4. (yoavs) 28940: Added UTF-8 encoding directive to Deployer build. (yoavs)

Coyote

29162: Added quote escape for mod_jk module location. (yoavs) 28837: Added Solaris includes to JK native build script. (yoavs) 28914: Added threadPriority attribute and related code. (yoavs) 29108: Fix chunked encoding on EBCDIC machines (remm) 29166: Tweak expectations to work with pipelining (assuming the client will correctly not send the request entity body unless it gets a 100) (remm)

Jasper

Added support for JSP compilations in a clustered environment: Make sure each server always uses the most recent version of a servlet class file, even if it was generated by another server instance. (luehe) Include javac errors whose line numbers cannot be mapped to JSP page in error message that is returned to client. (luehe) Added setJspFiles() method, to allow comma-separated list of JSPs to be specified from ant. (luehe)

Cluster

Webapps

28914: Added management code for threadPriority. (yoavs)

General

Fix some manifests (remm)

Catalina

javadocs correction: getMaxActive() actually returns max number of sessions that have been active at the same time, as opposed to (StandardManager.)getMaxActiveSessions(), which returns the limit (or -1) (luehe) Make those classes in deploy non final so it is possible to customized them (jfarcand) 28971: Regression: the server cookies should be parsed after the context is mapped, otherwise, the session cookie is never considered valid, and it will use the last one (remm). 28959: Fix again mark/reset functionality, and minimize the size of the allocated buffer (remm) Make SingleSignOnEntry constructor public from package protected, submitted by Brian Stansberry (remm) 22176: Allow username and/or password to start and/or end in a space when using BASIC authentication (markt) 22413: response.encodeURL(response.encodeURL("xxx.jsp") now works correctly in root context (markt) Fix subject lost problem with JAAS realm, submitted by Janne Vaananen (jfarcand) Fixed parsing of some multi range requests, and generate MIME boundaries starting with a CRLF (remm)

Coyote

28850: Enable parsing error messages in the given Locale by using MessageFormat.setLocale (billbarker, luehe)

Jasper

Fix a bug where the out-dated version of TagInfo instance of a tag file is used when compiling the tag file (kinman) Small-icon and large-icon values are not retrieved (luehe) When fragment element is used, type and rtexprvalue are not set correctly (luehe) 28603: JspC Ant task does not detect errors on a second compile (luehe) 28840: NPE when using an Iterator for items in a JSTL forEach tag, and add support for java.util.Map and java.util.Enumeration (luehe) Refactoring of Mark (luehe) 28696: xsi:schemaLocation should be a valid attribute for jsp:root (kinman) 28604: If compiling from JspC, the absolute (instead of context-relative) path of the JSP that caused the error is now printed (when compiling from JspServlet, we continue to print only the context-relative path of the JSP) (luehe) Fixed error messages for jsp.error.variable.both/alias (luehe) Added setter for xpoweredBy in JSPc (luehe)

Cluster

Refactored the session message to be an interface, so that all base classes are interfaces implemented by the different modules (fhanik) Supporting TTL and so time out settings for multicast sockets (fhanik)

Webapps

21502: Obtain number of active sessions directly, submitted by Angus Mezick (markt) 21790: Modify noshade references to align with XHTML reference guide, submitted by Henning Schmiedehausen (markt)

General

Bad CVS tagging (remm)

Webapps

Change to list any additionally JNDI data-sources that are present in the web.xml file, but not defined either globally or at the context level, on the context level maintenance page to make it possible to click on the data-source and edit it (amyroh)

General

New procrun binaries (mturk) Fix the problems with paths having spaces in service.bat (mturk) 28333: Add a message about cvs login in the case where checkout fails in the Ant netbuild (remm)

Catalina

When the webapp specific JspServlet inherits the mappings from the global JspServlet, we need to wipe out the wrapper corresponding to the global JspServlet from the mapper (luehe) If there's a non fatal exception (with validation), no exception will be rethrown by the digester. This will make the webapp startup fail if the XML is invalid and XML validation is enabled, even if the error isn't fatal (= the webapp would run without errors if validation was disabled) (remm) 28262: Fix redeployment after removal of a war, submitted by Peter Rossbach (remm) 28107: Simplify Ant tasks declarations, submitted by Matt Raible (remm) Remove the hadcoding of the extension validator (remm) 13924: The spec states if an error page declaration doesn't match the original exception and the exception is an instance of ServletException then the exception should be unwrapped and a second pass made of the error page declarations (markt, luehe) 28272: Deploy manager command should use context.xml from war file (luehe) Added support for exception chaining if JDK 1.4 is present (luehe) Optimization: delay parsing of the cookies (remm) 19521: Add warning to RequestDumperValve docs to make users aware of possible side effects (markt) java.lang.NoClassDefFoundError: org/apache/tomcat/util/compat/JdkCompat during startup on some systems (luehe) Avoid NPE if there are no extensions, and validating extensions is attempted (remm) 19545: CGI issues with CONTENT_LENGTH (markt) Expose more of the session management methods at the top-level Manager interface (luehe) 18141: Support parameters with multiple values in CGI servlet (markt) 9851: Digest authentication failed with Mozilla and other issues re RFC2617 (markt) Always introspect for protocol hadlers, so that the attributes are meaningful (remm) Remove static reference in the memory protocol handler, since the JMX registration is functional (remm) Stop the manager earlier, so that listeners are still present (remm) Allow extending SSO functionality, submitted by Brian Stansberry (remm)

Coyote

Set the RMI port to the one provided in parameter in JK (hgomez) Small memory usage optimization in the adapter (remm) Treat the IS, OS, reader and writer as facades, which will be cleared after each request if the security manager is enabled (remm) 19254: Provide a basic implementation for the clean-native target, submitted by marcs (markt) Test and related updates for the in memory protocol handler, allowing to specify the URI as a String, or (better) a char array (remm) 28674: Make duplicate more friendly to a subsequent reallocation (remm) Fix URI normalization where the URI is "/." (remm)

Jasper

28244: XML Comment between jsp:attribute causes attributes after the comment to be ignored (kinman) 19049: Clarify error message when nesting exceptions, submitted by Joseph Shraibman (markt) 28361: foreach no longer works in tag file (luehe) Added support for exception chaining if JDK 1.4 is present (luehe) Moved check for JSP resource existence into synchronized block (if JspServletWrapper==null), to avoid having multiple threads check for it simultaneously (luehe) Added number of JSPs that have been *re*loaded to set of monitorable attributes (luehe) Fix a bug where a custom tag with tagdependent body type is not handled correctly in XML syntax (kinman) 28380: Javac error with ':' and '.' in attribute names (kinman) When in deployment (ie., !development) mode, save any compilation exceptions and rethrow them (instead of recompiling and getting the same exception over and over again) until the next scheduled recompilation (luehe) Close URLConnection's InputStream after getting lastModified date, submitted by martin (luehe) 28147: Remove canonicalization, which is not very useful here, and can cause trouble with symlinks, submitted by Rick Wong (remm) 28603: JspC Ant task does not detect errors on a second compile (luehe) 28604: JspC should not display the whole stack trace of errors (luehe) Fixed another incidence where URLConnection was not closed when checking for lastModified date of included resources (luehe)

Cluster

28161: The "smart" queue will now use the session message getUniqueId instead of sessionId, this makes sure that no messages are overridden when the queue fills up (fhanik) The async replication thread will now properly exit when members join or leave the cluster (fhanik) Make sure to close the channel upon server stop (fhanik) Membership alive time gets updated with each new broad cast, this will keep the membership updated with the exact lifetime of each node, the cluster sorts its members by desc alive time, and change the started flag to be set earlier in the DeltaManager (fhanik) Added all the interestOps to the synchronized blocks to guarantee non blocking behaviour at all times, submitted by Rainer Jung (fhanik) Added in the ability to run the DeltaManager/DeltaSession without a container, so that a different clustering plug in can be used to backup sessions in a primary/secondary store (fhanik) Setting the interface on the multicast service if there is a bind address (fhanik)

Webapps

Add missing keys - connector.useBodyEncodingForURI allowTrace (amyroh) Add DataSourceRealm support in admin webapp (amyroh) 20786: Manger webapp session output not formatted correctly for session inactive for less than 10 minutes (markt) 28524: Exception throw when creating new JNDI data source (amyroh) Display GlobalNamingResource config if web.xml has resource-ref definition without Context Resource config (amyroh) Change to list any additionally JNDI data-sources that are present in the web.xml file, but not defined either globally or at the context level, on the context level maintenance page to make it possible to click on the data-source and edit it (amyroh)

General

New procrun 2 Windows wrapper (mturk) Xerces 2.6.2 (remm)

Catalina

Fix getContext("/") so current context is returned if called whilst in the root context (markt) Refactor the Extension validator without using a singleton pattern to fix a possible NPE (remm) Allow webapp to override JspServlet (settings) inherited from global web.xml (luehe)

Coyote

Add detection for JDK 1.5 (billbarker) 16157: Set AuthType on HttpServletRequest, submitted by Kan Ogawa (markt) Add public method consistently (jfarcand)

Jasper

Moved initialization of 'varName' to where it is needed (luehe) Allow disable tag pooling for ant task (and command line option) in jspc (funkman) 28236: when reallocating, make the buffer grow faster (512 bytes at a time was not sufficient) (remm)

Modules

28131: Fix expiration of delta sessions (fhanik) access() on a session should not set isNew false (fhanik) 28259: fixed the blocking interestOps(), although selector.select() still doesn't wakeup when a new request comes in (fhanik)

Webapps

Remove resource bundle which was causing problems in the admin webapp (remm)

General

Updated procrun binaries (mturk)

Catalina

Add support for xml validation/namespaceAware at the context level (jfarcand) 18479: Non-serializable sessions attributes should be removed (so valueUnbound is called) (markt) javax.naming.NamingException after a Stop/Start cycle of a web app (jfarcand) 18626: Make clear which file digester failed to parse (markt) When principal caching is disabled, the saved request wasn't used by the FORM authenticator (remm)

Coyote

27917: Make certain that the endpoint is closed, even if Apache has already dropped the connection (billbarker) Change to the absolute path using %CD% for setting CATALINA_HOME (mturk) gzip compression can also be used in HTTP 1.0 (hgomez)

Jasper

27830: undefined EL variable in unterpreted text (XML syntax) causes "null" (instead of) "" to be generated (kinman) Return 500 error code if JSP error page mechanism is invoked (the current impl used to return 200) (luehe) 16830: bodyContent content not reset when a tag is reused (kinman) 27948: NPE with null fragment (luehe) 27665: Nested tags with scripting variables generates invalid code (kinman) 28058: JspRuntimeLibrary.getContextRelativePath() can throw StringIndexOutOfBoundsException (kinman)

General

Update to Apache License 2.0 (billbarker, hgomez, jfarcand, luehe)

Catalina

The defaultHostName may be alias, so we need to also try to find if the registered hosts' aliases contains the defaultHostName (jfarcand) 27108: Use catalina.home in the docBase for all core webapps (remm) 27077: Port fix for NPE is data source realm (remm) Fix some setters and operations in MBeans (remm) 27127: Shutdown doesn't work with custom server port and non-default config file (remm) Fix logging of errors when pausing and resuming connector (remm) 27293: Fix if-unmodified-since check, using the old-and-simple trick of adding 1000 (remm) Provide an implementation for getName() and getPassword() in UserDatabaseRealm, to add support for client cert (markt) 27309: NPE fix if there's no local session when doing cross context (remm) 27276: Fix NPE when a null password is set, submitted by Rohan Lenard (remm) Reuse already existing util code in deployer (remm) Clone arrays returned by getParameterValues() and getCookies() when a security manager is in place (luehe) Register all classloaders with JMX, so that Tomcat is actually manageable through JMX remote, and move jmx.jar to bin (remm) 19852: Don't remove application parameters on stop (makt) Avoid serializing Subject/Principal when persisting the session (jfarcand) Make stats counters volatile (remm) 27447; Pos should be reset in case of a long line (of course), and reset/skip is useless (it is allowed to just put another mark) (remm) Fix mark/reset functionality (remm) 27478: Fix crossContext flag when dispatching back to the original context (remm) Much less verbose logging when there's a bad cookie (remm) Add two MIME types, submitted by Scott Pontillo (remm) Add error message about the absence of JMX when running standalone (remm) Initialize accessCount to 0, and call access when creating a session and in crossContext creations as well (remm, luehe) 17690: Display more helpful error message if docBase is invalid for a WAR (mart) 17859: Provide cygwin friendly JAVA_ENDORSED_DIRS property (markt) Include session cookies in HttpServletRequest.getCookies() (luehe) 18369: Prevent npe in StoreBase if a sql exception occurs (markt) 27752: Due to the use of the '#' special char to replace '/', the URL must be handled in a special way (remm)

Coyote

27050: keystoreFile parameter, when specified as relative, is not treated relative to $CATALINA_BASE or catalina.base property (luehe) Fix JMX Request registration in JK (billbarker) 27033: Encode the address in the protocol name (remm) Set minSpareThreads / maxSpareThreads in JK (hgomez) 27299: Make sure HexUtils is accessed before some output is made (remm) 20184, 24763: getLen returns the length excluding the header (truk) In makeSpace, we should compare the desiredSpace to the limit, so that we actually allow enough (remm) 27513: Fix off by one when terminating threads, submitted by Sergei Zhirikov (remm) Add flag to disable optimized output (which causes problem when using the buffers for input) (remm) Fix problems with finding the Adapter in TC 5 (billbarker) 27629: Call close to release native memory, submitted by Christian Nester (remm) 27704: Result of request.getServletPath() wrong in case JSP inside jsp-property-group (luehe) If using clientAuth="want", then don't change it to "need" when requesting the cert for CLIENT-CERT auth (billbarker) Fix exception when attempting to pause the channel w/o specifying an address, and fix problem where requests weren't being unregistered because of a misformatted Msg (billbarker) Fix thread unregistration in JK (billbarker)

Jasper

When security is on, propagate potential ClassNotFoundException instead of swallowing it and just dumping its stack trace (luehe) Add some intellignece to the compiler for generating code for useBean action. Generate direct instantiation (use new) when possible, use bean.instantiate when bean name is specified, and for the case of invalid bean class, either issue a translation time error (instead of javac error), or generate codes to throw InstantiationException at runtime, depending on a new compiler switch, errorOnUseBeanInvalidClassAttribute(defaulted to true) (kinman) According to the spec, it is a fatal error for the taglib directive to appear after actions using the prefix introduced by it (remm) Close input stream to web.xml (luehe) 27300: Wrong Smap when jsp comments are present (remm) 27330: pageContext not defined in the body of nest tags (kinman) 27338: Wrong Smap line for CDATA in scriptlets in .jspx pages (kinman) 27368: Annotate several node types with missing Java line information (kinman) hen a.jsp jsp:includes b.jsp that jsp:includes c.jsp, the context relative path for c.jsp is computed incorrectly (kinman) Added JSP monitoring facility (luehe) 27517: The pageEncoding attribute is not used, when charset value is set (luehe) Fix SMAP mapping for inner classes (kinman) 27520: Avoid NPE when folder is not readable (remm) 16113: Removing then replacing a jsp page continues to give a 404, submitted by Torsten Fohrer (kinman) 14359: Remove last traces of largefile option (markt) 27642: trimSpaces property not settable via command-line options (luehe) 18005: Provide a better error message if session expires during login process (markt) 27664: Welcome files not found in combination with jsp-property-group (luehe) 14228: Fix access to environment entries during webapp early startup (remm) 13499: If page output is unbuffered, illegal state exception is no longer thrown on forward if and only if nothing has been written to the page (markt)

Webapps

27307: Improvements to DataSource HOWTO, submitted by Felipe Leme (remm) Escape '?' in generated XML of status servlet, submitted by Peter Lin (remm) 25160: Improve I18N for admin, submitted by Takashi Okamoto (amyroh) 20770: Admin Tool removes "workDir" attribute from "context" (amyroh) 16507: Update valve docs to provide pointer to the Jakarta Regexp docs (markt) Add JSP status info to the status servlet (luehe, remm) 24085: Display group and role list when validation fails (amyroh)

Modules

26988: Remove unnecessary line feeds from stdin stream of the CGI servlet, submitted by Kevin Schantz (markt) Fix some docs bugs, including 27183 (remm, markt) 27090: Make parameter encoding configurable (markt) 27100: Remove lock obsfucation functionality as it breaks a number of webdav clients and does not appear to be covered by the webdav spec (markt) Some minor clustering updates (fhanik) Reenabled the doRun flag in the multicast service (fhanik) 27190: Ensure webdav servlet returns correct status in response to MOVE request (markt) The new and valid flags have to be set before the creation listeners are invoked (fhanik) Added in the server ip and port for debug purposes when logging a ACK timeout (fhanik)

General

Updates and additions to Spanish translations, submitted by Jesus Marin (larryi) Remove nearly all compiler warnings: remaining bad imports, deprecated digester and modeler usage (remm) Add new build targets for Gumpy (billbarker) Update to NSIS 2.0 (remm) Update to latest commons-daemon (mturk) Add support for silent installations in the NSIS script (remm)

Catalina

12363: valueBound() must be called before the object is made available via getAttribute(), submitted by Pablo Morales (makt) 26237: fixed a typo in MemoryUserDatabase which would cause problems if the pathname is aboslute, submitted by Xavier Poinsard (remm) 26261: don't call expire after calling isValid, submitted by Paul Harvey (remm) Use response encoding when generating error report (luehe) 26051: session must not expire even if the request processing time is bigger than the session timeout (remm) Optimize session access: remove synchronization, minimize object allocation for events, and reduce the amount of hashtable lookups (remm) Replaced SC_INTERNAL_SERVER_ERROR with SC_FORBIDDEN if anonymous access is not allowed (luehe) 11042: comment in server.xml now shows that connectionTimeout should be set to 0 rather than -1 to disable timeout (markt) Try to fix some character corruption in non-English resource strings in the nightly build (larryi) Improvements to session activity tracking, handling the case where the session is new, as well as cross context (remm) 26341: when calling the removeAttributes during session expiration, notified attributes should see the session as invalid (remm) 26010: '_' was an inappropriate character to replace the path separator, since it's a common character in HTTP; '#' will be used instead (remm) Add missing setUseContextClassLoader call to avoid possible classloader issue when Tomcat is embedded (jfarcand) Update service shutdown procedure: pause connectors, wait for a while, stop the container, stop connectors (remm) Strip out any path parameter when doing request dispatcher mapping (luehe) Throw the proper exception type when a name is already bound, submitted by Robert Kruger (remm) 26414: add support for liking to user transactions, submitted by Robert Kruger (remm) 26373: initialize mapper before load on startup servlets (remm) Ignore setBufferSize()/setLocale() calls on included response (luehe) 26611: forward + include was hiding the special forward request attributes (remm) 26487: RFC 2254 done on whole string instead of just DN, submitted by Jeff Tulley (funkman) 26715: Call endAccess after reading a session from storage so that the session properly timeouts, submitted by Jochen Strunk (remm) Fix rule matching algorithm for one character constraints, such as /s/* (billbarker) Added support for configurable session id length (luehe) The forward request attributes must reflect the original request, so only set them if the request being passed doesn't have them (remm) 26838: refactor once again the enum algorithm (remm) 14283: Catch and log exceptions in listeners (markt)

Coyote

Fix JMX self-registration of JK when loading the "normal" way (billbarker) Add an option to allow the admin to *not* JMX register the requests, since reclaiming memory can be difficult in JNI mode (billbarker) Add request unregistration, to avoid the memory leak which was affecting HTTP (billbarker) Fix the problem that every Handler was getting added twice (billbarker) Handle unregistering Requests for ChannelUnix (billbarker) Don't create a monitor thread unless maxSpareThreads is smaller than maxThreads (remm) Allow configuring the size of the HTTP header buffer, which represents the majority of the memory allocated by Tomcat; the new default value is 4KB (remm) Allow the option to only "want" client authentication, submitted by Michael Becker (billbarker) Implement clean shutdown of the connectors, using new pause and resume methods on the connector interface (remm) Add support for connector pause to JK (billbarker) Cleanup the logging for unknown packets in JK (remm) Avoid java.util.ConcurrentModificationException seen with very high load in RequestGroupInfo (luehe) 26492: consider all session ids sent as cookies until one is valid; also don't create cookie objects from sessionId cookies, which seems consistent with sessionId hiding from the URL (remm) 25805: add localDataSource flag, based on code submitted by Neil Katin (remm) 26567: the mapper will complain if the default host is not known, which could make mapping fail without a way to easily identify the cause (remm) 25363: Expose the SSL attributes in getAttributeNames() (remm) Make sure a filter is always added in all cases (remm)

Jasper

26191: fix classcast exception is JSP document parser, submitted by Trond Aasan (remm) 26242: add back a setVerbose setter to jspc for compatibility with Ant (remm) 26276: generated TLD inconsistent after tagfile changes (kinman) 26335: modification check for tagfiles does not work recursively (kinman) 26432: Incorrect mapping for url pattern in jsp property group (kinman) Implicit "pageContext" object no longer exposed in tag files, to comply with JSP spec (luehe) 26628: Fix handling of a EL function with no arguments (remm) Convert selected tag attribute types to their Fully-Qualified-Name equivalents if the taglib is JSP 1.2 based (luehe) Ported (from org.apache.catalina.startup.TldConfig) ability to ignore (for TLD scanning purposes) JARs (in the classloader delegation chain) that are known not to contain any TLDs (luehe) 13960, 13961: Javadocs fixes, submitted by David Medinets (markt) 26796: include fails when tag files are referenced in a tag directives (kinman) Parser for JSP pages in XML syntax ignores custom action's body type (luehe)

Modules

12361: support CGI scripts in unpacked WARs: scripts are extracted to the context work directory before execution (markt) Add support for URIEncoding, useBodyEncodingForURI, and allowTrace properties on the connector (larryi) Updating the admin webapp for the change in type of clientAuth (billbarker) Add WebDAV webapp to TC5 (markt) 13805: update docs to show that the shared directory is relative to CATALINA_BASE not CATALINA_HOME (markt) Added in distributed expire logic for the delta session (fhanik) Added in a module cluster interface (fhanik) Refactored a lot of the cluster code: the cluster element has sub elements, makes the configuration is modular (fhanik) Document other methods for load balancing (remm) Document that Context elements should not be placed in server.xml (yoavs, remm) Add examples, introductory notes, and a brief how-to notes for tag plugins (kinman) Fixed bug with the fact that the manager base has a static variable called name, caused session messages to be sent to the wrong managers (fhanik) Fixed serialization of principal when replicating data (fhanik) Port various session fixes (fhanik) Small docs updates for CGI and others (idarwin) 26906: The destination path needs to be normalised after the protocol and host has been removed (if present) (markt) Lock token must be returned after lock creation, submitted by Pieter van Prooijen (markt)

General

Fix packaging of the source .tar.gz (remm) Fix bug in the netbuild where the script would always attempt to checkout the sources (jfclere) 26162: Fix typo in the minimal config (remm)

Catalina

Remove CGI servlet dependency on JDK 1.4 (markt) 26171: Fix NPE in AccessLogValve during a reload (yoavs)

Coyote

Fix memory leak when spare threads are destroyed (remm, fhanik)

Modules

Implemented the ability to not expire sessions on shutdown, since that will expire them across the cluster (fhanik) Fix initialization of the session in delta manager (fhanik)

General

Add minimal server.xml (yoavs) Upgrade to Xerces 2.6.0 (remm) Add service.bat for NT service installation/uninstallation (mturk) 10286: Fix license typos (markt) Upgrade to NSIS RC 2, and add metadata to the generated installer (remm) New jsvc 1.0 Unix daemon wrapper (remm) New procrun 1.0 Windows service wrapper (billbarker)

Catalina

Properly implement new API methods getLocalName and getLocalPort (jfarcand) 25193: Don't attempt to parse the parameters if the request body wasn't fully read (remm) 25234: isValid already expires sessions, so backgroundProcess shouldn't call expire again, submitted by Paul Harvey (remm) Sync catalina.properties included in the JAR with the main one (remm) Fix WebDAV servlet issues: 23999, 24001, 24005 (markt) Managers cleanup, add stats and JMX for the PersistentManager (remm) Cache the result of getURLs, which was a major performance problem when using RMI from Tomcat (remm) Fix authentication and authorization compliance with the final specification; also optimize algorithm (billbarker, remm) 7080: Handle a null username correctly, submitted by Tim Walsh (markt) JNDI realm fixes: 23190, 16541 (funkman) 23885: Strings for JAAS realm (funkman) 5762: Include port in HTTP_HOST environment variable, submitted by Martin Dengler (markt) 5759: CGI servlet does not support extension mapping (markt) 25593: Set all common resources attributes on start, including allowLinking (remm) Reset the repositories array on certain method calls, and override addURL to set hasExternalRepositories to true (remm) Improve creation of cross context sessions: they will now timeout correctly and they will appear as new when created (remm) 8859: Correct namespace handling for lock owners in WebDAV servlet (markt) Add a minTime attribute on servlets (remm) 25703: ExtendedLogValve use wrong filename after rotate or checkexits case, submitted by Peter Rossbach (funkman) Allow disabling the shutdown hook, which is useful when embedding using the main class with JMX (remm) 25792: Fix session timeout implementation, which could lead to incorrect invalidation in some cases, submitted by Jarno Peltoniemi (remm) 9625: Stack traces are now escaped to ensure correct display (markt) 25885: Incorrect addApplicationParameter test, submitted by Peter Rossbach (remm) 25886: Remove the check on the maximum amount of active sessions during session creation (remm) 19998: Changed StringTokenizer creation to be compatible with Windows in the CGI servlet (yoavs) 11682: Deploying a webapp to the root context via an Ant task when unpackWARs is true now behaves correctly (markt) 25878: Add HostConfig after new Host is created via admin and prevent duplicate errorReportValve creation after restart, submitted by Peter Rossbach (amyroh) 25889: Allow configuring users and passwords, and automatically reconnect if connection fails for some reason, submitted by Peter Rossbach (remm) Fix array out of bounds when the docBase of a webapp is equal to "" (remm) Update spanish translation, submitted by Jesus Marin (remm) Add backgroundProcess method on the manager (fhanik, remm) Cleanup of HostConfig, and add some i18n (remm) When creating a Host dynamically with JMX, the autoDeploy should be set to false (remm)

Coyote

Update Japanese strings, submitted by Kazuhiro Kazama (larryi) Fix JkCoyote to properly handle the distinction between localName/Port and serverName/Port (billbarker) 25199: Fix NPE when there's no default servlet, submitted by Torsten Fohrer (remm) Port optimization from CharChunk to prevent needless allocation of byte arrays (larryi) Add a flag to allow using the encoding specified in the contentType or using setCharacterEncoding for the URI paramters (remm) When redirecting to a folder, append the query string if not null, to avoid losing query parameters, and refactor to use the new postParseRequest processing (remm) 25603: Adding a 'truststoreType' attribute, and making the trustStorePassword default to the keystorePass (billbarker) Add a try/catch when adding a wrapper, similar to what is done when handling contexts (remm) Fix host removal from the mapper (remm) Small cleanup of a thread startup in the thread pool (billbarker) Repackaging ApacheConfig and friends for Tomcat 5 in the org.apache.jk.config package (billbarker) Fix error-condition logging statements in MapperListener (billbarker) Add a privileged action for setDateHeader (billbarker) 25819: Add support for the security manager in JK (billbarker) Cosmetic fixes in the Mapper (remm) Report an exception which occurred during a low level flush (remm) Tweak thread pool according to suggestions from Dave Dice (remm) Add an "allowTrace" flag on the connector, and disable TRACE by default (remm) Move the call to setSocketOptions to prevent a potential DoS condition when using SSL, submitted by Alex Chan (billbarker)

Jasper

Avoid using deprecated Character.isSapce method in ParserController (kinman) Update Japanese strings, submitted by Kazuhiro Kazama (larryi) Rewrite error checking when processing tag files to conform with the lastest JSP spec (kinman) When a tag file includes a file, make sure the included file environment maintains the isTag and directiveOnly properties (kinman) Have JspC.execute() propagate its exceptions (luehe) For tag files, don't issue error for multiple definition when both are for dynamic-attributes (kinman) 25263: Bad smap when template text got concatenated (kinman) The spec allows an attribute to be specified in multple tag directives, if they have the same value; it is an error if not (kinman) Use development mode by default: mappedFile is now true (remm) 25787: Directives added to working tag files are not generated (kinman)

Webapps

Update Japanese admin webapp strings, submitted by Kazuhiro Kazama (larryi) 25138: i18n fixes in admin, submitted by Takashi Okamoto (amyroh) The Context (or DefaultContext) element should now be used to configure the file based resources (which is the default); other types of resources can have their properties set through this element (remm) 25119: Remove mention of the pause attribute in Ant task (remm) Update connector documentation to refer to two connectors: HTTP and AJP, in an attempt to clear confusion (remm) 24771: Unable to create new connector (markt) Add manager statistics for each context, as well as navigation links so that this is actually useful (remm) Document new HTTP connector flags (remm, larryi) Add architecture documentation (yoavs) 25555: Updating SSO docs, submitted by Brian Stansberry (billbarker) Clustering docs update (fhanik) The war attribute of the deploy task should point to a .war (remm) In the appdev example, use the localWar attribute instead of war for deploying a local webapp (remm) 9960: Clarify potential issues using xml context files and auto deployment (markt) 25774: Added note about GNU make for daemon on FreeBSD systems (yoavs) Add info that session persistence can be disabled by setting the attribute to an empty String (remm)

Modules

25493: Implemented true synchronous replication (fhanik) Longer read timeout, since under load it can take a while (fhanik) Adding in a regular io cluster listener to be used with JDK 1.3 (fhanik) Fix the validator task after the digester factory refactoring (remm) Fix packaging of the deployer JAR (remm) Implemented compression of the data sent over the wire by the cluster (fhanik) Only print a message when the connection fails (fhanik) Removed sychronization overhead on clustering (fhanik) Status servlets tweaks, to allow extending it (remm) 25948: Undeploy should be called with the displayed path to be able to work on the root context, submitted by Peter Rossbach (remm) Remove incorrect className attribute in proxy HOWTO (remm) Fixed 100% cpu bug with the replication listener (fhanik) Implemented socket pool for replication since the synchronized send became a bottleneck (fhanik) Implement delta replication (fhanik) Clustering performance improvements (fhanik) Fixed a bug in a dead lock with the pooled socket sender when a member crashes (fhanik) Implemented distributed expiration of sessions (fhanik) Print out a warning if no socket is returned from the pool and we are still connected (fhanik) Changing the default manager to be DeltaManager (fhanik)

Catalina

Catch exception in WebappLoader when there is an empty jar file (amyroh) 25033: Calculating the object name should occur as early as possible, to fix a stop/start scenario based on different object instances (remm) Fix JMX object name generator when there are valves with the same classname in the pipeline (remm) 25079: CL.getResource will return JAR based URLs for .class files (remm) Make a lot of manager and session fields protected instead of private (remm) Add many fields in JMX for StandardContext and StandardDefaultContext (remm) Add managerChecksFrequency field to DefaultContext (remm)

Jasper

General cleanup of the per thread tag handlers (luehe) In XML syntax, recognize \$ escape sequence in template text (kinman) Make sure that white spaces in template texts around <![CDATA[...]]> are trimmed (kinman)

Webapps

Balancer webapp documentation (yoavs) Add back in reference to using mod_jk for serving static content (glenn) Document new flags for the DefaultContext, Context and Resources elements (remm) 25078: Fix serverinfo Ant task (remm) The line numbers for uncommenting cgi and ssi keeps on getting out of sync with web.xml: an attempt at rewording to not have them get out of sync (funkman)

General

Remove useCanonicalCaches system property from JVM startup on Windows, as Sun JDK 1.4.2_02 fixes the bad behavior (remm) In the Servlet spec, add missing package Javadoc description (jfarcand) Update to commons-daemon 1.0 alpha (jfclere) Use base-jakarta.loc property to avoid hardcoding locations (jfclere)

Catalina

Merge digester's initialization logic into one class and add schema support for parsers other than Xerces (jfarcand) Modify the MBean lifecycle for the containers: the MBeans will now be removed only on destroy, rather than on stop (remm) 9723: Avoid unnecessary calls to RequestUtil.filter, submitted by Arvind Srinivasan (amyroh) 23853: add MBean description for DatasourceRealm, based on a patch by Kyle VanderBeek (amyroh) Fix unregistration of valves on stop (the objectname should be reset so that the valve is registered again) (remm) Fix registration of the root context through JMX (basically, it's the usual "/" to "" conversion for the path) (remm) All the properties defined in catalina.properties will now be set as system properties (remm) Add fields to control the resources, as well as set them globally using DefaultContext (remm) In PersistentManagerBase, return the object instead of a null, and throw the proper exception (jfarcand) Extend digester to be able to do system property replacement in server.xml and the context config files, using the ${...} syntax used by Ant (remm) 24006: allow header handling in WebDAV servlet, submitted by Mark Thomas (remm) 24368: Fix unhandled exception submitted by Mark Thomas (remm) 23764: fix SSO logout (remm) 24829: The command is the last parameter, not the first one (remm) 24832: Merge code from JDBC realm, fixing the valve after a restart of the database, submitted by submitted by Peter Rossbach (remm) 23881: SSO in embedded Tomcat, submitted by Brian Stansberry (remm) When calling ServletContext.log, append the application's name so we know from which application the log is coming (jfarcand) Don't throw an ISE if Session.getLastModified is called while the session is expiring, submitted by Brian Stansberry (remm) 9077: When a session timeouts, it won't logout of all webapps, submitted by Brian Stansberry (remm)

Coyote

Added support for localized messages in the thread pool (luehe) 24270: NoClassDefFoundError when running in security mode (jfarcand) Correct any maxThreads settings < 10 in adjustLimits(), since they would result in a non functional connector (luehe) 24428: No continue if not HTTP/1.1 (remm) Encode address property so Connector can handle IPV6 address in ObjectName (amyroh) Don't add the charset if it's the default one (remm) Add getter for RequestInfo.globalProcessor - it was returning AttributeNotFoundException because of missing getter (amyroh) Add a limit to the size of a POST which will be processed using getParameter (remm) Refactor postParseRequest to avoid throwing an exception (billbarker) Only set charset when it is explicitely set (billbarker) Add new JMX connector attributes (remm) Add maxPostSize support for client cert, to allow limiting the size of the buffered data (billbarker, remm) Throw exception if keyAlias does not identify key entry in connector's key store, to prevent infinite loop on org.apache.tomcat.util.net.PoolTcpEndpoint acceptSocket (luehe) The KeyStore implementation ("JKS") of the SUN provider converts alias names to lower case, so we need to do the same (luehe) Fix character encoding for URL parameters: char decoding should only occur after %xx decoding (remm) Fixes to remote address and host resolution through JMX (amyroh) Add getters to the thread pool and HTTP connector (amyroh)

Jasper

24186: Jasper SystemLogHandler memory leak, submitted by Matthias Ernst Concatenate text strings of adjacent TemplateText nodes, which may reduce code size and improve performance (kinman) 10903: Generate errors for unbalanced end tags (kinman) Add some javadocs in EL related classes (kinman) Use ISO-8859-1 as the default encoding for <jsp:param> since it is the default encoding for the request object (kinman) A small performance improvement: instantiate the bean object with its constructor, if "class" attribute is specified in usebean, instead of going thru java.beans.Beans.instantiate() (kinman) 24506: provide an option to trim white spaces that appear in a template text between two actions/directives; this is not spec compliant, so this is disabled by default (kinman) Document Jasper option "trimSpaces" (kinman, remm) '<' operator used in simple Math throws an error: When used with taglib (luehe) Fix JSPC classpath in the docs (remm) 24904: Nested custom tag causes bogus compilation errors (kinman) 24779: Jasper fails to compile a valid JSP document (xml syntax) when an EL string in template text contains a "[]" (kinman) 24957: Operators are mis-treated as functions (kinman)

Webapps

Fix incorrect tags comments in the admin webapp (kinman) 24349: Avoid NPE (which renders the HTML manager servlet unusable) if a context hasn't been started successfully, submitted by Ferenc Dobi (remm) 24250: Make output compatible with JMX Ant task, submitted by Peter Rossbach (remm) Fix the webapps docbase in the embed distribution, and some cleanup (remm) Include the manager in the embed package (remm) Document new Jasper, Connector and DefaultContext attributes (remm) Remove Tyrex documentation for now (remm) 24787: Allow host aliases of more than 24 characters (remm) Update JSP examples to JSTL 1.1 (kinman)

Modules

Add delta manager to clustering (fhanik) If null is passed into the value of setAttribute to a clustered session, then remove the attribute (fhanik) Add more configuration options to clustering (fhanik) Clustering code reorganization (fhanik) Added in member alive time (fhanik) New balancer webapp, which allows redirection to cluster nodes according to simple rules (yoavs)

General

New procrun binaries, fixing running as a service (mturk) Upgrade to commons-pool 1.1 and commons-dbcp 1.1 (remm)

Catalina

Cleanup schema validation and add a status message at startup (jfarcand) Small tweaks to allow to execute the bootstrap JAR (remm) Explicitly add commons-logging-api on the classpath on Unix (remm) 23799: Canonicalize catalinaBase and catalinaHome (remm) Start/stop ContainerBackgroundProcessor thread as part of StandardContext.start()/stop(), respectively (luehe) Better increment the error count value by incrementing the count everytime sendError is invoked (jfarcand) Add system property replacement to the Connector, to be expanded to other elements (remm) Added support for nesting a Context Listener and webapp Loader within a DefaultContext (glenn) Remove support for Embedded.main in the shell scripts, which has been removed (jfarcand) Add the caching flags even over a secure connection, due to Mozilla bugs (remm) 23608: Improve setclasspath, submitted by Adam Hardy (remm) Add support for resource links to DefaultContext (remm)

Coyote

Add regexp support to check for Compression/HTTP 1.1 compatible browsers (hgomez) Allow the TrustStore to have a different type from the KeyStore (billbarker) Catch AccessControlException's so that unauthorized access to a socket when using the Java SecurityManager does not shutdown the worker thread (glenn) Don't pretend that we are going to do something if the SSL handshake fails (billbarker) Fix setting charset through a variety of methods (luehe) If no keepalive, don't use chunking (remm) Avoid some copying on a common case, when a JSP page is flushing its own buffer (kinman) In case the server needs to reinitiate SSL handshake (with client auth enabled), consume request body and buffer it, so that it does not interfere with client's handshake messages; with help from Bill Barker (luehe) SocketExceptions can occur in a networked app, so reduce logging level for these during setup of the socket options (glenn)

Jasper

Serialize directory creating to avoid a potential race condition (kinman) Quote value of 'classid' attribute (luehe) 23691: Tweak the SMAP tracking code so that it works for classic custom tag and JSP fragments (kinman) Make Smap's FileSection work for windows too (kinman) 24019: Make sure that the "No Java compiler" error message is produced only when there is really no javac (kinman)

Webapps

Check connectors with the same port number under different domain (amyroh) Restoring JDK 1.3.1 support to StatusTransformer (billbarker)

Modules

The clustered manager will now respect the distributable flag (fhanik) The clustered manager will act like a standard manager if the distributable flag is not set (fhanik) Implemented session state transfer (fhanik) Added in a clustering how to (fhanik) Added in the suspect feature to avoid to much error printing (fhanik) Removed the session replication upon session creation, this happens at the end of the request anyway (fhanik) In JMX land, the JSR 77 beans must be in the same domain as the engine; this is due to a "limitation" of JMX which prevents retrieving attributes of a bean when the unregistration event is sent (remm) Add regexp to embed (remm)

General

Import cleanups (hgomez) Fix an incorrect test in the startup script (kinman) Switch back to Xerces 2.5.0 (jfarcand) Update the J2EE 1.4 schema jsr154/src/share/dtd/j2ee_1_4.xsd to clarify that fully-qualified-classType is a binary name, submitted by Mark Roth (kinman) Move the commons-daemon Windows binaries to jakarta-tomcat-connectors, as they were Tomcat specific (mturk) Changes are synchronizing with the latest Servlet 2.4 specification, submitted by Yutaka Yoshida (jfarcand) New view source and many fixes in JSP examples, submitted by Mark Roth (kinman)

Catalina

Sessions created in the target webapp of a cross-context were invalid (luehe) JMX registrations of servlets that map to the same jsp-file used the same name (luehe) Separated JSESSION cookie configuration into its own method, which may be overridden (luehe) Add missing doPrivileged block for adding cookies and encoding URLs (jfarcand) Preload additional inner classes (jfarcand) Fix to properly create Loader MBean at webapp restart (amyroh, remm) Fix to properly create Manager MBean at webapp restart (amyroh) Avoid TLD-scanning the JARs under WEB-INF lib twice per webapp (luehe) Do not let the parsing error of a single TLD disrupt the parsing of remaining TLDs in the JAR (luehe) Fix a problem rebuilding the context path given the context file name (remm) Don't save any context files if config base doesn't exist (remm) Add the possibility to specify straight URLs in the repository list (= single JARs, remote repositories, etc) (remm) Fix issues with wait-for-servlet-unload logic (remm) 23373: Prevent clobbering the server if we already have read server.xml (billbarker) Make RMI/IIOP port configurable (hgomez) Properly implement schema validation with Xerces (jfarcand) Added hard-coded list of names of JARs that are known not to contain any TLDs, which can be overridden using the new TldConfig.setNoTldJars() (luehe) Fix handling of root context when upacking a WAR; note that obviously using a context path with a WAR which doesn't match the name will result in the webapp being deployed twice (remm) Remove debugging logs in LoggerBase (amyroh) Set -Dsun.io.useCanonCaches=false for Windows, which is a Sun JDK 1.4.2 specific property, to ensure that case correct canonical paths are obtained (remm) Print out a message after successful validation using the Validator task (remm) Add an example on how to configure GZIP compression in the main server.xml (hgomez) Minor fixes in the scripts, mirroring the new paths (jfarcand) 23525: HttpSessionListener implementors are called too late (jfarcand) Need to call the listener when the session is invalidated because the interval between the time the session is marked invalid and the StandardrManager expires the session can't be predicted (jfarcand) In the WebDAV servlet, decode and normalize destination path before doing anything else (remm) Adjust logging in the JAAS realm according to suggestions from bug 23547, submitted by Adam Hardy (remm) Japanese translation update, submitted by Kazuhiro Kazama (remm)

Coyote

Respond 400 to requests which contain '%' with no or invalid trailing hex digits (leith) 23276: Fix compatibility with Sun JDK 1.4.0, submitted by Steve Appling (remm) Fix matching of the content types for which compression is allowed, submitted by Steve Appling (remm) Fix logging of errors which occur in setSocketOptions, and do not process the connection in case of an error (remm) Set the monitor thread as non daemon with the HTTP/1.1 connector (remm) Fix trust store factory property name typo, submitted by Chris Halstaed (billbarker) Fix some action descriptions (hgomez) Improve configuration of GZIP compression (hgomez) Fix HTTP/1.1 on EBCDIC machine (jfclere) Change the way to kill the thread after a server socket restart (remm) In the TCP endpoint, use the appropriate exception for killing the thread, improve if block, and replace while + break with a simpler if (remm) Make the TrustStore a configurable option (so different Hosts can have different TrustStores) (billbarker) Set the proper default for TCP no delay in HTTP protocol (remm)

Jasper

For template texts that generate multiple Java lines, addidtional mapping informations are kept in the TemplateText node, to aid SMAP generation (kinman) 22058: Fix bad SMAP mappings and compilation errors when using fragments (kinman) When a tag handler class is an inner class, it is specified in the TLD in binary form (Outer$Inner): it needs to be converted to canonical form (Outer.Inner) when generating Java files (kinman) Add missing doPrivileged block in PageContextImpl (jfarcand) Package protect the Jasper classes properly (jfarcand) 22833: Make sure scriptlet declarations get properly mapped (kinman) Fix another SMAP bug (kinman) Fixed javadocs for tldScanJar(File file) (luehe) Fix a bug in Parser.isTemplateText(): Since '%' is not a delimiter in JspReader.parseToken(), an expression "<%String s;%>" after a template text would be treated as a template text when mappedfile option is set to true, and got concatenated to the template text (kinman) Fixed javadocs of parseTLD, which used to return boolean but was changed to void (luehe) Fix bug: \<%foo%> in template text hides expression (kinman) Support java extension directories when invoking javac (kinman) Fix Jasper script (kinman) Some Javadoc improvements in Compiler (kinman)

Webapps

Use the proper conversion for MB and KB, and fix formatting errors (remm) Allow undeploying webapps when docBase isn't in the host appBase: their context file will be removed, but the docBase will not be removed (remm) Replace references to TC 4 with TC 5, submitted by Kazuhiro Kazama (billbarker) Fixes to Japanese translation of the manager, submitted by Kazuhiro Kazama (remm) Do not allow duplicate port connector creation in the admin webapp (amyroh) Add save command (saves either the full config, or a context config) to the manager (remm) Fix for root context handling in the manager servlet (remm) Fix to not display JAASRealm node since admin doesn't support editing such Realm (amyroh) Package the Manager class, which is supposedly "needed" by the deployer (remm) Fix JDBCRealm creation via admin (amyroh) State the welcome file is index.jsp, not index.html (funkman) Fix the way the tree builder was querying JAASRealm (amyroh) Update SSL docs, including adding notes for the current limitations of IBM's implementation of JSSE (billbarker) The Ant tasks will now decode the server messages using UTF-8, submitted by Takashi Okamoto (remm) Add JAAS realm documentation, submitted by Adam Hardy (remm) Admin webapp Japanese translation update, submitted by Tanaka Yoshihiro (remm)

Catalina

Refactor persistent manager periodic processing (jfarcand) Allow extending StandardPipeline (jfarcand) Refactor manager initialization, move it into ContextConfig, and remove Cluster.setDistributable (remm) Added in support for sending out access time pings to the cluster, and for session.invalidate to go out to the other nodes in the cluster (fhanik) Remove the artificial limit of 3 for classpath creation (remm) In SecurityUtil, always associate a Subject; if not created, then create a default one (jfarcand) Fix security policy after move of commons-logging (remm) Don't do a real flush at the end of request processing (remm) Remove useless flush in the ErrorReportValve (remm) Throw ThreadDeath for invalid classloader accesses (remm) 23131: Fix wrong classloader binding when reloading the web application after class modifications (remm) Remove overriding the mapped servlet path with the jsp-file in the request dispatcher (remm) Add a delegate flag on the context to allow easy configuration of the delegation policy, which is easier to use with JMX embedding (remm)

Coyote

Add support for specifying the TrustStore algorithm, with default to the keystore algorithm (billbarker) Refactor thread pool logic to avoid deadlocks when no processor is available (billbarker) Filter out all control chars from the response header, as mandated by the HTTP specification (remm) 21763: Make certain that we don't return a bad Socket (billbarker) Refactor byte chunk buffering so that the written data fits inside the limit; the number of byte copies is similar to what it was before (remm) Add a buffer at the socket layer, configured using the socketBuffer attribute; add handling for explicit client flushes (remm)

Jasper

Add an compilation option to generate writing char arrays instead of Strings for template texts (kinman) Fix jsp-config problem (jfarcand) Use out.print(expr) instead of out.write(String.valueOf(expr)) for outputting expressions in template texts (kinman) Fix SMAPping for small text strings with genStrAsCharArray=false (ecarmich)

Webapps

Update classloader documentation to reflect the actual classloading order (luehe) 21933: Add header possibly ignored if buffer is too large, submitted by Chris Kessel (funkman) Update the application development documentation for changes in Tomcat 5 (remm) Add manager translation in German, submitted by Yann Cebron (remm)

General

Update all download locations to archive.apache.org to use stable links (remm) Update running and building instructions (remm)

Catalina

Modify the commons-logging packaging (only the commons-logging API is bundled now) to resolve the classloading problems, and remove the special case handling from the webapp classloader; pivileged webapps can now use log4j (remm) 22986: Fix bad canonicalization call which was causing problems when a host appBase was absolute (remm)

Coyote

Add documentaion on mod_jk tools (glenn) Handle query string decoding as a special case, using the character encoding specified for the rest of the URI in the connector, whereas the encoding of the entity body was used; this can be UTF8 as per the W3C standard, but for interoperability, it is a one for one byte to character conversion (remm) Null a busy processor in the pool array, so that the algoritm is more consistent (remm) MessageBytes.toChars should set the type to chars (remm) Make the update of the stats an explicit call (I believe it is valid to call recycle multiple times, and it is hard to avoid with HTTP keepalive) (remm) Decrease the timeout reduction ratio when the server gets loaded, and add a setStatus so an error is counted (remm)

Webapps

22956: Use UTF8 encoding in the manager web application, submitted by Takashi Okamoto (remm)

General

JSP 2.0 specification updates, submitted by Mark Roth (kinman) Servlet 2.4 schema update, submitted by Yutaka Yoshida (jfarcand) Get ready for using JSR 160 RI (JMX Remote 1.0): copy additional, optional, JMX binaries (remm) Replace MX4J 1.1.1 with the Sun JMX 1.2 RI (remm) Major update to Japanese internationalization, submitted by Kazuhiro Kazama (remm) Fix bad imports (remm)

Catalina

Add sessions and serverinfo tasks, submitted by Vivek Chopra (remm) Minor optimization: Avoid scanning duplicate JARs for TLDs (luehe) Expose the new connector properties in JMX (amyroh) Big JDBCRealm cleanup: fix for 7116, 10623, 11929, 8091, and make authenticate synchronized since there are race conditions between the connection being opened, used and exceptions occuring (funkman) Simplifying the code by hiding the arrayCopy (billbarker) 22691: Wrap getCanonicalFile in a try/catch (remm) Reenable validation, using Xerces 2.1 instead of Xerces 2.5 (remm) 22698: Restore RealmBase.main(), allowing to compute digests (remm) 22546: Fix small filter extension mapping bug, where if the extension of the request starts with the tested path, it would have been matched (remm) 22695: don't check for session validity when activating and passivating (remm) Do not create a new Subject everytime a Servlet/Filter is invoked, associate the same Subject to the AccessControlContext (jfarcand) When saving server.xml, don't save the value of properties which have their default values (remm) Release all logs associated with this CL when stopping the CL, and avoid NPE in toString after stop (remm) Avoid references leak: clean up and recycle all thread local resources, and reset the context CL after invoking the pipeline (remm) The request dispatcher should also not log a client abort exception (remm) When saving server.xml, don't print the className if it's one of the standard implementations, and add some fields to the exception list (remm) Null out the reference to the resources when stopping the classloader (remm) Don't save the config file attribute, as it is always useless, and don't indent context config files (remm) Allow overriding the Host's unpackWARs using a new unpackWAR attribute on the Context element (remm) Include the pathInfo when a relative path is used to get a request dispatcher, submitted by Mark Thomas (remm) 20029: fix "-force" shell script parameter handling, submitted by Christian Brensing (remm) Deploy descriptors even if deployOnStartup is false, as they should be considered as if they were part of server.xml (remm) Apply patch for 22857 and 22858 to CGI servlet, submitted by Mark Thomas (amyroh) Get the absolute path to the work dir, so that JARs in /WEB-INF/lib can be found when using non filesystem based resources (luehe) XML-escape the values when writing out the tomcat-users.xml file, submitted by Mark Thomas (billbarker)

Cluster

Set dirty flag gets set on setMaxInactiveInterval (fhanik)

Coyote

Also consider last element in comma-separated protocols list, or the case where the list contains a single element and no commas (luehe) Implement getAttribute(key) in the protocol (amyroh) Make certain that we are still in an https session before looking for certs, submitted by Mark Thomas (billbarker) Adding accessors so that the JkCoyote connectors can play nice with the admin webapp (billbarker) Fix parsing of the content-type header in Response (luehe)

Jasper

When an error occurs, get the file name from path instead of from the exception (kinman) Don't generate code to do an instanceof when it can be done at translation time (kinman) Avoid defining multiple getServletInfo() methods (one for each page directive with an 'info' attribute) (luehe) Supply taglib's unique id (instead of the value of the uri argument in the directive) to the TagLibraryValidator's validate method (luehe) Ensure that <jsp:root> is root element in JSP document (luehe) Prepend "urn:jsptld" to uri values that represent relative paths when adding "xmlns:prefix" attribute on the root of the JSP document's XML view (see JSP.10.1.5), and make the value passed as the uri argument to TagLibraryValidator.validate() match the above (luehe) When precompiling with JSPC, files that match the url-pattern specified in jsp-config should be included for compilation (kinman) Added support for JSP.6.2.4: fix issues with DOCTYPE validation (luehe) Don't combine LineInfos from different files (ecarmich) Set Node.startMark correctly in JSP document nodes created from character data: this fixes incorrect SMAPping of template text nodes containing line feeds, and incorrect error reporting for unparseable EL expression nodes (ecarmich) JSP error page mechanism fails intermittently to display contents of error page, which occurred when a JSP was using a custom page context (luehe) Use just the class name if package is imported, and in tag files, declare request as HttpServletRequest and response HttpServletResponse, as is the case in servlets (kinman)

Webapps

The Loader does not have a method to set a work dir, remove from docs (glenn) Update the host properties in admin (amyroh) Update admin with the latest connector changes, including thread pool configuration (amyroh) Fix to return null when an error response is sent, submitted by Jeff Tulley (amyroh) Get rid of the maximum size of the username and password fields (amyroh) 22268: allow using SHA digest (amyroh) In the default page, update links to the lists, and add a link to the open bugs (remm) Update for changes to jsvc from commons-daemon (remm) Refactor the status servlet, allowing for XML output in addition to the user friendly HTML, submitted by Peter Lin, based on code from John Turner (remm) Implement the XML processor state status (remm) Update classloader documentation according to the current behavior (remm)

Deployer

In validator task, set the context classloader to avoid issues with commons-logging (remm) Validate before running javac (remm)

Catalina

Fix bug where no static resource over 512 bytes would get cached by default (remm) Ensure uniqueness of patterns across all servlets, so that it is possible to reliably override the servlets defined in the default configuration (remm) Fix and improve static resource cache space allocation algorithm (remm)

Coyote

Revert a patch on CoyoteConnector causing a performance regression (remm) When mapping to the default servlet, or mapping to a physical welcome file, String representation of the path is available, which saves some object creation (remm)

Jasper

Disable tag pooling when a JSP uses "extends", to avoid NPE when the pool was accessed (luehe)

General

Update commons-daemon packaging for consistency and ease of use on Unix (remm) Servlet specification updates, submitted by Yutaka Yoshida (jfarcand) JSP specification updates, submitted by Mark Roth (kinman) 22494: Removed logVerbosityLevel doc and init-param from JSP Servlet, as they're no longer used, submitted by Eric Carmichael (yoavs)

Catalina

Remove some stack trace dumping in MapperListener (remm) Remove extra setLogger call in Embedded.createContext (remm) Add support for TLD validation, and fix bug 21917 where entities couldn't be resolved in a TLD (jfarcand) Fixed logic so that iterator actually gets cloned when "clone" is set to true, and replace LinkedList with ArrayList (luehe) Avoid NPE when ensuring that resource path starts with '/' (luehe) Avoid reformatting constant Expires header on every request (luehe) Log client abort exceptions as debug information (remm) Found a way to avoid the extra restart caused by the web.xml tracker, when the webapp was deployed by an outside source, such as the manager servlet (remm) Improve CL stopped error message, so that it is more explanatory (remm) When using the deployer, schema validation wasn't supported (remm) Fix NPE when getMessage of an exception returns null in the DefaultServlet (jfarcand) Fix behavior of HttpSession.setMaxInactiveInterval() (luehe) Cleanup of the XML descriptors for the model MBeans, removing old connectors and old attributes (remm) Update the store and persistent manager code so that both will use the container provided background processing thread, rather than using one thread per component (as much as two threads per context) (remm) Add new managerChecksFrequency attribute to StandardContext, allowing to configure how often the manager session expiration and passivation checks will be called, similar to the intervals used in Tomcat 4.1.x (remm) Disable schema validation for now, due to persistent issues with Xerces (remm)

Coyote

Added support for specifying alias name for server keypair and cert chain, to be used by the server to authenticate itself to SSL clients (luehe) Added support for specifying comma-separated list of SSL protocol variants to be enabled, which may be useful to disable the less secure SSLv2 (luehe) Fixed bug in CoyoteConnector getter methods for SSL related attributes, which would always return null if SSL properties were configured directly on the Connector element (instead of its nested and now deprecated Factory element) (luehe) Moving the new protocols logic to the 14 Factory (billbarker) Clone request attribute names iterator (luehe) Fix client abort logging, and throw a client abort when an IOException occurs when writing bytes (remm) Avoid a NPE when requesting the remote address between requests or before processing any request (remm)

Jasper

Allow a taglib to be defined more than once in taglib directives, even in statically included files, and remove need for keeping a Stack for prefix bookkeeping (kinman) When including a JSP document (written in the XML syntax), in the resulting XML View of the translation unit the root element of the included segment must have the default namespace reset to "" (kinman) Don't merge SMAP entries in the outputStartLines aren't consecutive, which fixes IllegalArgumentException when SMAPs are generated (remm) Replaced JSPC error message with localizable error code (luehe) Added -classpath option to JspC (luehe) Beautify the insertion of the XML fragment in JSPC (remm) Restoring JVM 1.3.x compatibility to Jasper, with a new split String method (billbarker) Add attibutes doctype-root-element, doctype-system and doctype-public to <jsp:output> for outputing a DOCTYPE declaration in XML documents, per latest spec change (kinman) Fixed buffer realloc when writing single char (luehe) Spec has been changed to allow for include-prelude and include-coda in jsp-config (kinman) Restored JSP default for 1.2 based tag handlers (luehe) Adjust Java lines mappings for codes that are generated in buffers (kinman)

Webapps

Add two JMX related tasks, designed to use the jmxproxy servlet, submitted by Vivek Chopra (remm) Document usage of commons-daemon with Tomcat on Unix (remm) Add new JSP XML test in the tester, and fix the one that was already there (remm) The tester should handle i18ned manager reload messages (remm)

General

Tomcat 5.0.x release plan was voted (remm) Various JSP 2.0 API updates, submitted by Mark Roth (kinman) Update to commons-modeler 1.1, submitted by Yoav Shapira (remm) Simplify the use of the Ant script shipped in the embedded package (remm) Bundle Xerces 2.5.0 again, due to bugs in Crimson (remm)

Catalina

Allow putting a /META-INF/context.xml inside any WAR file deployed by the HostConfig (remm) Many bugfixes in JNDI realm: 18698, 11678, 19864, 20518, with help from David DeWolf and Jeff Tulley (funkman) Fix for three related request dispatcher bugs, including 22013, 4690 (cross context sessions support), and port the fix for ServletContext.getContext(...) when using the root context (remm) Use PropertyUtils to obtain the rootCause. This way we can also drill into nested JspExceptions or another Throwable object which has a 'rootCause' property which returns a Throwable (funkman) Extract all non class resources from a JAR on access to a non class resource (remm) 14817: JNDIRealm SHA digest implementation incorrect (funkman) NPE when an invalid web.xml is deployed and the digester throws an exception (jfarcand) 22236: addAttributeValues may return null, this could trigger a NPE if debugging was turned up >=2 (funkman) 22146: Use Class.forName instead of ClassLoader.loadClass (remm) Split the applicationListeners array in two, for performance reasons (remm) Fix bug where welcome files were not being processed in the embedded distribution (remm)

Coyote

9351: parsing IPv6 hostnames (in IP form, obviously), submitted by Masashi Yamaguchi (remm) Allow extending CoyoteConnector (jfarcand) 22192: the context mapping algorithm actually needs to be similar to the algorithm used for widcard wrapper mapping; optimize wildcard mapping: since the amount of nesting the mapping has is known, some mapping operations can be avoided (remm) Allow for customization of JSSE trust and key managers (luehe) Added check for (keystoreType == null) before calling getKeyManagers/getTrustManagers (luehe) Use less aggressive socket timout reduction when the server load increases (remm) Fix calculation of a request processing time (it must not include the time waiting for data in keepalive mode, or the time waiting for data for an initial request on a connection) (remm) Fixing CoyoteConnector getters for JMX; CoyoteConnector will now rely on the protocol handler for most of the values it returns (billbarker)

Jasper

22090: Enable expression cache, submitted by Matthias Ernst (remm) 22103: Release servlet writer after compilation, submitted by Gilles Scokart (remm) 21206: Fix including a JSP, where Jasper would do weird things whenever the outer request had a non null pathInfo; it will now use the included servlet path correctly (remm) Have 'isELIgnored' page directive attribute take precedence over JSP config el-ignored (luehe) Replaced JspServlet's "tagPoolSize" config param with the correct "tagpoolMaxSize" in web.xml, and removed getTagPoolSize() from Options, because tag pool size is no longer needed at compile time (luehe) Simplify the way the URLClassLoader used by JSPC gets initialized (luehe) 22133: workaround for a JDK 1.3 scoping bug, submitted by Matthias Ernst (remm) Added javadocs for getExtends methods (luehe) Refactor some code in JspDocumentParser, since startPrefixMapping got called before startElement, turn on push/pop prefixes for taglibs in XML syntax, so that proper prefix can be located (kinman) Make JspFragment.getJspContext abstract (kinman) JSPC will now display root cause for build errors; also fix a needed side effect in classpath generation when tag files must be compiled (remm) In JspDocumentParser, pop is called in the same order as push, so the Stack should be replaced by a LinkedList (remm) Replaced JSPC message with more meaningful warning (luehe) 22266: keep template text together with mappedfile="true", submitted by Eric Carmichael (remm) 22006: Invalid SMAP line entries when running with mappedfile=true, submitted by Eric Carmichael (remm) Apply workaround for failure in optimizeLineSection() when there are entries with an outputStartLine of 0, Submitted by Eric Carmichael (remm) The "out" in the Fragment helper functions is now JspWriter instead of java.io.Writer, so that it won't trigger errors when a fragment contains include actions (kinman)

Webapps

Update the documentation to reflect the fact that the Factory element is no longer required to setup a stand-alone SSL Connector (billbarker) The status servlet will now also display wrapper mappings (remm) Allow passing a regular path instead of an URL for the WAR to upload to the DeployTask; also pass the right URL String so that the "update" flag is no longer ignored (remm) Fixes to the manager servlet: cleanup URL handling, to be consistent with the HTML manager; don't send extra "OK" messages; fix update flag; make sure configFile is null if there's no context XML file (remm) Fix webapp tagging and redeployment from a tag (remm) Display byte sizes and times using sensible units (KB and MB, s and ms) in the status servlet (remm) Display the remote host when in keepalive status, as well as the elapsed time (it corresponds mostly to the amount of time since the start of the previous request) (remm)

General

Synchronize the server.xml used by the Windows installer with the main default server.xml (remm) Update to Xerces 2.5.0 (remm) Add additional information in the welcome HTML for the release download (remm) 21999: Typo fix, submitted by Liu Kang (remm)

Catalina

Remove welcome file processing from the default servlet (funkman) Search for TLDs in all subdirectories of WEB-INF, except classes and lib (luehe) Fix possible file descriptor leaks in the code responsible for unpacking a WAR (remm) 21908: Fix Unix startup script bug (bad AS/400 condition), submitted by Jason Corley (funkman) Remove useless casts in AccessLogValve (remm) The default socket factory class name is now the Coyote factory (remm) Add a new digester rule using the IntrospectionTools so that all attributes are passed to the connector, including those which have no explicit setters (in which case the setProperty method is called) (remm) Simplify the connector configuration in server.xml (remm, billbarker) Expose the ServletWrapper statistics through JMX (remm) The connectors default configuration are now similar to the HTTPd 2.0 default configuration, submitted by Henri Gomez (remm) Send JSR 77 spec required notifications for J2EE mbeans (amyroh) Put the CSS used by various Tomcat components in a separate class in the util package (remm) Remove path normalization in the default servlet (remm) Copy jk2.properties to conf folder (remm) Remove some attributes from the default JK 2 configuration, which should instead be configured through jk2.properties (remm) Remove unneeded fields in the CoyoteConnector (remm) Make the SingleSignOn methods protected so it is possible to extend that class and have a customized version (jfarcand) Add code allowing configuring the resource cache size for a context (remm) Refactor extension handling; available and required extensions are now consistently NULL if not present (luehe) System resources were identified but then ignored when checking if an app's dependencies could be resolved (luehe) Add the sslProtocol property on the connector to define the protocol used in SSL (luehe) Synchronize the startup scripts based on the Tomcat 4.1 code (funkman) Close JarInputStream after reading manifest (luehe) Use commons-logging and the existing StringManager in the extension validator (luehe) 22032: missing security-policy in default configuration; precompiled JSPs running under the security manager always have to access org.apache.jasper.runtime.* classes (jfarcand) Remove old reload code, now replaced with a simpler stop/start sequence (remm) Tomcat will now ignore a non existent classpath JAR (remm) Some steps of start shouldn't be executed if the context startup has previously encountered errors (remm) Temporary fix for running SSL without a SocketFactory (billbarker) Remove apparently useless wrapper classes (remm)

Coyote

Fix welcome file mapping, so that the order of the welcomes specified in web.xml is respected, whereas previously servlet mapped welcomes would have a priority over physical welcome files (funkman) When shutting down the endpoint's server socket, close the unlocking socket inside a finally block (remm) Fix configuration of the maxThreads attribute of the thread pool (remm) Add a new protocol attribute on the Coyote connector, which can be used rather than using the protocol handler classname; acceptable values are either "HTTP/1.1" or "AJP/1.3" (remm) Improve the thread names and numbering, based on the associated connector name and the number of existing threads, so that reading a thread dump is significantly easier (remm) Fix a bug redirecting to a folder: the context path was lost (remm) Fix incorrect URL normalization of the "///" sequence, due to a bad port of the String based algorithm to arrays (remm) The HTTP/1.1 connector will now automatically scale down the timeout and disable connection keepalive should the server start getting low on processors (remm) Make certain that we tell Apache that we have finished with the request; If the Adapter throws an exception before entering the Pipeline, we end up with both Apache and Tomcat trying to read the Channel and hence not serving requests (billbarker)

Jasper

21823: Compiler uses invoking page's PageInfo for handling tag files, submitted by Eric Carmichael (luehe) 21978: Certain tag file pathnames lead to compile errors, submitted by Eric Carmichael; also add check for Java keywords in package names (kinman) Remove useless check if the security manager is not present (jfclere) Refactor getDerivedPackageName and eliminate some duplicate code (kinman) 21168: Incorrect paths in generated SMAP file entries, submitted Eric Carmichael (luehe) 20155: The strutsel-exercise-taglib application can not be compiled with jspc, because the correct class loader was not being set (kinman) Make JspProperty constructor public, to allow for user supplied JspConfig (kinman) Removed unused methods and instance variables in Collector and PageInfo (luehe) 22084: Fix incorrect indentation of generated code, submitted by Eric Carmichael (remm)

Webapps

Display contexts and servlets stats in the status servlet, so that the administrator can get a complete view of the server (remm) Beautify the status servlet, and integrate it with the HTML manager, through links (remm) In the status servlet scoreboard, add missing whitespace between method and URI (remm) Update the connectors documentation (remm) Manager, HTML manager and deployer docs update (remm) Document the background processing feature, and the configuration of the resource cache (remm) Add a legend for the status servlet scoreboard (remm) Fix typo in the Struts definition of the default context forms, submitted by Jeff Tulley (remm) Initialize filter so that the release notes of the docs look right (remm)

General

Update the tester web application for Tomcat 5, and make a tester run part of the release process (remm) In the checkout target, only checkout modeler from commons instead of all of commons (funkman) Add the catalina-optional JAR in the embed package (remm) Fix obscure JAXP related CL problem in embedded mode, by preloading some descriptors (remm) Release notes updates (funkman)

Catalina

Added Embedded.createConnector() methods that take address of type String (luehe) Don't set the no-caching headers for protected POSTed pages. This makes the "back" button in the browser works as expected. (billbarker) 21341: Fix error page forwarding (remm) In the extended log valve, if bytes are requested, then print bytes, not the date (funkman) Add a Container.getPipeline() to allow bypassing the (useless) invoke method (remm) Add code to allow printing partial stack traces for exceptions in HTML report pages, as well as add a note about the full stack trace of the root cause being available in the logs (remm) Logs will now contain the root cause of ServletExceptions (remm) Fix a problem where the Strings weren't escaped in the same way for chars such as '. This caused problems for localization in French. (remm) Add leading + to timezone offset in the access logs (funkman) Merge ErrorDispacherValve functionality back into StadardHostValve, and remove associated hacks from StandardServer and StandardHost (remm) Like some of the other resources, application parameters must not be reset on a context stop, as they come from a Context element. Regular parameters read from web.xml should be fine. (remm) Correctly update the mapper. The previous code was not compatible with the invoker servlet and its dynamically added wrappers. (remm) Use the context logger for all webapp related error messages (remm) Remove RequestListenerValve and merge it into StandardContextValve (remm) Fix NPE exception when instances attribute is null (jfarcand) 21822: Valves should only be registered and unregistered when: addValve or removeValve is called and the associated pipeline is started or on start and stop of the pipeline (remm) Update security constraints processing to be compliant with the new behavior specified in the Servlet 2.4 specification, where security constraints must now be combined. SecurityConstraint Realm.findSecurityConstraint is changed to SecurityConstraint[] findSecurityConstraints, and implemented in RealmBase. (billbarker) Fix problems updating a WAR for a context which had a context file (it would be ignored) (remm) Do not redeploy a context when a context file is added, and the context wasn't deployed with the auto deployer (remm) The SetDocBaseRule will not throw a NPE, and will attempt to guess the context docbase if not set (remm)

Coyote

Slight re-factoring of the JSSE SSL implementation to allow it to work with non-Sun vendor's 1.4.x JVMs. (billbarker) Added support for X-Powered-By response header, as defined by the Servlet 2.4 and JSP 2.0 specs (luehe) Fix context removal from the mapper when Tomcat is used as embedded (jfarcand) As mandated by the specs, the mapper will always redirect for physical directories, and will always process physical welcome files mapping (billbarker)

Jasper

21753: Fix comment generation, submitted by Eric Carmichael (billbarker) Hide all taglib and XML namespace management in PageInfo (luehe) Forgive duplicate attribute values on static include (luehe) Fixed typos and formatting of JspC help message (luehe) Changed "jsp:usebean" to "jsp:useBean", submitted by Petr Jiricka (luehe) Preparation work for new 'static include' rules (luehe) Ignore default settings for "extends" and "language" when checking for multiple page directive attributes with conflicting values (luehe) Do not unconditionally use "JSP" as the default body-content type, because it is illegal for SimpleTag handlers (luehe)

Webapps

Fix many tests (see bug 21731), partially submitted by Peter Rossbach (remm) Added link to FAQ and Wiki on the introduction page of the docs (funkman) Update docs for AccessLogValve (funkman) Update docs index according to the menu changes (remm) Add some Windows setup documentation (remm) Allow a WAR uploaded using the HTML manager to contain a META-INF/context.xml context file, for consistency with the Ant deploy task (remm) Remove work directory when undeploying a web application using the manager (remm)

General

19912, 19939, 19940, 19941: Many small typo fixes in resources, submitted by Chris Pepper (yoavs) Upgrade to commons-fileupload 1.0 (remm) Upgrade to Struts 1.1 (remm) Improve packaging to reduce total size of the Tomcat download (remm)

Catalina

Cleanup Catalina and subcomponents Javadoc generation (remm) Fix NPE in ApplicationHttpRequest when the object is created by a named dispatcher (jfarcand) Escape '/' in the configFile name of a context, and strip out leading '/' (remm) Initialize the context mapper after starting the context so that the welcome files are correctly set (remm) 19607: Remove Context XML descriptor on undeploy (remm) 4829: Improve deployer so that the unpackWARs flag value is respected regardless of how the context is deployed (remm) If a context XML file is added for an existing context, or if the context XML file is updated, the context will be redeployed (remm) Add logging on initialization of the URL stream handler (remm) Add some Coyote inner classes to the preload list (jfarcand) Remove session recycling, which was previously disabled after security concerns were raised (remm) Implement proper handling of the context docBase when it is deployed from a context XML descriptor, using a new custom digester rule (remm) 21419: Fix failure to start context when the Context element is included in server.xml, submitted by Torsten Fohrer (remm) The pathinfo needs to be set in the ErrorDispatcherValve when sreq.getAttribute(Globals.EXCEPTION_ATTR) returns null and also non null (jfarcand) 21045: Update the message keys of the manager servlet (remm) In the manager servlet, use the configFile when undeploying, to properly remove the config file even if it does not match the context path (remm)

Coyote

Allow '*' as a valid URL (keith) Add support for enabling subset of supported SSL cipher suites (luehe) Add support for enabling subset of supported SSL cipher suites in JSSE implementation (luehe) Wrap encodeURL method call inside a doPrivileged block (jfarcand) Add support for mapping host aliases (remm) 21219: Close the HTTP connection after certain error codes, or an unexpected exception, similar to HTTPd behavior (billbarker) Add support for enabling subset of supported SSL cipher suites in PureTLS implementation (billbarker)

Jasper

Improve web.xml insertion code so that the order of elements is respected (remm) 19622: Add encoding configuration to JspC (yoavs) Remove comments generation when JspC is including mappings into web.xml, so that character coding issues are avoided (remm) Support regenerating the web.xml with JspC without manually removing the generated servlet mappings (remm) Add detailed message about a likely Javac configuration problem whenever compilation fails and all messages and traces are empty (remm) Allow the "value" attribute of <jsp:param> action to be non- String types (kinman) Improve rare error message when static including fails (remm) 21067: EL expression that returns an array causes compilation error (kinman) 21440: Partial fix for <jsp:include> whose target performing a 'forward' does not behave as expected (luehe)

Webapps

Remove parallel initialization of the admin webapp, which is not a best practice pattern (remm) Add deployer documentation (remm) Add some documentation on the JMXProxy servlet (funkman) Fix broken Javadocs links (remm) Add a bugzilla query for all open TC 5 bugs, hoping people will help address them (remm) Update Host documentation based on the new and updated flags (remm)

General

Upgrade to commons-el 1.0 (remm) Split main Catalina JAR, and move i18n related resource files to separate JARs (remm) 19808: Add the sit MIME mapping (funkman) 20263: Fix problems running Tomcat with procrun as a Windows service, submitted by Mladen Turk (remm) Package Unix source from commons-daemon in the Tomcat distribution, so that the Unix wrapper can easily be used if needed (remm) Upgrade to commons-fileupload 1.0 RC 1, submitted by Martin Cooper (billbarker) Fix the netbuild (remm) Specification schema changes, submitted by Mark Roth (kinman) Many tag handling specification clarifications, submitted by Mark Roth (kinman)

Catalina

Fix JMX registration order again during context startup: the object name is constructed before the pipeline initialization, but the JMX registration only occurs after the context is started (remm) Properly close WARs after expanding them in the deployer (remm) Fix handling of invalid WARs during auto deploy, which will be logged as a simple WARN without a stack trace, and reattempt deployment later (remm) Dig as deep as possible to display possible nesting of ServletExceptions (funkman) Fix NPE exception in classloader when an invalid war file is deployed (jfarcand) Container incorrectly processes invalid URL patterns in jsp-property-groups (jfarcand) Add optional XSL processing to the output of the default servlet, as well the ability to include a readme file, similar to Apache (funkman) Remove bundled support for Tyrex (remm) Comment out invoker servlet declaration (remm) Move context descriptors to $CATALINA_BASE/conf/[engine name]/[host name] to make the feature more secure (remm) Update the host properties: liveDeploy becomes autoDeploy (dynamically deploy and update web applications), and autoDeploy becomes deployOnStartup (deploy webapps from appBase on startup) (remm) Remove thread local caching in the default servlet, which was causing a memory leak (remm) Add a mechanism to allow the classloader to release JAR file handles periodically (remm) 20758: Remove a number of leaked references to the context object, so it can be properly garbage collected when the application is removed (remm) Do JMX registration of the context before starting the pipeline (remm) Replace Catalina TLD-inside-JAR parsing code with a file based algorithm (remm) ServletContext.getResource for a JAR resource located inside /WEB-INF/lib will return a file based URL (remm) The special directories /WEB-INF/classes and /WEB-INF/lib are now considered to be non cacheable, in order to conserve cache space (remm) Clear out constructs used for classloading, after a class has been successfully loaded (remm) Generalize WAR unpacking, based on the unpackWARs flag (remm) Track WARs for changes when WARs are unpacked: if the WAR is updated the web application will be redeployed (remm) Remove CertificatesValve, as it is useless with Coyote, and introduces a hard dependency on JSSE (billbarker) Add caching mechanism for invocation of methods using privileged actions (jfarcand) 20380: AccessLogValve incorrectly calculates timezone, 16374: Date in file name configurable, 16400: Allow logging to be conditional (funkman) W3C Extended Log File Format support (funkman) Refactor FORM using a forward, based on the patch by Jeff Tulley (remm) Properly set the wrapped request dispatcher state, submitted by Jan Luehe (remm) Have all contexts inherit Embedded's logger (luehe) Add logging of unexpected exceptions occuring during reference resolution (remm) unbindClassLoader was throwing NPE when newly added context was removed (amyroh) Fix Gump failure by copying the Ant JAR manually (jfarcand) Update confidential HTTPS redirection without using an actual URL, which has a hard JSSE dependency (remm) Include updated clustering code (fhanik, remm) Remove useless typecasts in the main processing pipeline, and make critical methods final, to enforce the Catalina design pattern (remm) Request dispatcher optimizations, based on the belief that wrapping is only needed (if at all) for the special attributes (remm) Major filter mapping optimization, using simple String region matching, as well as synchronization removal (remm) Add new callback on the container interface to process any background task the container may have (backgroundProcess), as well as a new backgroundProcessor attribute (default value: 10s for the engine container, and -1 for all others, so that only the engine has an associated thread) (remm) Refactor application reloading, deployment handling and session expiration to be able to use a single thread per Catalina engine, opposed to one thread per feature per webapp or virtual host; this should save resources and make Tomcat suitable for large scale web hosting; individual containers can still "own" their own reloading thread if they need to (remm) Fix a bug where the context is not registered again in JMX after a stop/start, which would break mapping (remm) Implement context reloading as stop, followed by start, in an attempt to avoid code duplication and clear user confusion on what a reload exactly does (remm) Pass the request URI as a parameter to the request dispatcher, as this avoids rebuilding it (remm) Unify the way we shutdown the server, and fix a classloading problem when the digester files are under common/lib instead of server/lib (jfarcand) Do not register a StandardContext instance when the context is stopped (undeployed) (remm) Remove the old Catalina mapper (remm) Switch to the "new" mapper for request dispatcher mapping (remm) 20018: ErrorPage directive doesn't work for HTTP error codes (400,500,..) (remm) Remove synchronized block on the request dispatcher wrapper request, submitted by Remy Maucherat (jfarcand) Allow the getAttribute() method access to the wrapped request object (like setAttribute/removeAttribute) (jfarcand) Add the rest of missing attributes for j2eeType=WebModule and Servlet (amyroh) Remove redundant commons-beanutils JAR (remm) Isolate the validating digester creation so that the code can be reused (remm) Fix to unregister valves that are other than Lifecycle - RequestDumperValve (amyroh) Service.removeConnector doesn't unregister connector mbeans; call connector.destroy to unregister (amyroh) Return null for objectName when initialization fails (amyroh) Make objectName attribute visible for j2eeType=Servlet mbean (amyroh) Register valve in JMX even if it's not an instance of Lifecycle (amyroh) Add support for OS/400 in the Catalina shell scripts, submitted by Robert Upshall (jfclere) Improve logic for setWrapper call for privileged webapps (costin)

Coyote

Fix access to the remote address of a request object with JMX (remm) Fix CLIENT-CERT authentication when using PureTLS (billbarker) Allow setting arbitrary attributes on the HTTP/1.1 protocol handler (billbarker) Improve support for JSSE 1.1.x, and refactor introspection code in the factory (billbarker) RFC 2109 cookies with quoted values are not processed properly (luehe) Check for the existence of the class before trying to load the JK adapter to avoid useless error logging (funkman) Fix the request state to allow the use of the request dispatcher from outside the filter pipeline (remm) Commit the response even if the buffer is empty when flushing (remm) ServletResponse.getLocale returns en_US instead of container (luehe) Filter out CRLF from the message text (remm) Pass through all connector parameters to the Coyote protocol handler, which will allow custom initialization parameters for SSL, for example (billbarker) Remove duplicate request field in the response object (remm) Correctly handle redirects sent by the mapper (remm) In the mapper, initialize the Context when the object is created (remm) Add removeWrapper similar to addWrapper to the mapper (remm) Refactor very slightly the mapping algorithm and the mapper so that it can do context level mapping (remm) 19991: Make sure that the SSL-Cert Note gets recycled before processing the request (billbarker) Changing to do lazy evaluation of the Servlet-Spec's SSL-attributes (billbarker) 19958: IS.read() was actually accessing the char buffer, instead of using the readByte method which correctly uses the byte buffer (remm) Get rid of the warning in the logs when no Client-Cert is available (jfarcand) Fix the server user-agent String to be compliant with the HTTP standard (remm) Add new more explicit keep alive property based on the maxKeepAlive value (remm) 19904: Don't search the query-string or anchor-tag for the protocol (billbarker) Robustness: catch exceptions which can occur in prepareRequest (remm) ServletResponse.getCharacterEncoding() doesn't return the value specified (luehe) Incorrect handling of ServletResponse.setLocale (luehe) Add AOL Server support to JK 2, submitted by Alexander Leykekh (mturk) Fix javadoc generation for the connectors (costin)

Jasper

20894: body-content value of "JSP" should be error if SimpleTag (kinman) Switch back to JSPC forking being false by default (remm) Default Jasper to not using caches for opening JAR files, which prevents caching (and subsequent locking on Windows) at the JDK level (remm) Don't generate a smap for <jsp:attribute> itself, though maps are still generated for its body (kinman) In a template text, the chars after '$' are not handled correctly (kinman) Only do the security init if there's a security manager (remm) JSP caches tests failed - JSP compilation error (luehe) Close JARs after parsing their TLDs, regardless of whether the JAR contains any packaged tag files (luehe) In JspUtil, path is slash, even on windows (kinman) Expose root cause of ELExceptions when no error page is defined (luehe) Include <jsp:param> when checking if a page is scriptless, submitted by Michael Walker (kinman) Set correct class path for tag files, submitted by Michael Walker (kinman) EL evaluation error no longer discloses root cause (luehe) Exceptions not propagated to JSP error pages (luehe) Make sure that the output directory exist, in case it was removed (kinman) 'xmlns' attributes that do not represent tag libraries are subject to TLD check (luehe) Jasper *always* passes initial response character encoding to ServletResponse (luehe) 19713: Define "request" the out of line method when there is a <jsp:param> in the body of a custom tag (kinman)

Webapps

Add placeholder code for a complete status display in the Status servlet, including webapps statistics (remm) Fix WAR handling when deploying and undeploying webapps using the HTML manager (remm) Add documentation on the default servlet (funkman) Update information of the proxy documentation page (funkman) Update the manager servlet to support versioning with the deploy method, in addition to other smaller refactorings (remm) Add changelog, status, and developers list (remm) Remove checkInterval attribute since it no longer exists (amyroh) Use getSession(true) in the session example (remm) Update documentation index, to reflect the docs structure (remm) Disallow more than one SingleSignOn valve per service (amyroh) Unregister context and loader mbeans if it fails due to missing directory (amyroh) Fix to return an error page instead of error stack trace when a user tries to create a context without creating a directory first (amyroh) Update manager documentation according to the new behavior (remm) Disable realm operations for engine until JAAS realm is supported in admin (amyroh) Use a book-like structure for the user related documentation (remm) Add new deployer documentation (remm) Fix MySQL JDBC connection example (glenn) Add proper MIME types for the content the JSPX examples generate, submitted by Mark Roth (kinman)

Deployer

Deprecate install and remove tasks (remm) Add new properties to the deploy task to allow for versioning and updating (remm) Generate minimal catalina-deployer JAR for use with the deployer (remm) New validator task, for use with the deployer (remm) Rename deploy.xml to build.xml for ease of use (remm)

Tomcat 5.0.x branch point based on the Tomcat 4.1.7 codebase (remm)