Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Fetching contributors…
Cannot retrieve contributors at this time
242 lines (209 sloc) 10.9 KB
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.
Apache Tomcat 6.0 Patch Proposals
[ start all new proposals below, under PATCHES PROPOSED. ]
[ New proposals should be added at the end of the list ]
* Fix the maven stuff for the maven repo.
Before it does't find tomcat-juli.jar and the remoteRepository seems broken .
+1: jfclere
-1: fhanik - easier to pass in the root path (lib/bin) to the macro instead of hacking around it
if we remove the SCP auto feature, then there should be something to replace it with
+1: kkolinko: +1 for the updated patch (maven.patch.100711)
I still think that it is not so good to remove the old code of <remoteRepository/>,
because it ignores ${maven.repo.url} parameter provided by deploy-snapshot,
deploy-staging and deploy-release targets. Maybe leave old code as a comment
and fix it later if needed? I think that actually nobody besides the release manager
uses this, so I am letting this pass.
* Expose the new WebappLoader flag in the VirtualWebappLoader,
but allow alternative name searchVirtualFirst to make it
consistent with the "virtual" terminology.
Now you can decide, whether the virtual paths will
be searched before the webapp or after it.
If searched before, external resources take precendence
over internal ones. Before that change one couldn't overwrite
resources already present in the webapp.
+1: rjung, funkman, kkolinko
* Fix path parameter handling. Currently the following URL fails with a 404:
+1: kkolinko, markt, schultz
kkolinko: The old parseSessionId() method calls "clearRequestedSessionURL(request);"
when there is no sessionid in the path. The new code does not do that. Was that
call needed? It looks that it was not needed, but I might miss something.
kkolinko: Discussed in Re:r1005192 thread on dev@
* Backport JSP unloading patch (BZ48358).
The patch has substantially changed since the original version.
Original revisions are: 937787, 1028377, 1028389, 1028396, 1028861, 1028862, 1028863,
1028935, 1028939, 1028940, 1028944, 1028950, 1030014, 1030037
Combined TC 6 patch:
+1: rjung
-0: markt - suggests there may be
a memory leak in this code somewhere. I'd like to get to the
bottom of that before porting this
rjung: I started a discussion about JSPs and memory on the dev list.
The updated patch fixes a race condition.
We can stall this item until we get some feedback about 7.0.5.
* Fix
Ensure HttpServletRequest#getAuthType() returns the name of the authentication scheme
if request has already been authenticated. (patch against tc6.0)
+1: kfujino, markt
* Add additional configuration options to the DIGEST authenticator
+1: markt
+1: schultz : if s/nOnce/nonce/g for the whole file, not just some of it
* Backport exception logging from revision 1090022
+1: schultz
+1: kkolinko, jung: +1, but I think it is better to combine this with r1073393
* Add StuckThreadDetectionValve
+1: slaurent
+1: kkolinko: several comments are below
kkolinko: To view/download this as a patch file you add ".diff" to the URL above. That is:
kkolinko: Minor glitches:
- In mbeans-descriptors.xml:
- There are no properties "asyncSupported", "stateName" in TC6 version of this valve.
- In valve.xml:
- s/tomcat log/Tomcat log/ (or Apache Tomcat log)
- In
- s/private class CompletedStuckThread/private static class CompletedStuckThread/
MonitoredThread can be made static as well.
- result[i] = idList.get(i); and arguments to sm.getString()
I'd prefer the boxing/unboxing conversion to be coded explicitly.
- s/new Long(/Long.valueOf(/
- ConcurrentHashMap: Maybe the defaults could be tuned with system properties.
I wonder whether ConcurrentHashMap.DEFAULT_CONCURRENCY_LEVEL which is 16 is enough.
- getStuckThreadIds() returns a list of ids. It might be useful to
have a similar method that returns Thread.getName() names.
* Fix truncated cookies.
Based on
+1: jfclere
-1: markt Should use same mechanism for this as Tomcat 7
* Fix
Handle tag files with attribute names that are not valid Java identifiers
+1: markt, kkolinko
* Multiple improvements to the Windows Installer
Install monitor to auto-start for current user only rather than all users to
be consistent with menu item creation.
- Fix
Provide an option to install shortcuts for the current user or all users.
Also ensure registry is correctly cleaned on uninstall for 64-bit platforms.
- Fix
Provide the ability to specify the AJP port and service name when installing
Tomcat using the Windows installer. This permits multiple instances of the
same Tomcat version to be installed side-by-side.
- Fix
Fix auto-detection of JAVA_HOME for 64-bit Windows platforms that only have
a 32-bit JVM installed.
plus addition of
+1: markt
* The change in session ID is notified to not the session listener but the
container event listener.
+1: kfujino, markt
* Fix
No definitive information that this is the fix but back-porting Mladen's fix
from 7.0.x can't hurt and may help
+1: markt, kkolinko
* Update commons pool to 1.5.6
It is used in TC7 since 7.0.14
+1: kkolinko, markt
* Fix
Fix concatenation of values in SecurityConfig.setSecurityProperty()
when the value provided by JRE is null.
+1: kkolinko, markt
* Fix
Improve handling of exceptions when flushing the response buffer to
ensure that the doFlush flag does not get stuck in the enabled state.
Patch by Jeremy Norris.
+1: kkolinko, markt
* Fix
Handle Gzip messages larger than the default buffer size
Based on a patch by Christian Stöber ( only)
+1: markt, kkolinko
* Fix
AccessLogValve and FileHandler improvements
It is backport of r1145200, r1145237, r1145268
1) Allow to specify character set to be used to write the access log
in AccessLogValve
2) In JULI FileHandler and in AccessLogValve create a directory
automatically when it is specified as a part of the file name, e.g. in
the <code>prefix</code> attribute. Earlier this happened only if it was
specified with the <code>directory</code> attribute.
3) Log a failure if access log file cannot be opened.
4) I18n of messages in AccessLogValve.
5) Expose the new "encoding" option through JMX.
and also fix wrong mapping for "enabled" property - it is getEnabled(). (JMX)
+1: kkolinko, markt
* Fix various sendfile issues. CVE-2011-2526
This is a port of r1145380, r1145383, r1145489, r1145571, r1145694 and
+1: markt
Jump to Line
Something went wrong with that request. Please try again.