The Apache Tomcat Servlet/JSP Container

Apache Tomcat 6.0

Apache Logo


User Guide


Apache Tomcat Development

Apache Tomcat 6.0


Tomcat 6.0.20 (remm)
fix 42579: Handle both relative and absolute search results in the JNDIRealm. Patch provided by Brandon DuRette. (markt)
fix 46562: Close shtml files after processing to allow other processes to modify the files. (markt)
fix 46815: Make the MemoryUserDatabase read-only by default. (markt)
fix 46816: Align session manager mbean descriptor with implementation. (markt)
fix Fix a typo in the OPTIONS response from the default servlet. (markt)
fix 46822: Remove unnecessary object creation from StandardContext. Patch provided by Anthony Whitford. (markt)
fix 46866: Better initialisation of Random objects. (markt)
fix 46875: Catch and handle possible IllegalStateExceptions in CometConnectionManagerValve related to session expiration. (markt)
fix Correct some errors reported when testing the WebDAV servlet with the Litmus test suite. (markt)
update 46933: Update StringManager to use Java 5 features. Patch provided by Jens Kapitza. (markt)
fix 46990: Fix synchronization issues reported by FindBugs. Patch provided by Sebb. (markt)
update Allow huge request body packets for AJP13. (rjung)
fix 45026: Never return an empty HTTP status reason phrase. mod_jk and httpd 2.x do not like that. (rjung)
update Set remote port for AJP connectors from the optional request attribute AJP_REMOTE_PORT. (rjung)
update Update tc-native to 1.1.16 (markt)
fix 46982: Correct reporting of DST offset in access logs. (markt)
fix 46984: Invalid characters in HTTP request method now result in a 400 response. (markt)
fix 46991: Fix AJP connector always reporting bytes received as zero. (markt)
fix 37929: Fix invalidated session causing pageContext methods to fail. (markt)
fix 41606: Prevent double initialisation of JSPs. Patch provided by Chris Halstead. (markt)
fix 46354: ArrayIndexOutOfBoundsException when using org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true Patch provided by Konstantin Kolinko. (markt)
fix 46909: Only include semi-colon in type attribute for <jsp:plugin> when it is required. (markt)
fix 47013: Use system property rather than hard-coded string for pre-compilation flag. (markt)
fix A node should ignore its own heartbeat messages. (rjung)
fix 46509: Use correct link on error page in JSP security example. Patch provided by Michael Moody. (markt)
fix 46599: Document known DAEMON issue. (markt)
fix 46807: Correct docs for configuration of tag pooling. (markt)
fix 46924: Clarify behaviour when auto deployment is enabled and a WAR, directory or context file is deleted or updated. (markt)
fix 46958: All xml manager status output to work regardless of context path. (markt)
fix 46351: Refactor the build script. Patch provided by Marc Guillemot. (markt)
fix 46910: Properties files corrupted by build process. (remm)
fix 46915: When resolving ResourceBundle properties, don't claim to have resolved the property unless we really have resolved it. (markt)
fix Fix .pdf and .exe corruption in -src.tar.gz distribution. (markt)
add Enable running Tomcat directly from the build directory on linux systems. (markt)
Tomcat 6.0.19 (remm)
update Manager application prints FAIL if application was deployed but failed to start (fhanik)
update When shutdown port is disabled, print user friendly message and not a stack trace. (fhanik)
fix 37458: Correct sync issue that leads to NPE in rare circumstances. Patch provided by Konstantin Kolinko. (markt)
fix 38553: Return 401 rather than 400 if client does not present a certificate CLIENT-CERT authentication. (markt)
fix 38570: When checking docBase against appBase, make sure we check for an exact match against the appBase. (markt)
fix 39013: When testing for invalid docBase, test for an exact match with the appBase dir. (markt)
fix 39396: Don't include TRACEE in OPTIONS response unless we know it hasn't been disabled in the connector. (markt)
fix 42747: Ensure context.xml takes effect on first deployment for WAR and DIR deployments. context.xml is now copied to CATALINA_BASE/<engine name>/<host name> for DIR as well as WAR deployments. (markt)
fix43071Start poller before acceptor (r719267)
update Fix read/write timeout of async comet operations (r719264)
update Implement async close behaviour for Comet/NIO. No-op for APR (same behavior as before) (r719262)
fix Default thread count for HTTP connectors is 200. (r713186)
fix Comet should always invoke END and properly invoke READ (r713174)
fix Fix class cast exception when shutting down a replicated context but no cluster has been configured in server.xml (r713177)
fix Dererence socket when its no longer used. Frees up socket buffers and memory. No functional change. (r713175)
fix Correct wrong "No role found" debug message, logged in RealmBase even if a role was found. (rjung)
fix44809Improve AprLifecycleListener Error Messages. (jfclere)
fix Log AccessControlException for context specific logging.properties during startup with security manager. (rjung)
add 41407: Add CLIENT-CERT support to the JAAS Realm. (markt)
fix 42409: Make custom and standard error page handling consistent by using resetBuffer() which will not alter previously set headers. (markt)
fix 42673: Fix SSI virtual includes for multi-level contexts. Patch provided by Peter Jodeleit. (markt)
fix 42707: Make adding a host alias via JMX take effect immediately. (markt)
fix 43656: Correct regression in previous fix for this bug. Patch provided by Nils Eckert. (markt)
fix 45419: Set Accept-Ranges for static resources served by DefaultServlet. (markt)
fix 45441: Correctly map filters for FORWARD and INCLUDE. (markt)
fix 45447: Convert Spanish resource files to use UTF-8 and provide translations where previously missing. Patch provided by Jesus Marin. (markt)
fix 45453: Remove potential race condition in JDBC Realm. Based on a patch by Santtu Hyrkk. (markt)
add 45576: Add DIGEST support to the JAAS Realm. (markt)
fix 45585: Allow Tomcat to start if using $CATALINA_BASE but not JULI. Patch based on a suggestion by Ian Ward Comfort. (markt)
fix The JAAS Realm did not assign roles to authenticated users. (markt)
add Provide full stacktrace and message when the ErrorReportValveClass can't be instantiated. (funkman)
fix 45608: Make allocated servlet count synchronized to ensure the correct allocated servlet count is available during shutdown. (markt)
fix 45628: When checking MANIFEST dependancies, JARs without dependencies should allows be considered to be full-filled. (markt)
fix 45735: Improve ETag handling. (remm)
fix 45785: Ignore directories named xxx.jar in WEB-INF/lib. (markt)
fix 45823: Log missing request headers as '-' not 'null'. Based on a patch by Per Landberg. (markt)
fix 45825: Correctly handle annotations in parent classes. Based on a patch by Florent Benoit. (markt)
fix 45906: Further ETag handling improvements. Patch provided by Chris Hubick. (markt)
add Add the CombinedRealm that enables authentication to be attempted against multiple realms. (markt)
add Add the LockOutRealm that enables a standard Realm to be wrapped with the functionality to lock out a user after too many failed logins. (markt)
add Make the upper size limit of the static resource cache configurable since the default of cacheMaxSize/20 gave too high a value for large caches. (markt)
fix Fix HTML decoding error in SSI processing. (markt)
fix Fix cast error in JULI log factory. (markt)
fix Fix some thread safety issues in date formatting. (markt)
fix Fix a String comparison bug in the digester property replacement that resulted in non-optimal operation. (markt)
fix Correct handle multi-level contexts defined using context.xml files. (markt)
fix 45933: Don't use xml parser from web-app to process tld files. (markt)
add 45951: Support changing of JSESSIONID cookie name and jsessionid path parameter name. Based on a patch by Jean-frederic Clere. (markt)
fix 46011: Make Principal accessible (if set) via Subject.getSubject(AccessController.getContext()) when processing filters. Based on a patch by tsveg1. (markt)
fix 46075: When uploading files, don't create buffers at the maximum configured size. Use the default size and let the buffers grow to the maximum size if necessary. (markt)
fix 46085: Fix a rare thread safety issue with session expiration. (markt)
fix 46096: Support annotation processing whilst running under a security manager. (markt)
fix The invoker servlet has been deprecated and will be removed in Tomcat 7 onwards. (markt)
fix 46105: Correctly set URI encoding when replaying a request after FORM authentication. (markt)
fix Remove unnecessary reference to commons-logging from the bootstrap JAR manifest. (markt)
fix 46232: Enabled the XMl parser to be over-ridden using the standard endorsed mechanism. (markt)
fix 46261: Treat %2F in a context name literally rather than converting it (inconsistently) to '/' - that is what '#' is for. (markt)
fix 46298: Throw an SQLException with a useful message rather than a NPE if the URL for the JDBCRealm is invalid. Based on a patch by Owen Jacobson. (markt)
fix 46304: Further fixes to make Principal accessible (if set) via Subject.getSubject(AccessController.getContext()) when processing filters. (markt)
fix 46403: Provide a workaround for an IE and Safari bug that means the Max-Age attribute of a cookie is ignored. (markt)
fix 46408: Fix invalid cast in security utility package. (markt)
fix Remove duplicate normalisation implementations and make normalise behaviour consistent throughout code base. (markt)
fix 46683: Fix typo in French localisation file name for the org.apache.catalina.loader package. (markt)
fix 46606: Make the max DEPTH for a WebDAV request configurable. The default is still 3. (markt)
add 44382: Add support for using httpOnly for session cookies. This is disabled by default. (markt/fhanik)
fix Fix possible NCDFE when using FORM authentication. (jfclere)
fix Fix possible synchronisation bottleneck in cookie creation. (markt)
fix Fix various spelling errors reported on the mailing lists. (markt)
add Make the logging manager and properties file configurable via environment variables. (fhanik)
fix45154 Implement SEND_FILE behavior for SSL connections using NIO (fhanik)
update Fix file descriptor leak during NIO send file behavior. (fhanik)
update Implement usage of keyAlias attribute for NIO, previously attribute was ignored. (fhanik)
update Prevent server from calling close on an already closed NIO socket. One that had timed out. (fhanik)
update Fix bug with SEND_FILE behavior in NIO. Send file would delay until selector timed out, even though socket was ready to be written. (fhanik)
update Fix possible NPE in NioEndpoint.java (fhanik)
update Update tc-native to 1.1.15 in build.properties.default (jfclere)
fix 43327: Socket bind fails when using APR on a system with IPv6 enabled but no explicit IPv6 address configured. (markt/jfclere)
add 44285: Make the SSL session cache size and timeout configurable. (markt)
fix 45074: Add configuration parameters to enable the tuning of sendfile and poller thread count in the APR HTTP connector. Patch provided by Alex Barclay. (jfclere/markt)
fix 45528: Add detection for invalid SSL configuration to prevent infinite logging loop on start-up. (markt)
fix 45591: NPE on start-up failure in some cases. Based on a patch by Matt Passell. (markt)
fix 46077: Expose deferAccept for configuration. Patch provided by Michael Leinartas. (markt)
add Don't swallow input if we know the connection is going to be closed. (billbarker)
fix 46125: Return a status code of 400 if the request headers are too large. (markt)
fix Make certain that classes are first loaded by trusted code when working in a sandbox. (billbarker)
add Log a message if we reach maxThreads in a connector thread pool. (markt)
add Enable the thread pool limits to be modified via JMX. (markt)
fix Fix HTTP/1.0 redirects handling with APR AJP connector. (remm)
fix 46666: keepAliveTimeout should be used regardless of setting of disableUploadTimeout. (markt)
fix 36923: Treat EL expressions as template text is EL expressions are disabled. (markt)
fix 37515: Support 1.6 and 1.7 as source and target for compilation. (markt)
fix ClassCastException in EL ExpressionBuilder. (rjung)
update Use more generics in EL to improve type safety. (rjung)
fix Use a lookahead to remove potential ambiguity in EL parsing. (markt)
fix Correct typo in JSP EL examples. (markt)
fix 38197: Take account of jsp:attribute elements when pooling tags. (markt)
fix 42077: Ensure the iterator returned by javax.el.CompositeELResolver#getFeatureDescriptor() skips any null FeatureDescriptors. Patch provided by Mathias Broekelmann. (markt)
fix 42693: Fix JSP generation error with recursive tag file structure. (markt)
fix 45427: Correctly handle unmatched quotes in EL expressions. (markt)
fix 45511: The failure of the empty keyword was a regression caused by the previous fix for 42565. The original fix for 42565 has been reverted and a new fix applied. (markt)
fix 45648: Don't trim the last character when parsing the EL namespace. (markt)
fix 45666: Prevent infinite loop on include. (markt)
fix 45691: Prevent generation of duplicate variable names when generating code for JSPs. (markt)
fix Correct signed/unsigned conversion error in ASCII parsing. (markt)
fix Fix various edge-cases when parsing EL, particularly inside attribute values. Note the the Expert Group has confirmed that JSP.1.6 takes precedence over JSP.1.3.10. Therefore EL in attributes must be escaped twice. (markt)
fix 46047: Include the path to the JAR when recording dependencies that are located inside a JAR file. Patch provided by Cédric Mailleux. (markt)
fix 46381: Composite expressions used for attribute values must be coerced to Strings. (markt)
fix 46397: Don't pool tag instances that implement JspIdConsumer. (markt)
fix 46462: Limit package test to just the o.a.jsp package to allow use of packages such as o.a.jspwiki. (markt)
fix 46471: Fix naming clash when tags in different libraries have the same name. (markt)
fix 46564: Make page encoding check for tagx compilation case-insensitive. (markt)
add Prevent NPE for ReplicationValve (pero)
add Provide TCP only start-up option when using static membership. (fhanik)
add Document the multicast recovery options. (fhanik)
add 45261: Add a new SimpleCoordinator for tribes provided by Robert Newson. (markt)
fix 45618: Make sure NIO selector is closed when no longer used. Unlikely to be an issue in normal usage. (markt)
fix 45851: Fix out of order message processing issues with the FarmWarDeployer. (markt)
fix Fix small memory leak in FarmWarDeployer. (markt)
fix 46357: Corrected test for host's parent must be an engine. (markt)
fix Fix so that JvmrouteBinderValve can rewrite session suffix with parallel requests from same client. (pero)
fix 45940: Correct name of username attribute for JDBC resources in JNDI how to. (markt)
fix 46035: Fix multiple typos in monitoring how to. (markt)
fix 46067: Fix typos in Advanced IO how to. (markt)
fix 46115: Correct Manager UI to show that path is required when using the deploy command. (markt)
fix 46121: Add note to manager documentation regarding possible naming clash with new Ant 1.7 resources datatype and how to avoid it. (markt)
fix Remove unsed parameters from Native/APR example connector configuration in docs. (markt)
fix Use CSS based solution for printer-friendly docs. Patch provided by vitezslav.smid as part of GSoc with additional work by Tim Funk. (markt)
fix Update the FAQ linsk in the docs to refer to the wiki. Use xlst task rather than style task to generate docs. (funkman/markt)
fix Document the LifecycleListeners. (markt)
fix Fix broken URL mapping in the examples. (markt)
fix 46563: Update doc for correct default for pollerThreadCount. (markt)
fix 46600: Document maxKeepAliveRequests for the NIO connector. (markt)
fix Fix CVE-2009-0781. XSS in calendar example. (markt)
fix 41861: Update service name to Apache Tomcat 6 to prevent conflicts with previous major Tomcat versions. (markt/rjung)
fix 45852: Add special handling for cp932 (aka ms932) when creating tomcat-users.xml with Windows installer. (markt)
fix 45878: Restore manifest, licence and notice files to the jsp and servlet jars. (markt)
fix 45879: Move NOTICE file from documentation webapp to the installation directory. (markt)
fix Add a workaround for DBCP-191. Tomcat will now build without error on a 1.6 JDK but because it does this by skipping DBCP, release builds must be generated with a 1.5 JDK. (costin/markt)
fix 46366: Correct information in RUNNING.txt regarding use of CATALINA_HOME and CATALINA_BASE. (markt)
fix Use more useful JPDA defaults in catalina.bat. (markt)
fix Correct error in 2.5 web-app XSD.
Tomcat 6.0.18 (remm)
fix 42727: Correctly handle request lines that are exact multiples of 4096 in length. Patch provided by Will Pugh. (markt)
fix 42678: Only ignore docBase if it really is a subdir of appBase. Patch provided by juergen. (markt)
fix 42722: Possible NPE in CGI Servlet. (markt)
update 45285: Look for annotations in class hierarchy. (markt)
fix Add additional checks for URI normalization. (remm)
fix 42565: Make EL ternary expression without space before colon work. Patch provided by Lucas Galfaso. (markt)
update 45323: Add note that context.xml files can only contain a single Context element. (markt)
update 45317: Properly document and log the value of the state transfer timeout flag (fhanik)
update 45332: Specify the correct encoding (the current Windows code page) rather than assuming UTF-8 when creating tomcat-users.xml with the Windows installer. (markt)
Tomcat 6.0.17 (remm)
update 45315: Add Unix support for NSIS. (remm)
fix45272: Put in work around for Internet Explorer not accepting a quoted Path: value using the Set-Cookie header (fhanik)
fix APR connector now adds connection to poller after using send file. (remm)
update Add ManagerBase session getLastAccessedTimestamp and getCreationTimestamp for better remote JMX access. (pero)
update Expose alwaysSend flag for message dispatch interceptor. (fhanik)
fix 29936: Create digesters and parsers earlier so we aren't using the webapp class loader when we create them. (markt)
fix 42662: Properly resolve reflection proxies during session replication. (fhanik)
fix 42750: Request line should be tolerant of multiple whitespaces. (markt/fhanik)
fix 42934: Change the order of events on context start so contextInitialized() event is fired before sessionDidActivate(). The spec isn't 100% clear on the required order but this seems more logical than the current behaviour. (markt)
fix 43079: Fix identification of suspicious URL patterns. Patch provided by John Kew. (markt)
fix 43080: Log suspicious URL patterns to the correct web app. (markt)
fix 43117: Setting an empty workDir could result in all of CATALINA_HOME being deleted. Patch provided by Takayuki Kaneko. (markt)
fix 43142: Don't assume a directory named xxx.war is a war file. (markt)
fix 43150: Allow Tomcat to start correctly when installed on a path that contains a # character. (markt)
add The fix for 43285 had the side-effct of coercing null values to zero. This side-effect has been made configurable with a system property, org.apache.el.parser.COERCE_TO_ZERO which defaults to true. Patch provided by Nils Eckert. (markt)
fix 43343: Correctly handle requesting a session we are in the middle of persisting. Based on a suggestion by Wade Chandler. (markt)
fix 43425: Make annotations spec compliant. Patch provided by Dain Sundstrom. (markt)
fix 43470: Fix various class cast exceptions. Based on a patch by Lucas Galfaso. (markt)
fix 43578: Fix startup when installation path contains a space. Patch provided by Ray Sauers. (markt)
fix 43683: Fix 404 that could occur if a Servlet is accessed while the context is reloading. (markt)
fixExtendedAccessLogValve cs-uri not print empty querystring. (pero)
update ServletContext.getResource("noslash/resource") only requires forward slash if STRICT_SERVLET_COMPLIANCE flag is set to true. This mimics the behavior of 6.0.15 and earlier. (fhanik)
fix 44021: Add support for using the # character to define multi-level contexts in WARs and directories in the appBase. (markt)
fix 44282: Fix TRACE level class loader logging message when a security manager is used. (markt)
fix 44337: Dir listing crashes if no readme-file present. (funkman)
fix If listener declared in web.xml, only add it once. (funkman)
fix Fix NPE when iterating through sessions for expiration. (fhanik/jim)
fix 44380: Don't scan non-file URLs for TLDs. Patch provided by Florent Benoit. (markt)
fix 44389: Fix memory leak that occurred if using a RequestDispatcher. Patch provided by Arto Huusko. (markt)
fix 44529: Correct handling of resource constraints so no roles (deny all) overrides no aoth-constraint (allow all). (markt)
fix 44562: HEAD requests cannot use includes. Patch provided by David Jencks. (markt)
fix 44595: Add possibility to request the QueueSize of an executor via JMX. (jfclere)
fix Fix CGI Servlet so it correctly reads the environment variables on Vista. (markt)
fix 44611: DirContextURLConnection didn't implement getHeaderFields(), getHeaderField(String name) was case sensitive and returned "" rather than null for header values that did not exist. Patch provided by Chris Hubick. (markt)
fix 44633: Provide a more helpful error message if a class can't be loaded due to a version error. (rjung/markt)
fix 44646: Correct various issues, including an ISE, in CometConnectionManagerValve. (markt)
fix 44673: ServletInputStream is no longer readable once closed. (markt)
fix Better handling of lack of permission for context specific logging. (markt)
fix Add permission required to read JDK logging config. (markt)
fix Update web.xml to reflect packaging of SSI and CGI. (markt)
fix Add missing access check for ThreadWithAttributes. (markt)
fix 44833: Correctly override StandardSession methods from DeltaSession. (fhanik)
fix 44943: Use the same engine name in server.xml comments to reduce copy and pastes issues. (markt)
fix 44988: Use Java5 syntax for debug options. Patch provided by Cedrik Lime. (markt)
fix 45101: Format header dates obtained from DirContextURLConnection as per the HTTP spec. Patch provided by Chris Hubick. (markt)
add A new valve, org.apache.catalina.valves.WebdavFixValve, that forces MS clients connecting to the WebDAV Servlet on port 80 to use a client that works rather than the default broken one. (markt)
fix 45195: Passing in null into setAttribute or removeAttribute cause NPE. (markt)
update NIO: Fix bug in NIO sendfile, symptoms during heavy traffic is that connection don't get closed. For previous versions, one can disable sendfile to work around the problem. (fhanik)
update APR: Allow to specify the "random device" to use to collect the entropy. (jfclere)
update Fix NIO/SSL live lock during client disconnect. (fhanik)
fix Fix possible ArrayIndexOutOfBoundsException. Patch provided by Charles R Caldarale. (markt/jim)
update Add support for keystore types that do not need a file. Based on a patch by Bruno Harbulot. (markt)
update 43094: Allow specification of keystore providers. Based on a patch by Bruno Harbulot. (markt)
fix 43191: Make it possible to override the defaults with the compressableMimeType attribute. Based on a patch by Len Popp. (markt)
fix 44391: Correct handling of escaped values in SSI processing. (markt)
fix 44392: HTML entities now handled correctly in SSI processing. (markt)
fix 44558: Improve error message so address is included if binding fails. (markt)
fix 44494: Character input limited to 8KB. (remm)
fix 44620: Infinite loop in NIO connector. (markt)
fix 44785: Correctly document default maxThreads for AJP connector. (markt)
update Log errors for AJP signoffs at DEBUG level, since it is harmless if mod_jk has hung up the phone. (billbarker)
fix 44968: Provide more information when the load of a keystore fails. (markt)
fix 31257: Quote endorsed dirs if they contain a space. (markt)
fix 42943: Make sure nested element is inside <jsp:text> element before throwing exception. (markt)
fix 43617: Correctly escape attribute values in tag files. Based on a patch by Lucas Galfaso. (markt)
fix 43656: Fix various numeric coercion bugs. Includes a patch by Nils Eckert and fixes related issues identified in a test case provided by Konstantin Kolinko. (markt)
fix 43741: Correctly handle dependencies for tag files in JARs. (markt)
fix 44408: Reduce synchronisation when evaluating EL expressions. Patch provided by Robert Andersson. (markt)
fix 44428: Fix possible NPE during serialization. (markt)
fix 44766: EL doesn't coerce custom Number subclasses. (markt)
fix 44877: Prevent collisions on tag pool names. (markt)
fix 44986: Make page encoding consistency checks case-insensitive. (markt)
fix 44994: Enable nested conditional expressions in JSP EL. Patch provided by James Manger. (markt)
fix 45015: You can't use an unescaped quote if you quote the value with that character. (markt/fhanik)
add Add HTML filtering of error messages for included resources in case the app has tried to include an unsafe URL that does not exist. This is really an app responsibility but the filtering has been added for XSS safety. (markt)
update Update documentation to use correct version number, correct file paths and to use $CATALINA_BASE rather than $CATALINA_HOME where applicable. (markt/jim)
add Add a section on available system property configuration options. (markt)
fix Amend the JNDI datasource doc to reflect new value for no limit used by updated commons-pool and commons-DBCP. (markt)
fix 43333: Fix errors in sendfile documentation. (markt)
fix 43366: Provide backwards compatibility for manager sessions command. (markt)
fix 44541: Document packetSize attribute for AJP connector. (markt)
fix 44715: Document secret attribute for AJP connector. (markt)
fix Fix some links in the ROOT application that are broken if ROOT is renamed. (markt)
fix Align the Realm documentation so that both the configuration and the how-to are consistent. (markt)
fix 45277: Fix typo in logging docs. (markt)
fix 45212: AbstractReplicatedMap.entrySet() now returns entries rather than vaules. (markt)
fix45279Properly close multicast socket.
update Fix session replication dead lock during non sticky load balancing. (fhanik)
add Improve the Tests for unit tests for the cookie issues. (jfclere)
fix Fix build for JavaDoc. Patch provided by Stephen Bannasch. (markt)
fix 44955: Use correct location for endorsed directory in Windows installer. (markt)
Tomcat 6.0.16 (remm)
update Update commons-logging to version 1.1.1 and the NSIS installer to 2.34. (markt)
update Update to commons-pool version 1.4, native version 1.1.12 and update the download location for the commons libraries. (markt)
update Change chunked input parsing, always parse CRLF directly after a chunk has been received, except if data is not available. If data is not available for CRLF parsing, we run into BZ 11117, and must defer the parsing of CRLF to the next read event. This fixes the incorrect blocking when using CometProcessor and the draining data during the READ event where it before would block incorrectly waiting for the next chunk (fhanik)
update The CometProcessor interface now extends the javax.servlet.Servlet interface(fhanik)
fix Fix CVE-2007-5342 by limiting permissions granted to JULI. (markt)
update Fix handling of CometEvent.close when called during BEGIN event (fhanik)
fix 43594: Use setenv from CATALINA_BASE (if set) in preference to the one in CATALINA_HOME. Patch provided by Shaddy Baddah. (markt/jim)
fix 43692: Clean up unused entires from build scripts. Patch provided by Paul Shemansky. (markt)
fix 43775: Don't try to change line endings of binary files in the source distribution. (markt)
fix43846: Fix block simulated read and writes causing timeouts. Add non blocking parsing of HTTP request headers. Perf improvements(fhanik)
fix 43957: Service.bat doesn't configure logging correctly. Patch provided by Richard Fearn. (markt/jim)
update Cookie handling/parsing changes! The following behavior has been changed with regards to Tomcat's cookie handling a) Cookies containing control characters, except 0x09(HT), are rejected using an InvalidArgumentException
b) If cookies are not quoted, they will be quoted if they contain tspecials(ver0), tspecials2(ver1) characters
c) Escape character '\\' is allowed and respected as a escape character, will be unescaped during parsing
fix Cookie parsing of $Version regression from 6.0.15 has been fixed
fix The script that builds the windows installer was including additional files due to the way it processes recurrsive file selectors. The selectors have been modified to only include the intended files. (markt)
fix Fix ManagerServlet.expireSessions throws Exceptions as iterate longer session lists at production servers. (pero)
fix38131: WatchedResource doesn't work if app is outside host appbase webapps. Patch provided by Peter Lynch (pero)
updateAdd -Dorg.apache.catalina.tribes.dns_lookups=false as default. The ability to turn off reverse DNS lookups for membership.(fhanik)
fix Set correct StandardManager.sessionCounter after reload/restart. (pero)
fix 42503: ServletContext.getResourceAsStream() could return stale data. Patch provided by Arvind Srinivasan. (funkman/jim)
fix 43236: When resetting the response, also reset the flags associated with using a writer or an output stream to allow the user to change character set after the reset. (markt)
fix 43241: Make ServletContext.getResourceAsStream() conform to the specification. Patch provided by John Kew. (markt)
fix 43530 : doc link fixes provided by Paul Shemansky (funkman)
fix 43675: Fix a possible logging related classloader leak. (markt)
fix43687 Remove conditional headers on Form Auth replay, since the UA (esp. FireFox) isn't expecting it.
fix 43706: WebDAV copy/move now returns 201 on success. Based on a patch by Panagiotis Astithas. (markt)
fix 43840: Include user principal if possible when serializing / de-serializing sessions. (markt)
fix 43868: MBean methods getInvoke and getSetter were broken. (markt)
fix 43887: Make error messages much more helpful when illegal Servlet names are used. Based on a patch provided by Mike Baranczak. (markt)
fix Fix a bug that causes CGI Servlet to fail when it is included. (markt)
update Improve the webDAV Servlet Javadocs to make clear that the WebDAV Servlet can not be used as the default servlet. (markt)
fix 43993: mime mapping for WS-Policy. Patch by Fabian Ritzmann (funkman)
fix 44041: Fix duplicate class definition under load. (markt)
fix 44084: JASSRealm was broken for application provided Principals. Patch provided by Noah Levitt. (markt)
fix 44223: Use the javax.net.ssl.trustStoreType setting if no explicit connector configuration is provided and the property is set. (markt/jim)
update 44268: Log a warning if a duplicate listener configuration is ignored. (markt/jim)
fix 43622: Don't overwrite the min compression size set by the compression attribute with the default. (markt/jim)
fix 43839: URL based session tracking failed when a session cookie from a parent context was present. Based on a patch by Yuan Qingyun. (markt)
fix 43914: URLs in location headers should be encoded. Patch provided by Ivan Todoroski. (markt)
fix 43285: Missing EL Coercion causes argument type mismatch. Patch provided by Bernhard Huemer. (funkman/jim)
fix 43675: Fix a possible logging related classloader leak. (markt)
fix 43702: Inner class files have unnecessarily long names. (markt)
fix 43743: Fix NPE when compiling nest tag files packaged in a JAR. (markt)
fix 43757: Rather than use string matching to work out the line in the JSP with the error, use the SMAP info and the knowledge that for a scriptlet there is a one to one line mapping. (markt/jim)
fix 43758: Fix NPE when scripting elements are empty. (markt)
fix 43909: Make sure locale maps to wrapped ELContext. Patch provided by Tuomas Kiviaho. (markt)
fix 43944: Fix a missing resource exception. (markt)
fix Improve docs for Jasper configuration. Put options in alphabetcial order, add some missing options, deprecate an unused one and address feedback about the page provided on the users list.
fix 43173: Fix typo in logging documentation regarding location of logging.properties. (markt)
fix 43344: Fix typo in if.jsp example. Patch provided by Tim Nowaczyk. (markt)
fix 43468: Fix possible NPE when listing contexts in the Manager application. (markt)
fix 43515: Fix bug in Manager application that may have caused problems when listing contexts. Patch provided by Lucas Galfaso. (markt)
fix 43611: Provide an error message if user tries to upload a war for a context defined in server.xml rather than failing silently. (markt/jim)
fix 43800: Make relationship between APR and the native connector clearer. (markt)
fix 44088: Fix expire session button in manager. (markt)
fix 44094: Add a note about the side effects of configuring a context as privileged. (markt)
update Update JNDI documentation to refer to configuring contexts via context.xml rather than server.xml. (markt/jim)
fix Fix FarmWarDeployer can be only configured as host subelement (pero)
fix Fix wrong && at ReplicationValve (pero)
update Add get/set methods for properties in the Tcp Failure detector. (fhanik/jim)
Tomcat 6.0.15 (remm)
updateFix the MD5 file contents in distribution
update Add ANT script to be able to publish signed Tomcat JAR's to ASF Maven repo (fhanik)
update Use Eclipse JDT 3.3.1. (pero)
updateGuess java location from the PATH environment and improve fix for 37284
updateAdd NIO connector to server.xml parsing warning, remove Connector as exception case
fix43653: Fix SSL buffer mixup when response is unable to write more than socket buffer can handle
fix43643: If connector doesn't support external executor, display warning
fix43641: Property bind multicast address for cluster membership
fix42693: Fix JSP compiler bug
updateAdd mbean descriptor for virtual webapp loader
fix43487: Fix request processing stats
fix 43435: Don't iterate and relocate sessions if they are not part of the map.
fix 43356: Keystore parameter is relative to CATALINA_BASE, Truststore is either defined as parameter, javax.net.ssl.trustStore or if empty defaults to the keystore. SSL Client cert authentication changed from boolean to "true|false|want" (fhanik)
fix 30949: Improve previous fix. Ensure requests are re-cycled on cross-context includes and forwards when an exception occurs in the target page. (markt)
fix 42944: Correctly handle servlet mappings that use a '+' character as part of the url pattern. (markt)
fix 42951: Don't use CATALINA_OPTS when stopping Tomcat. This allows options for starting and stopping to be set on JAVA_OPTS and options for starting only to be set on CATALINA_OPTS. Without this fix, some startup options (eg the port for remote JMX) would cause stop to fail. Based on a fix suggested by Michael Vorburger. Port of r454193 (36976) from Tomcat 5.5.x. (markt,rjung)
add Validation of attributes and elements used in server.xml. (remm)
fix 43175: Fix typos in servlet XSD files. Patch provided by Takayuki Kaneko. (markt)
fix 43216: Set correct StandardSession#accessCount as StandardSession.ACTIVITY_CHECK is true. Patch provided by Takayuki Kaneko (pero)
add Made session createTime accessible for all SessionManager via JMX (pero)
update 43129: Support logging of all response header values at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero)
add Support logging of all response header values at ExtendedAccessLogValve (ex. add x-O(Set-Cookie) to your pattern). (pero)
add Support logging of current thread name at AccessLogValve (ex. add %I to your pattern). Usefull to compare access logging entry later with a stacktraces. (pero)
fix Improve large-file support (more then 4 Gb) at all AccessLogValves, backport from 5.5.25. (pero)
update Optimized JDBCAccessLogValve combined pattern reques