Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 429 invoked from network); 12 Feb 2003 10:30:12 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 12 Feb 2003 10:30:12 -0000 Received: (qmail 1767 invoked by uid 97); 12 Feb 2003 10:31:54 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@nagoya.betaversion.org Received: (qmail 1760 invoked from network); 12 Feb 2003 10:31:54 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 12 Feb 2003 10:31:54 -0000 Received: (qmail 98683 invoked by uid 500); 12 Feb 2003 10:29:35 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 98648 invoked by uid 500); 12 Feb 2003 10:29:35 -0000 Received: (qmail 98629 invoked from network); 12 Feb 2003 10:29:34 -0000 Received: from icarus.apache.org (208.185.179.13) by daedalus.apache.org with SMTP; 12 Feb 2003 10:29:34 -0000 Received: (qmail 53215 invoked by uid 1135); 12 Feb 2003 10:29:33 -0000 Date: 12 Feb 2003 10:29:33 -0000 Message-ID: <20030212102933.53214.qmail@icarus.apache.org> From: remm@apache.org To: jakarta-tomcat-4.0-cvs@apache.org Subject: cvs commit: jakarta-tomcat-4.0 RELEASE-NOTES-4.1.txt X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N remm 2003/02/12 02:29:33 Modified: . RELEASE-NOTES-4.1.txt Log: - Status update. Revision Changes Path 1.55 +1346 -1340jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt Index: RELEASE-NOTES-4.1.txt =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- RELEASE-NOTES-4.1.txt 10 Feb 2003 19:47:40 -0000 1.54 +++ RELEASE-NOTES-4.1.txt 12 Feb 2003 10:29:32 -0000 1.55 @@ -1,1340 +1,1346 @@ - Apache Tomcat Version 4.1 - ========================= - Release Notes - ============= - -$Id$ - - -============ -INTRODUCTION: -============ - - -This document describes the changes that have been made in the current -development version of Apache Tomcat, relative to the Tomcat 4.0 release. -The release notes for all prior releases of Tomcat 4.0 are also included, for -your reference. - -Bug reports should be entered at the bug reporting system for -Jakarta projects at: - - http://nagoya.apache.org/bugzilla/ - -Please report bugs and feature requests under product name "Tomcat 4". - - - -============ -NEW FEATURES: -============ - - --------------------- -General New Features: --------------------- - -[4.1.1] Administration Webapp: - Complete development of the initial version of the administration web - application. - -[4.1.5] Administration Webapp: - Add support for manipulating JNDI resources of web applications. - -[4.1.6] Administration Webapp: - Add support for JavaMail resources. - -[4.1.6] Tyrex resources: - Upgrade to Tyrex 1.0. - -[4.1.10] Commons components: - Upgrade to stable releases. - -[4.1.11] Administration Webapp: - Add support for DefaultContext. - -[4.1.11] Documentation: - New JK and JK 2 documentation. - -[4.1.15] i18n: - Complete French language translation. - -[4.1.19] Documentation: - Added printer friendly versions of the documents. - -[4.1.19] Administration Webapp: - Complete the accessibility requirements to pass section 508. - - ---------------------- -Catalina New Features: ---------------------- - -[4.1.3] Catalina: - Implement custom logger which can be used to capture System.out and - System.err to a buffer for later use. - -[4.1.3] SSIServlet: - Complete rewrite of the SSI functionality (WARNING: servlet class name - has changed). - -[4.1.3] CoyoteConnector: - Add PureTLS support. - -[4.1.4] Embedded: - Add support for Coyote HTTP/1.1 and Coyote JK 2. - -[4.1.4] DefaultContext: - Refactoring of DefaultContext to support dynamic configuration (naming - resources and other misc properties). - -[4.1.4] MBeanUtils: - Allow specifying custom MBean descriptor files. - -[4.1.5] ServerLifecycleListener: - Generate MBeans for the JNDI resources of the contexts. - -[4.1.8] BootstrapService: - Allow passing parameters to the BootstrapService. - -[4.1.15] JNDIRealm: - Add support for SSL with the JNDIRealm. - -[4.1.16] AuthenticatorBase: - Add a configuration option to disable setting the headers which - prevent proxies from caching protected pages. Using this option may - open security holes in your application, so it should only be used - if you are certain about what you are doing. - -[4.1.16] JNDIRealm: - Allow configuring how JNDI should handle referrals returned - by the server. - -[4.1.16] AccessLogValve: - Allow disabling log file rotation, and add new patterns. - -[4.1.17] DataSourceRealm: - A new Realm implementation which can use a JNDI named JDBC - DataSource has been added. - -[4.1.19] JNDIRealm: - Added support for using an alternateURL if a socket connection - can not be made to the provider at the connectionURL. - -[4.1.19] CoyoteConnector: - Add HTTP/1.1 GZIP compression support. - -[4.1.20] StandardWrapper, ManagerBase: - Added JavaBean fields to expose statistics through JMX. - -[4.1.20] GlobalResourcesLifecycleListener: - Allow the listener to be associated with a Service. - - -------------------- -Jasper New Features: -------------------- - -[4.1.1] JspServlet, Options: - Add new "reloading" flag allowing to disable the JSP reloading checks, - to allow better performance on production servers. - -[4.1.1] JspServlet: - Refactor the JSP modification checking as a background thread. - -[4.1.3] Compiler: - Ant 1.5 based compiler. - -[4.1.4] Compiler: - Extensive code cleanup. - -[4.1.4] JspC: - Extensive refactoring of JspC. - -[4.1.4] Options: - Add new "compiler" option, which contains the Ant name of the Java - compiler to be used. Please refer to the list in the Ant documentation - for more details. - -[4.1.4] Generator: - Fix the limitation on the number of tags which can be used within a - single page, which was cause by the 64K bytecode limit for a sigle - method. Now Jasper generates separate methods for tag bodies when lots - of tags are used. - -[4.1.4] Generator: - Add tag instance reuse for performance improvement. - -[4.1.4] Generator: - Add tag BodyContent reuse. - -[4.1.6] TldLocationsCache: - Add TLD caching. - -[4.1.6] Options: - Add new "enablePooling" flag, which allows disabling tag reuse. - -[4.1.8] JspCompilationContext: - Use _ instead of $ to generate file and class names for jsp servlets. - -[4.1.19] Compiler: - Added new "fork" option. This tells Ant to fork the JSP page javac - compile so that it is run in a different JVM from the one Tomcat - is running in. Please refer to the Jasper-HOWTO for more information. - - -========================== -BUG FIXES AND IMPROVEMENTS: -========================== - - ------------------- -Generic Bug Fixes: ------------------- - -[4.1.2] Administration Webapp: - Fix problems with limiting the length of the driverClassName field, as - well as set default values, and add missing JNDI name field. - -[4.1.2] Administration Webapp: - Fix many problems defining a SSL connector through the administration - webapp. - -[4.1.2] Administration Webapp: - Many cosmetic fixes. - -[4.1.3] Administration Webapp: - Fix creation of new connectors through the admin webapp. - -[4.1.6] Administration webapp: - Context resources administration fixes and improvements. - -[4.1.6] Compression filter: - Fix compliance problems. - -[4.1.6] Administration Webapp: - Tweak validation code for the context parameters. - -[4.1.8] Build: - Tomcat is now built with JDK 1.4. - -[4.1.9] Administration Webapp: - Specify charset in JSP pages. - -[4.1.11] Administration Webapp: - Fix adding a context with the administration webapp. - -[4.1.12] Administration Webapp: - Complete support for DefaultContext. - -[4.1.15] Administration Webapp: - Fix edition and creation of resource links. - -[4.1.17] Default configuration: - Connector performance tweaks. - -[4.1.19] Manager and HTML Manager web applications - Fix bugs 5551, 7826, 8969, 13983, 5629, and 13205 - Updated documentation and added some minor new features. - See the Manager App HOW-TO and HTML Manager App HOW-TO - documentation for more information. - -[4.1.19] Administration Webapp: - Add a check for empty validation query before setting it. - -[4.1.20] Startup scripts: - Fix classloading failures on JDK 1.4 related to commons-logging, - which were caused by JARs being set as endorsed and added to the - system classloader. - -[4.1.20] Xerces: - Upgrade to Xerces 2.3.0. - -[4.1.20] Administration Webapp: - Additional accessibility improvements. - -[4.1.20] Administration Webapp: - Fix to prevent localhost from being deleted. - -[4.1.20] Administration Webapp: - Fix the beahavior of valve creation, where atributes weren't saved. - - ------------------- -Catalina Bug Fixes: ------------------- - -[4.1.1] #8611 - Summary: Sealed .jar files in WEB-INF/lib always fail to load - second class - WebappClassLoader: - The classloader will now generate codebases URL for classes loaded from - JAR file which point to the JAR, intead of using a nested jar: URL. - This change will affect security manager policy files. - -[4.1.2] ErrorReportValve: - Made it so the valve will only generate status reports for status codes - over 300. - -[4.1.2] DbcpDataSourceFactory: - maxIdle attribute couldn't be set. - -[4.1.2] Facades: - Fixed a problem where the facades would still keep a pointer to the - facaded objects after the end of the processing of the request. - -[4.1.3] #7578 - Summary: Signed jars loses their certificates when in /WEB-INF/lib - WebappClassLoader: - Fix the timing of the call to JarEntry.getCertificates(), so that the - certificates are set correctly. - -[4.1.3] WebappClassLoader: - Modify the filters to have a matched class be delegated first, instead - of refusing to load it altogether. Also add filters for javax.*, Xerces - and Xalan. - -[4.1.3] Endpoint: - Add support for a two phase connector initialization in Coyote, so that - Tomcat can be used as nobody on Unix. - -[4.1.3] Http11Protocol: - i18n. - -[4.1.3] StandardServerMBean: - Encode special characters when writing configuration file. - -[4.1.3] ContextConfig: - Fix NPE when the Embedded class is used. - -[4.1.3] DBCP: - Use the JNDI factory provided by the commons-dbcp project. - -[4.1.3] StandardHost: - Modify mapping error uri to provide the source uri. - -[4.1.3] NamingContextListener: - Fix a bug where the listener was registered on all lifecycle events. - -[4.1.3] #7656 - Summary: Webapplications deployed using PUT don't survive - a tomcat restart - StandardServer: - Move the save to XML functionality out of the JMX code, and make the - ManagerServlet use it after a deploy, so that the deployed application - is persistent. - -[4.1.3] #9353 - Transfer-Encoding: chunked (on Request fails) - ChunkedInputFilter: - In rare cases, the data read could be corrupted. - -[4.1.3] ManagerServlet: - Handle resources nested in subcontexts. - -[4.1.3] NamingResources: - Prevent naming resources overriding. - -[4.1.4] HostConfig: - Do web.xml tracking on all contexts. - -[4.1.4] NamingResources: - Fix entries removal. - -[4.1.4] ContextBindings: - JNDI environment is now available to webapp created classloaders, as - long as the webapp classloader is in its parent hierarchy. - -[4.1.4] ManagerServlet: - Save configuration when undeploying. - -[4.1.4] #9629 - Fix ServletContext.getResourcePaths to match spec - ApplicationContext: - getResourcePaths now returns null for non existing paths. - -[4.1.4] #9676 - org.apache.coyote.tomcat4.CoyoteServerSocketFactory doesn't recognize - keystoreType attribute - Http11Protocol: - Add missing setKeytype method. - -[4.1.4] #5446 - Can't change webapp class loader - WebappLoader: - Use introspection to instantiate the class loader. - -[4.1.5] #9715 - 'Out of Memory' error with static html pages - ProxyDirContext: - Use a LRU based cache instead of a simple hashtable. - -[4.1.4] #9722 - java.lang.ClassCastException: - org.apache.catalina.connector.HttpRequestFacade - ApplicationDispatcher: - The check to unwrap must also handle facades. - -[4.1.5] #9700 - JNDIRealm authentication incorrectly succeeds with blank password - JNDIRealm: - The security exploit has been fixed. - -[4.1.5] HTMLManagerServlet: - Many improvements and small feature additions. - -[4.1.5] #8935 - Deadlock with reload in manager - StandardWrapper: - The deallocation of a wrapper will not timeout after 500 ms. - -[4.1.5] #8013 - DefaultServlet Throws NumberFormatException - DefaultServlet: - Use getDateHeader instead of instance local date parsers to solve - thread safety issues. - -[4.1.6] WebappClassLoader: - Fix a rare thread safety issue. - -[4.1.6] #9944 - JAASRealm not configurable - JAASRealm: - Fix configuration of the appName and userClassNames attributes. - -[4.1.6] StandardSession: - Fix session recycling. - -[4.1.6] #9318 - Summary: HttpSession getMaxInactiveInterval() throws - IllegalStateException - StandardSession: - Don't throw ISE. - -[4.1.6] ContextConfig: - Don't remove JNDI resources when stopping a web application. - -[4.1.6] StandardWrapper: - Capture System.out and System.err during load-on-startup. - -[4.1.6] ApplicationContext: - Fix major memory leak in the request dispatcher. Also improves - performance. - -[4.1.6] ApplicationHttpResponse: - Disallow using setLocale from an included servlet. - -[4.1.6] StandardContext: - Reset application context when stopping. - -[4.1.8] BootstrapService: - Prevent NPE when DaemonContext is not well initialised. - -[4.1.8] StandardServer: - Make sure the global resources are correctly initialized even if there - is no GlobalNamingResources element in server.xml. - -[4.1.8] MBean-descriptors: - Add PersistentManager MBean info to mbeans-descripor.xml so it doesn't - complain in case if you have PersistentManager. - -[4.1.8] #10967 - Summary: Java Deadlock in WebappClassLoader - WebappClassLoader: - Make ResourceEntry a separate class. - -[4.1.8] StandardSession: - Set manager to null before recycling. - -[4.1.9] StandardClassLoader: - Avoid potential security exception by not calling getParent. - -[4.1.9] #11307 - Summary: Deadlock in ClassLoader - WebappClassLoader: - Fix deadlock condition by modifying the synced block. - -[4.1.9] StandardHostDeployer: - Fire event when undeploying. - -[4.1.10] AuthenticatorBase: - Remove double URI decoding. - -[4.1.10] StandardHost: - Refactor log capture. - -[4.1.10] StandardServer: - Output server.xml in UTF8. - -[4.1.10] WebappClassLoader: - Fix problem where external repositories would always be ignored. - -[4.1.10] WebappClassLoader: - Generate properly encoded URLs. - -[4.1.10] #12041 - Summary: CGIServlet can block on input - CGIServlet: - Fix possible deadlock when reading CGI script output. - -[4.1.10] ErrorDispatcherValve: - Unwrap root cause error. - -[4.1.10] Documentation: - Fixes and small additons to the DBCP documentation. - -[4.1.10] StandardContext: - Add new "swallowOutput" flag, to allow configuring logger redirection. - -[4.1.11] catalina.policy: - Modify the file to reflect the new URLs to be used for codebase - declarations. - -[4.1.11] StandardContext: - Change the timing of the directory context allocation (now done - during start which is more consistent with the lifecycle of other - components). - -[4.1.11] #12041 - CGIServlet: - Better fix for bugzilla 12041 running an extra thread to deal - with STDERR. - -[4.1.11] CGIServlet: - Fix for CGI scripts run from a POST operation never get any - posted data. - -[4.1.11] DefaultServlet: - Assume text file when MIME type is unknown for including purposes. - -[4.1.11] ManagerServlet: - Allow manager to do operations on the root webapp. - -[4.1.11] BootstrapService: - Allow parameters to BootstrapService for jni/mod_jk2. - -[4.1.11] FileDirContext: - Add an option to allow symlinking (allowLinking). - -[4.1.11] FileDirContext: - Make the case sensitivity check based on the value of the - "caseSensitive" flag rather than on the path separator. Most Unix OSes - can set that to false. - -[4.1.12] SSLAuthenticator: - Add back client authentication support. - -[4.1.12] SECURITY: - Disable InvokerServlet in the default webapp configuration, - and restrict the servlets it can invoke. - -[4.1.12] #12286 - JDBCStore: - Fix NPE on shutdown. - -[4.1.13] StandardContext: - Major refactoring of the resources lifecycle handling, which is now - similar to the one of the other components. - -[4.1.13] #12985 - StandardWrapper: - Fix load on startup bug for JSPs. - -[4.1.13] StandardWrapper: - Add log swallowing support. - -[4.1.13] InvokerServlet: - SECURITY: Check the classname of the invoked servlet. - -[4.1.13] #13513 - StandardManager: - Add disabling persistence with a blank String. - -[4.1.13] Catalina: - SECURITY: Add security manager protection on Coyote components. - -[4.1.13] ErrorReportValve: - Performance optimization: don't generate a status report for status - codes < 400. - -[4.1.13] ProxyDirContext: - Cache non existing resources list to provide a major speedup for - welcome files processing. - -[4.1.13] ProxyDirContext: - Avoid object creation when reproting a not found resource. - -[4.1.13] ProxyDirContext: - Peformance fix: allow directory caching. - -[4.1.14] Catalina: - Fix security manager package protection configuration. - -[4.1.14] ContextConfig: - Fix TLD processing. - -[4.1.15] #13583 - ApplicationContext: - Add path normalization. - -[4.1.15] FileDirContext: - allowLinking will also disable case sensitivity checks (which are - relatively similar). - -[4.1.15] #13364 - StandardDefaultContext: - Properly refresh naming entries defined in the DefaultContext after a - reload. - -[4.1.16] server.xml - Disable timeout for JK2 connector. - -[4.1.16] MBeanUtils: - Relax restrictions on valve MBeans creation. - -[4.1.16] #14781 - CGIServlet: - Remove dependency on JDK 1.4. - -[4.1.16] FileStore: - Check for the existence of the session store file. - -[4.1.16] SSI: - Conditional SSI enhancement, better emulation of Apache SSI, - fix expression parser's handling of literals. - -[4.1.17] #15086 - StandardWrapper: - Use the swallowOutput flag when unloading. - -[4.1.17] #15077 - StandardWrapper: - Mark servlets as unavailable when the wrapper is stopped. - -[4.1.17] CGIServlet, SSIServlet: - Fix for SSI "normal" configuration which invokes a CGI script. - -[4.1.17] #15239 - NamingResourcesMBean: - Fix resource link creation. - -[4.1.18] CoyoteWriter, CoyoteResponse: - SECURITY: Fix writer reuse after an IOException occurred. - -[4.1.19] #15544 - DataSourceRealm: - Fixed the Realm-HOWTO docs for the DataSourceRealm. - -[4.1.19] #10383 - Ajp13: - Fix hanging Ajp13Processor and web server request when invalid - Cookie sent. An HTTP status code 400 - Bad Request is now returned. - -[4.1.19] ApplicationFilterConfig: - Wrap filter initialization with swallow output. - -[4.1.19] #15819 - StandardServer: - Don't write out listeners for StandardDefaultContext. - -[4.1.19] #15762 - StandardServer: - Filter special characters in DataSource URL. - -[4.1.19] #15890 - DefaultServlet: - Invalid date headers should be ignored. - -[4.1.19] ManagerBase: - Add code to guarantee uniqueness of a session ID (even though the - probability that this event occurs is negligible, some people feel - more comfortable with that code enabled). - -[4.1.19] RequestFilterValve: - Catch null pointer property to match on, deny by default if found. - -[4.1.19] #15378 - ProxyDirContext: - Fix cache invalidation problem when creating subcontexts or modifying - attributes. - -[4.1.20] #16316 - DataSourceRealm: - Removed code which validates the realm can connect to the db from - the realm start in case the JNDI named DataSource has not been - initialized yet. - -[4.1.20] #16106 - StandardServer: - Fix a problem where some valves would be incorrectly written - to server.xml. - -[4.1.20] StandardSession: - Don't recycle sessions, as the performance gain is minimal. - -[4.1.20] CookieTools: - Add spaces after ; in cookies. This avoids problems with IE on Mac. - -[4.1.20] Manager: - Add missing security mapping for deploy (this bug was introduced - in 4.1.19). - - ----------------- -Coyote Bug Fixes: ----------------- - -[4.1.13] #12998 - CoyoteAdapter: - Fix compatibility problem with AJP. - -[4.1.13] #13162 - CoyoteAdapter: - Decode the URI as a URI, not as a query-string. - -[4.1.13] #13658 - CoyoteAdapter: - Arrange to have the SSL attributes in the CoyoteRequest so that they - show up for getAttributeNames. - -[4.1.13] CoyoteConnector: - Allow disabling proxyName with an empty string. - -[4.1.13] CoyoteInputStream: - Implement available(). - -[4.1.13] CoyoteResponse: - Fix sendRedirect URL generation. - -[4.1.13] HTTP/1.1 Constants: - Increase max HTTP header buffer size to 48K. - -[4.1.13] HTTP/1.1 Http11Processor: - Performance: Save on B2C for host name handling. - -[4.1.13] HTTP/1.1 Http11Processor: - Performance: Use bytes comparisons to check the "connection" header - values. - -[4.1.13] HTTP/1.1 InternalOutputBuffer: - Performance: improve header generation. - -[4.1.13] #13270 - JK2 ChannelSocket: - TCP no delay was not implemented. - -[4.1.13] JK2 HandlerRequest: - Fix tomcatAuthentication support. - -[4.1.13] #11657 - JK2 JkMain: - Initialize https URLs if only JK connector is used. - -[4.1.13] Fix broken JSSE/SSL-support and include support for Cert-Auth with - JSSE 1.1.x. - -[4.1.15] JK2 JkCoyoteHander: - Fix problem where the same buffer was used for output and input. - -[4.1.15] Tomcat 4 Adapter: - Closing the output stream or writer in the Tomcat 4 adapter will now - finish the response. - -[4.1.15] HTTP/1.1 InternalOutputBuffer: - Fix possible loop scenarios which could happen if an invalid 0 length - read was made. - -[4.1.15] Coyote Response: - Improve special header handling to allow protocol handler to enforce - the protocol. - -[4.1.15] #14281 - Tomcat 4 Adapter OutputBuffer: - Properly compute the total size of the content written. - -[4.1.16] Tomcat 4 Adapter: - Performance: Delayed evaluation of the remote host address. - -[4.1.16] HTTP/1.1 Http11Processor: - Performance: Allow disabling upload timeout. - -[4.1.16] #14658 - Tomcat 4 Adapter CoyoteWriter: - Performance: Full reimplementation of PrintWriter, fixing syncing as - well as performance problems which occurred when a client abruplty - disconnected. - -[4.1.16] HTTP/1.1 Http11Processor: - Performance: Save on GC for commonly used Strings for protocol and - method name. - -[4.1.16] HTTP/1.1 InternalOutputBuffer: - Fix for an ArrayOutOfBound exception which could occur when - IOException (usually caused by a client disconnect) was raised - during a commit. - -[4.1.16] JK2 ChannelSocket: - Handle timeout exceptions. - -[4.1.16] JK2 ChannelSocket: - Allow disabling channel socket for JNI, as well as binding a specific - adress. - -[4.1.16] JK2 HandlerRequest: - Fix null getRemoteHost. - -[4.1.16] JK2 HandlerRequest, JKCoyoteHandler: - Lazy extraction of ssl certs to speed up jk/ajp13 when under SSL. - -[4.1.17] ActionCode: - Allow ActionCode to be used in a switch. - -[4.1.17] Response: - Fix Locale initilization to the default locale (en-us). - -[4.1.17] #15201 - Tomcat 4 Adapter: - Fix SSL attributes retrival with JK 2. - -[4.1.17] Tomcat 4 Adapter CoyoteResponse: - encodeURL does not encode session with empty URL (rfc2396). - -[4.1.17] HTTP/1.1 Http11Processor: - Fix incorrect setting of the socket timeout when the connection is - first established. - -[4.1.17] HTTP/1.1 Http11Processor: - Performance: Optimize soTimeout management when the upload timeout is - disabled. - -[4.1.17] PoolTcpEndpoint: - Reduce synchornization by not using connection object pooling. Also - minimize the amount of time during which no thread is listening on - the server socket. - -[4.1.17] ThreadPool: - Reduce synchronization by using an array of threads instead of - a Vector. - -[4.1.17] #15258 - JK 2 ChannelSocket: - Bind all addresses by default. - -[4.1.18] #15456 - JK 2 CoyoteHandler: - Fix NPE occurring in SSL mode. - -[4.1.19] ActionCode: - Fix incorrect number which could cause bad matching. - -[4.1.19] HTTP/1.1 Http11Processor: - Fix case sensitivity matching of some special header values, which - could prevent HTTP/1.0 keep alive with some clients. - -[4.1.19] PoolTcpEndpoint: - Fix incorrect handling when an exception occurs during a SSL - handshake. - -[4.1.19] PoolTcpEndpoint: - More robust socket restart code for the case where an exception occurs - during an accept. - -[4.1.19] ThreadPool: - Remove thread from active thread list when it ends. - -[4.1.20] CoyoteConnector: - Allow setting socket linger. - - ----------------- -Jasper Bug Fixes: ----------------- - -[4.1.1] #8290 - Summary: Problem in the code generated by jasper 2 - Generator: - This workaround for a JDK bug (BugParade Id: 4414162) introduces - a massive performance improvement when using pages containing - lots of tags. - -[4.1.2] Generator: - Fixes various problems introduced by the patch which removes - the try/catch tag nesting. - -[4.1.2] #8994 - Summary: JSPs don't recompile - JspServletWrapper: - Fix JSP recompilation when the new "development" flag is set to "true". - -[4.1.3] #5793 - Summary: Variable element in tld with TagExtraInfo class - TagLibraryInfoImpl: - Fix spec compliance problem. - -[4.1.3] PagaDataImpl: - Fix bug where only one validator could be used on a page. - -[4.1.3] #8565 - Summary: MyEntityResolver doesn't allow including user-defined entities - -[4.1.3] Generator: - Use an array instead of a collection to simulate the try/catch nesting. - -[4.1.3] Generator: - Fix spec compliance bug where a tag could define scripting variables in - both the TLD and the TagExtraInfo class. - -[4.1.5] Generator, PageContextImpl: - Fix tag BodyContent reuse. - -[4.1.5] Generator: - Code cleanup, removing the need for a state object. - -[4.1.5] Generator: - Fix bug when specifying a redirect which already included part of a - quesry string. - -[4.1.5] Compiler: - Clean up Ant error message generation. - -[4.1.5] #8926 - Summary: Duplicate variable definition in generated Java source, - related to custom tag scripting variable - Generator: - Fix variable declaration locations. - -[4.1.6] Compiler: - Further refactoring of the compiler. - -[4.1.6] #10048 - Summary: JSP forward removes ALL response wrappers - PageContextImpl: - Only unwrap Jasper added response wrapper. - -[4.1.6] #10035 - Summary: in rejected - Parser: - elements are now allowed. - -[4.1.6] #9996 - Summary: <@%include> breaks when the included page contains non-ascii - encoding - Validator: - Fix charset handling. - -[4.1.6] Generator: - Many fixes to nested tags and scripting variables handling. - -[4.1.6] Generator: - Add synchronization of the scripting variables. - -[4.1.8] #10896 - Summary: Parsing ContentType error - ParserController: - Fix parsing. - -[4.1.8] #10713 - Summary: Backslashes quoting quotes in attributes does not work - Parser: - Fix parsing. - -[4.1.8] #10711 - Summary: Relative filenames with ../ do not work for JSP-includes - JspCompilationContext: - Add back path normalization code. - -[4.1.8] #10670 - Summary: Problem in JSP compilation - Generator: - Fix compilation problem. - -[4.1.8] #10766 - Summary: <%@ page extends %> causes ClassCastException - JspServletWrapper: - Fix regression caused by the included JSP modification tracking. - -[4.1.9] #11463 - Summary: PageContextImpl.removeAttribute do not work correctly without - session object - PageContextImpl: - Add check for the existence of the session. - -[4.1.9] Validator: - Fix bug in setting the default content-type. - -[4.1.9] #10949 - Summary: Jasper2 compile error with struts logic tag & jsp:include - Generator: - Fix generated response type to HttpServletResponse. - -[4.1.9] #10629 - Summary: include directive fails when referencing Parent Path within - a WAR - JspCompilationContext: - Canonicalize URIs used for getResource and getResourceAsStream. - -[4.1.10] #11891 - Summary: JspC does not work for webapps - JspC: - Fix -webapp option. - -[4.1.10] Compiler, Generator: - Added step to determine which scripting variables must be declared. - -[4.1.10] #11942 - Summary: reassignment of variables to pagecontext attributes in body - loop - -[4.1.10] #11552 - Summary: Iteration tags do not resynchronize scripting variables after - doAfterBody() - -[4.1.10] #12128 - Summary: JSP Comment end symbol not recognized in some cases - -[4.1.11] Compiler: - Update to work with Jikes with all features. - -[4.1.11] #12387 - Compiler: - Work around limitations of the Ant path tokenization by using files. - -[4.1.11] Generator: - For the conversion of the value used in includes and others - to a String, as was done in previous Tomcat releases. - -[4.1.11] Generator: - Added synchronization of NESTED and AT_BEGIN variables after call to - doStartTag() of tag handlers implementing IterationTag, but not - BodyTag. - -[4.1.11] #12432 - Generator: - Can't compile JSP with nested custom tags that have VariableInfo. - -[4.1.11] JspServletWrapper: - Fix Jasper when "development" option is set to "false". - -[4.1.12] JspRuntimeContext: - Add permission to allow reading the work directory. - -[4.1.13] #13144 - Generator: - Ending comment eats up line following. - -[4.1.13] #13536 - Generator: - Bad value in plugin if the value is an expression. - -[4.1.13] JspRuntimeContext: - Make sure the CodeSource for JSP pages is created consistently - the same. - -[4.1.13] #13206 - JspRuntimeLibrary: - Invalid java bean property error message could be reported better. - -[4.1.13] #13843 - JspServlet: - Fix locking on Windows of big JSP files. - -[4.1.14] Compiler: - Add global synchronization on the javac invocation. - -[4.1.15] Jspc: - Rename "--compile" option to "-compile" (it was undocumented). - -[4.1.15] #14195 - ErrorDispatcher: - Fix NPE. - -[4.1.15] #14197 - Generator: - Allow jspDestroy to be overriden. - -[4.1.15] PageContextImpl: - Avoid flushing after processing the page. - -[4.1.16] #14577 - Generator: - Declarations should geneate a '\n' at end. - -[4.1.16] #14699 - Generator: - Scripting variables declared AT_END do not work when tag - implements TryCatchFinally. - -[4.1.17] Compiler: - Make exception reports more detailed. - -[4.1.19] #15531 - Background Thread Recompile: - Fixed a thread synchronization bug which could cause the thread which - does background JSP recompiles (development=false) to die. - -[4.1.19] #14200 - TldLocationCache: - TLDs under WEB-INF are not scanned for URI mappings. - -[4.1.19] JspWriterImpl: - Remove custom flushing, which caused client disconnects to log - stack traces with Jasper. - -[4.1.19] #15105 - PageContextImpl: - pushBody()/popBody() error on tomcat 4.1.X. - -[4.1.20] #15845 - Fixed JSP page compiles so that objects created for performing - the JSP page compiles which are not reused are dereferenced so - they are eligible for GC. This should reduce the memory footprint - and improve GC performance. - -[4.1.20] JspC: - Port fixes to JspC from HEAD, including support for packaged JSPs, and - fixes to webapp precompilation. - -[4.1.20] Compiler: - Dereference objects used during compilation, in order to allow - garbage collection. - -[4.1.20] Compiler: - Fixed a NPE caused by nulling errorDispatcher. - -[4.1.20] #16181 - Generator: - JspWriter not restored properly when exception thrown - in a tag's body content. - -[4.1.20] #16200 - Generator: - Fix isThreadSafe functionality. - -[4.1.20] #16449 - JspServletWrapper: - Fix race condition in the reloading check by using an object local - boolean. - - -============================ -KNOWN ISSUES IN THIS RELEASE: -============================ - -* Tomcat 4.1 and JNI Based Applications -* Tomcat 4.1 Standard APIs Available -* Tomcat 4.1 and XML Parsers -* Web application reloading and static fields in shared libraries -* JAVAC leaking memory -* Linux and Sun JDK 1.2.x - 1.3.x -* Enabling SSI and CGI Support -* Security manager URLs -* Using Jasper 1 with Tomcat 4.1 -* Administrartion web application -* Symlinking static resources -* Enabling invoker servlet - - -------------------------------------- -Tomcat 4.1 and JNI Based Applications: -------------------------------------- - -Applications that require native libraries must ensure that the libraries have -been loaded prior to use. Typically, this is done with a call like: - - static { - System.loadLibrary("path-to-library-file"); - } - -in some class. However, the application must also ensure that the library is -not loaded more than once. If the above code were placed in a class inside -the web application (i.e. under /WEB-INF/classes or /WEB-INF/lib), and the -application were reloaded, the loadLibrary() call would be attempted a second -time. - -To avoid this problem, place classes that load native libraries outside of the -web application, and ensure that the loadLibrary() call is executed only once -during the lifetime of a particular JVM. - - ----------------------------------- -Tomcat 4.1 Standard APIs Available: ----------------------------------- - -A standard installation of Tomcat 4 makes all of the following APIs available -for use by web applications (by placing them in "common/lib" or "shared/lib"): -* activation.jar (Java Activation Framework) -* ant.jar (Apache Ant 1.5) -* commons-collections.jar (Commons Collections 2.0) -* commons-dbcp.jar (Commons DBCP 1.0) -* commons-logging-api.jar (Commons Logging 1.0.1) -* commons-pool.jar (Commons Pool 1.0) -* jasper-compiler.jar (Jasper 2 Compiler) -* jasper-runtime.jar (Jasper 2 Runtime) -* jdbc2_0-stdext.jar (JDBC 2.0 Optional Package, javax.sql.*) -* jndi.jar (JNDI 1.2 base API classes) -* jta.jar (Java Transacation API 1.0.1a) -* mail.jar (JavaMail 1.2) -* naming-common.jar (JNDI Context implementation) -* naming-factory.jar (JNDI object factories) -* naming-resources.jar (JNDI DirContext implementations) -* servlet.jar (Servlet 2.3 and JSP 1.2 APIs) - -You can make additional APIs available to all of your web applications by -putting unpacked classes into a "classes" directory (not created by default), -or by placing them in JAR files in the "lib" directory. - -Tomcat 4.1 also makes available Xerces 2 to web applications. - - --------------------------- -Tomcat 4.1 and XML Parsers: --------------------------- - -As described above, Tomcat 4.1 makes an XML parser (and many other standard -APIs) available to web applications. This parser is also used internally -to parse web.xml files and the server.xml configuration file. If you wish, -you may replace the "xercesImpl.jar" file in "common/endorsed" with another -XML parser, as long as it is compatible with the JAXP 1.1 APIs. - - ---------------------------------------------------------------- -Web application reloading and static fields in shared libraries: ---------------------------------------------------------------- - -Some shared libraries (many are part of the JDK) keep references to objects -instantiated by the web application. To avoid class loading related problems -(ClassCastExceptions, messages indicating that the classloader -is stopped, ...), the shared libraries state should be reinitialized. - -Something which could help is to avoid putting classes which would be -referenced by a shared static field in the web application classloader, -and put them in the shared classloader instead (the JARs should be put in the -"lib" folder, and classes should be put in the "classes" folder). - - --------------------- -JAVAC leaking memory: --------------------- - -The Java compiler leaks memory each time a class is compiled. Web applications -containing hundreds of JSP files may as a result trigger out of memory errors -once a significant number of pages have been accessed. The memory can only be -freed by stopping Tomcat and then restarting it. - -The JSP command line compiler (JSPC) can also be used to precompile the JSPs. - -You can prevent this by setting the JspServlet init parameter fork to true -in conf/web.xml. This tells jasper to invoke java compiles of JSP pages -as an external process. - - -------------------------------- -Linux and Sun JDK 1.2.x - 1.3.x: -------------------------------- - -Virtual machine crashes can be experienced when using certain combinations of -kernel / glibc under Linux with Sun Hotspot 1.2 to 1.3. The crashes were -reported to occur mostly on startup. Sun JDK 1.4 does not exhibit the problems, -and neither does IBM JDK for Linux. - -The problems can be fixed by reducing the default stack size. At bash shell, -do "ulimit -s 2048"; use "limit stacksize 2048" for tcsh. - -GLIBC 2.2 / Linux 2.4 users should also define an environment variable: -export LD_ASSUME_KERNEL=2.2.5 - - ----------------------------- -Enabling SSI and CGI Support: ----------------------------- - -Having CGI and SSI available to web applications created security problems when -using a security manager (as a malicious web application could use them to -sidestep the security manager access control). In Tomcat 4.1, they have been -disabled by default, as our goal is to provide a fully secure default -configuration. However, CGI and SSI remain available. - -On Windows: -* rename the file %CATALINA_HOME%\server\lib\servlets-cgi.renametojar to - %CATALINA_HOME%\server\lib\servlets-cgi.jar. -* rename the file %CATALINA_HOME%\server\lib\servlets-ssi.renametojar to - %CATALINA_HOME%\server\lib\servlets-ssi.jar. -* in %CATALINA_HOME%\conf\web.xml, uncomment the servlet declarations starting - line 165 and 213, as well as the associated servlet mappings - line 265 and 274. Alternately, these servlet declarations and mappings can - be added to your web application deployment descriptor. - -On Unix: -* rename the file $CATALINA_HOME/server/lib/servlets-cgi.renametojar to - $CATALINA_HOME/server/lib/servlets-cgi.jar. -* rename the file $CATALINA_HOME/server/lib/servlets-ssi.renametojar to - $CATALINA_HOME/server/lib/servlets-ssi.jar. -* in $CATALINA_HOME/conf/web.xml, uncomment the servlet declarations starting - line 165 and 213, as well as the associated servlet mappings - line 265 and 274. Alternately, these servlet declarations and mappings can - be added to your web application deployment descriptor. - - ---------------------- -Security manager URLs: ---------------------- - -The URLs to be used in the policy file to grant permissions to JARs located -inside the web application repositories have changed in Tomcat 4.1. - -In Tomcat 4.0, codeBase URLs for JARs loaded from web application -repositories were: -jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/- - -In Tomcat 4.1, they should be: -file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar - - ------------------------------- -Using Jasper 1 with Tomcat 4.1: ------------------------------- - -It is possible to use Jasper 1 (included in Tomcat 4.0.x) with Tomcat 4.1, as -it has the same API and supports the same JSP API. - -To use Jasper 1 instead of Jasper 2, copy the two following JARs to -$CATALINA_HOME/common/lib (overwriting the two existing JARs): -* $TOMCAT40_HOME/lib/jasper-runtime.jar -* $TOMCAT40_HOME/lib/jasper-compiler.jar - -However, users are urged to use the version of Jasper included with Tomcat 4.1 -(Jasper 2), as it has much higher performance and scalability than Jasper 1. - - -------------------------------- -Administrartion web application: -------------------------------- - -The administration web application should currently be considered beta quality -code, but is supported as an official component of Tomcat 4.1. - -A finalized version will be delivered in an upcoming Tomcat 4.1 release. - - ---------------------------- -Symlinking static resources: ---------------------------- - -Unix symlinks will not work when used in a web application to link resources -located outside the web application root directory. - -This behavior is optional, and the "allowLinking" flag may be used to disable -the check. - - ------------------------- -Enabling invoker servlet: ------------------------- - -Starting with Tomcat 4.1.12, the invoker servlet is no longer available by -default in all webapp. Enabling it for all webapps is possible by editing -$CATALINA_HOME/conf/web.xml to uncomment the "/servlet/*" servlet-mapping -definition. - -Using the invoker servlet in a production environment is not recommended and -is unsupported. + Apache Tomcat Version 4.1 + ========================= + Release Notes + ============= + +$Id$ + + +============ +INTRODUCTION: +============ + + +This document describes the changes that have been made in the current +development version of Apache Tomcat, relative to the Tomcat 4.0 release. +The release notes for all prior releases of Tomcat 4.0 are also included, for +your reference. + +Bug reports should be entered at the bug reporting system for +Jakarta projects at: + + http://nagoya.apache.org/bugzilla/ + +Please report bugs and feature requests under product name "Tomcat 4". + + + +============ +NEW FEATURES: +============ + + +-------------------- +General New Features: +-------------------- + +[4.1.1] Administration Webapp: + Complete development of the initial version of the administration web + application. + +[4.1.5] Administration Webapp: + Add support for manipulating JNDI resources of web applications. + +[4.1.6] Administration Webapp: + Add support for JavaMail resources. + +[4.1.6] Tyrex resources: + Upgrade to Tyrex 1.0. + +[4.1.10] Commons components: + Upgrade to stable releases. + +[4.1.11] Administration Webapp: + Add support for DefaultContext. + +[4.1.11] Documentation: + New JK and JK 2 documentation. + +[4.1.15] i18n: + Complete French language translation. + +[4.1.19] Documentation: + Added printer friendly versions of the documents. + +[4.1.19] Administration Webapp: + Complete the accessibility requirements to pass section 508. + + +--------------------- +Catalina New Features: +--------------------- + +[4.1.3] Catalina: + Implement custom logger which can be used to capture System.out and + System.err to a buffer for later use. + +[4.1.3] SSIServlet: + Complete rewrite of the SSI functionality (WARNING: servlet class name + has changed). + +[4.1.3] CoyoteConnector: + Add PureTLS support. + +[4.1.4] Embedded: + Add support for Coyote HTTP/1.1 and Coyote JK 2. + +[4.1.4] DefaultContext: + Refactoring of DefaultContext to support dynamic configuration (naming + resources and other misc properties). + +[4.1.4] MBeanUtils: + Allow specifying custom MBean descriptor files. + +[4.1.5] ServerLifecycleListener: + Generate MBeans for the JNDI resources of the contexts. + +[4.1.8] BootstrapService: + Allow passing parameters to the BootstrapService. + +[4.1.15] JNDIRealm: + Add support for SSL with the JNDIRealm. + +[4.1.16] AuthenticatorBase: + Add a configuration option to disable setting the headers which + prevent proxies from caching protected pages. Using this option may + open security holes in your application, so it should only be used + if you are certain about what you are doing. + +[4.1.16] JNDIRealm: + Allow configuring how JNDI should handle referrals returned + by the server. + +[4.1.16] AccessLogValve: + Allow disabling log file rotation, and add new patterns. + +[4.1.17] DataSourceRealm: + A new Realm implementation which can use a JNDI named JDBC + DataSource has been added. + +[4.1.19] JNDIRealm: + Added support for using an alternateURL if a socket connection + can not be made to the provider at the connectionURL. + +[4.1.19] CoyoteConnector: + Add HTTP/1.1 GZIP compression support. + +[4.1.20] StandardWrapper, ManagerBase: + Added JavaBean fields to expose statistics through JMX. + +[4.1.20] GlobalResourcesLifecycleListener: + Allow the listener to be associated with a Service. + + +------------------- +Jasper New Features: +------------------- + +[4.1.1] JspServlet, Options: + Add new "reloading" flag allowing to disable the JSP reloading checks, + to allow better performance on production servers. + +[4.1.1] JspServlet: + Refactor the JSP modification checking as a background thread. + +[4.1.3] Compiler: + Ant 1.5 based compiler. + +[4.1.4] Compiler: + Extensive code cleanup. + +[4.1.4] JspC: + Extensive refactoring of JspC. + +[4.1.4] Options: + Add new "compiler" option, which contains the Ant name of the Java + compiler to be used. Please refer to the list in the Ant documentation + for more details. + +[4.1.4] Generator: + Fix the limitation on the number of tags which can be used within a + single page, which was cause by the 64K bytecode limit for a sigle + method. Now Jasper generates separate methods for tag bodies when lots + of tags are used. + +[4.1.4] Generator: + Add tag instance reuse for performance improvement. + +[4.1.4] Generator: + Add tag BodyContent reuse. + +[4.1.6] TldLocationsCache: + Add TLD caching. + +[4.1.6] Options: + Add new "enablePooling" flag, which allows disabling tag reuse. + +[4.1.8] JspCompilationContext: + Use _ instead of $ to generate file and class names for jsp servlets. + +[4.1.19] Compiler: + Added new "fork" option. This tells Ant to fork the JSP page javac + compile so that it is run in a different JVM from the one Tomcat + is running in. Please refer to the Jasper-HOWTO for more information. + + +========================== +BUG FIXES AND IMPROVEMENTS: +========================== + + +------------------ +Generic Bug Fixes: +------------------ + +[4.1.2] Administration Webapp: + Fix problems with limiting the length of the driverClassName field, as + well as set default values, and add missing JNDI name field. + +[4.1.2] Administration Webapp: + Fix many problems defining a SSL connector through the administration + webapp. + +[4.1.2] Administration Webapp: + Many cosmetic fixes. + +[4.1.3] Administration Webapp: + Fix creation of new connectors through the admin webapp. + +[4.1.6] Administration webapp: + Context resources administration fixes and improvements. + +[4.1.6] Compression filter: + Fix compliance problems. + +[4.1.6] Administration Webapp: + Tweak validation code for the context parameters. + +[4.1.8] Build: + Tomcat is now built with JDK 1.4. + +[4.1.9] Administration Webapp: + Specify charset in JSP pages. + +[4.1.11] Administration Webapp: + Fix adding a context with the administration webapp. + +[4.1.12] Administration Webapp: + Complete support for DefaultContext. + +[4.1.15] Administration Webapp: + Fix edition and creation of resource links. + +[4.1.17] Default configuration: + Connector performance tweaks. + +[4.1.19] Manager and HTML Manager web applications + Fix bugs 5551, 7826, 8969, 13983, 5629, and 13205 + Updated documentation and added some minor new features. + See the Manager App HOW-TO and HTML Manager App HOW-TO + documentation for more information. + +[4.1.19] Administration Webapp: + Add a check for empty validation query before setting it. + +[4.1.20] Startup scripts: + Fix classloading failures on JDK 1.4 related to commons-logging, + which were caused by JARs being set as endorsed and added to the + system classloader. + +[4.1.20] Xerces: + Upgrade to Xerces 2.3.0. + +[4.1.20] Administration Webapp: + Additional accessibility improvements. + +[4.1.20] Administration Webapp: + Fix to prevent localhost from being deleted. + +[4.1.20] Administration Webapp: + Fix the beahavior of valve creation, where atributes weren't saved. + + +------------------ +Catalina Bug Fixes: +------------------ + +[4.1.1] #8611 + Summary: Sealed .jar files in WEB-INF/lib always fail to load + second class + WebappClassLoader: + The classloader will now generate codebases URL for classes loaded from + JAR file which point to the JAR, intead of using a nested jar: URL. + This change will affect security manager policy files. + +[4.1.2] ErrorReportValve: + Made it so the valve will only generate status reports for status codes + over 300. + +[4.1.2] DbcpDataSourceFactory: + maxIdle attribute couldn't be set. + +[4.1.2] Facades: + Fixed a problem where the facades would still keep a pointer to the + facaded objects after the end of the processing of the request. + +[4.1.3] #7578 + Summary: Signed jars loses their certificates when in /WEB-INF/lib + WebappClassLoader: + Fix the timing of the call to JarEntry.getCertificates(), so that the + certificates are set correctly. + +[4.1.3] WebappClassLoader: + Modify the filters to have a matched class be delegated first, instead + of refusing to load it altogether. Also add filters for javax.*, Xerces + and Xalan. + +[4.1.3] Endpoint: + Add support for a two phase connector initialization in Coyote, so that + Tomcat can be used as nobody on Unix. + +[4.1.3] Http11Protocol: + i18n. + +[4.1.3] StandardServerMBean: + Encode special characters when writing configuration file. + +[4.1.3] ContextConfig: + Fix NPE when the Embedded class is used. + +[4.1.3] DBCP: + Use the JNDI factory provided by the commons-dbcp project. + +[4.1.3] StandardHost: + Modify mapping error uri to provide the source uri. + +[4.1.3] NamingContextListener: + Fix a bug where the listener was registered on all lifecycle events. + +[4.1.3] #7656 + Summary: Webapplications deployed using PUT don't survive + a tomcat restart + StandardServer: + Move the save to XML functionality out of the JMX code, and make the + ManagerServlet use it after a deploy, so that the deployed application + is persistent. + +[4.1.3] #9353 + Transfer-Encoding: chunked (on Request fails) + ChunkedInputFilter: + In rare cases, the data read could be corrupted. + +[4.1.3] ManagerServlet: + Handle resources nested in subcontexts. + +[4.1.3] NamingResources: + Prevent naming resources overriding. + +[4.1.4] HostConfig: + Do web.xml tracking on all contexts. + +[4.1.4] NamingResources: + Fix entries removal. + +[4.1.4] ContextBindings: + JNDI environment is now available to webapp created classloaders, as + long as the webapp classloader is in its parent hierarchy. + +[4.1.4] ManagerServlet: + Save configuration when undeploying. + +[4.1.4] #9629 + Fix ServletContext.getResourcePaths to match spec + ApplicationContext: + getResourcePaths now returns null for non existing paths. + +[4.1.4] #9676 + org.apache.coyote.tomcat4.CoyoteServerSocketFactory doesn't recognize + keystoreType attribute + Http11Protocol: + Add missing setKeytype method. + +[4.1.4] #5446 + Can't change webapp class loader + WebappLoader: + Use introspection to instantiate the class loader. + +[4.1.5] #9715 + 'Out of Memory' error with static html pages + ProxyDirContext: + Use a LRU based cache instead of a simple hashtable. + +[4.1.4] #9722 + java.lang.ClassCastException: + org.apache.catalina.connector.HttpRequestFacade + ApplicationDispatcher: + The check to unwrap must also handle facades. + +[4.1.5] #9700 + JNDIRealm authentication incorrectly succeeds with blank password + JNDIRealm: + The security exploit has been fixed. + +[4.1.5] HTMLManagerServlet: + Many improvements and small feature additions. + +[4.1.5] #8935 + Deadlock with reload in manager + StandardWrapper: + The deallocation of a wrapper will not timeout after 500 ms. + +[4.1.5] #8013 + DefaultServlet Throws NumberFormatException + DefaultServlet: + Use getDateHeader instead of instance local date parsers to solve + thread safety issues. + +[4.1.6] WebappClassLoader: + Fix a rare thread safety issue. + +[4.1.6] #9944 + JAASRealm not configurable + JAASRealm: + Fix configuration of the appName and userClassNames attributes. + +[4.1.6] StandardSession: + Fix session recycling. + +[4.1.6] #9318 + Summary: HttpSession getMaxInactiveInterval() throws + IllegalStateException + StandardSession: + Don't throw ISE. + +[4.1.6] ContextConfig: + Don't remove JNDI resources when stopping a web application. + +[4.1.6] StandardWrapper: + Capture System.out and System.err during load-on-startup. + +[4.1.6] ApplicationContext: + Fix major memory leak in the request dispatcher. Also improves + performance. + +[4.1.6] ApplicationHttpResponse: + Disallow using setLocale from an included servlet. + +[4.1.6] StandardContext: + Reset application context when stopping. + +[4.1.8] BootstrapService: + Prevent NPE when DaemonContext is not well initialised. + +[4.1.8] StandardServer: + Make sure the global resources are correctly initialized even if there + is no GlobalNamingResources element in server.xml. + +[4.1.8] MBean-descriptors: + Add PersistentManager MBean info to mbeans-descripor.xml so it doesn't + complain in case if you have PersistentManager. + +[4.1.8] #10967 + Summary: Java Deadlock in WebappClassLoader + WebappClassLoader: + Make ResourceEntry a separate class. + +[4.1.8] StandardSession: + Set manager to null before recycling. + +[4.1.9] StandardClassLoader: + Avoid potential security exception by not calling getParent. + +[4.1.9] #11307 + Summary: Deadlock in ClassLoader + WebappClassLoader: + Fix deadlock condition by modifying the synced block. + +[4.1.9] StandardHostDeployer: + Fire event when undeploying. + +[4.1.10] AuthenticatorBase: + Remove double URI decoding. + +[4.1.10] StandardHost: + Refactor log capture. + +[4.1.10] StandardServer: + Output server.xml in UTF8. + +[4.1.10] WebappClassLoader: + Fix problem where external repositories would always be ignored. + +[4.1.10] WebappClassLoader: + Generate properly encoded URLs. + +[4.1.10] #12041 + Summary: CGIServlet can block on input + CGIServlet: + Fix possible deadlock when reading CGI script output. + +[4.1.10] ErrorDispatcherValve: + Unwrap root cause error. + +[4.1.10] Documentation: + Fixes and small additons to the DBCP documentation. + +[4.1.10] StandardContext: + Add new "swallowOutput" flag, to allow configuring logger redirection. + +[4.1.11] catalina.policy: + Modify the file to reflect the new URLs to be used for codebase + declarations. + +[4.1.11] StandardContext: + Change the timing of the directory context allocation (now done + during start which is more consistent with the lifecycle of other + components). + +[4.1.11] #12041 + CGIServlet: + Better fix for bugzilla 12041 running an extra thread to deal + with STDERR. + +[4.1.11] CGIServlet: + Fix for CGI scripts run from a POST operation never get any + posted data. + +[4.1.11] DefaultServlet: + Assume text file when MIME type is unknown for including purposes. + +[4.1.11] ManagerServlet: + Allow manager to do operations on the root webapp. + +[4.1.11] BootstrapService: + Allow parameters to BootstrapService for jni/mod_jk2. + +[4.1.11] FileDirContext: + Add an option to allow symlinking (allowLinking). + +[4.1.11] FileDirContext: + Make the case sensitivity check based on the value of the + "caseSensitive" flag rather than on the path separator. Most Unix OSes + can set that to false. + +[4.1.12] SSLAuthenticator: + Add back client authentication support. + +[4.1.12] SECURITY: + Disable InvokerServlet in the default webapp configuration, + and restrict the servlets it can invoke. + +[4.1.12] #12286 + JDBCStore: + Fix NPE on shutdown. + +[4.1.13] StandardContext: + Major refactoring of the resources lifecycle handling, which is now + similar to the one of the other components. + +[4.1.13] #12985 + StandardWrapper: + Fix load on startup bug for JSPs. + +[4.1.13] StandardWrapper: + Add log swallowing support. + +[4.1.13] InvokerServlet: + SECURITY: Check the classname of the invoked servlet. + +[4.1.13] #13513 + StandardManager: + Add disabling persistence with a blank String. + +[4.1.13] Catalina: + SECURITY: Add security manager protection on Coyote components. + +[4.1.13] ErrorReportValve: + Performance optimization: don't generate a status report for status + codes < 400. + +[4.1.13] ProxyDirContext: + Cache non existing resources list to provide a major speedup for + welcome files processing. + +[4.1.13] ProxyDirContext: + Avoid object creation when reproting a not found resource. + +[4.1.13] ProxyDirContext: + Peformance fix: allow directory caching. + +[4.1.14] Catalina: + Fix security manager package protection configuration. + +[4.1.14] ContextConfig: + Fix TLD processing. + +[4.1.15] #13583 + ApplicationContext: + Add path normalization. + +[4.1.15] FileDirContext: + allowLinking will also disable case sensitivity checks (which are + relatively similar). + +[4.1.15] #13364 + StandardDefaultContext: + Properly refresh naming entries defined in the DefaultContext after a + reload. + +[4.1.16] server.xml + Disable timeout for JK2 connector. + +[4.1.16] MBeanUtils: + Relax restrictions on valve MBeans creation. + +[4.1.16] #14781 + CGIServlet: + Remove dependency on JDK 1.4. + +[4.1.16] FileStore: + Check for the existence of the session store file. + +[4.1.16] SSI: + Conditional SSI enhancement, better emulation of Apache SSI, + fix expression parser's handling of literals. + +[4.1.17] #15086 + StandardWrapper: + Use the swallowOutput flag when unloading. + +[4.1.17] #15077 + StandardWrapper: + Mark servlets as unavailable when the wrapper is stopped. + +[4.1.17] CGIServlet, SSIServlet: + Fix for SSI "normal" configuration which invokes a CGI script. + +[4.1.17] #15239 + NamingResourcesMBean: + Fix resource link creation. + +[4.1.18] CoyoteWriter, CoyoteResponse: + SECURITY: Fix writer reuse after an IOException occurred. + +[4.1.19] #15544 + DataSourceRealm: + Fixed the Realm-HOWTO docs for the DataSourceRealm. + +[4.1.19] #10383 + Ajp13: + Fix hanging Ajp13Processor and web server request when invalid + Cookie sent. An HTTP status code 400 - Bad Request is now returned. + +[4.1.19] ApplicationFilterConfig: + Wrap filter initialization with swallow output. + +[4.1.19] #15819 + StandardServer: + Don't write out listeners for StandardDefaultContext. + +[4.1.19] #15762 + StandardServer: + Filter special characters in DataSource URL. + +[4.1.19] #15890 + DefaultServlet: + Invalid date headers should be ignored. + +[4.1.19] ManagerBase: + Add code to guarantee uniqueness of a session ID (even though the + probability that this event occurs is negligible, some people feel + more comfortable with that code enabled). + +[4.1.19] RequestFilterValve: + Catch null pointer property to match on, deny by default if found. + +[4.1.19] #15378 + ProxyDirContext: + Fix cache invalidation problem when creating subcontexts or modifying + attributes. + +[4.1.20] #16316 + DataSourceRealm: + Removed code which validates the realm can connect to the db from + the realm start in case the JNDI named DataSource has not been + initialized yet. + +[4.1.20] #16106 + StandardServer: + Fix a problem where some valves would be incorrectly written + to server.xml. + +[4.1.20] StandardSession: + Don't recycle sessions, as the performance gain is minimal. + +[4.1.20] CookieTools: + Add spaces after ; in cookies. This avoids problems with IE on Mac. + +[4.1.20] Manager: + Add missing security mapping for deploy (this bug was introduced + in 4.1.19). + +[4.1.20] ManagerBase, StandardSession: + Correct problems related to the persistence of sessions. + +[4.1.20] ApplicationContext: + Add a workaround to allow retrieving contexts from the root context. + + +---------------- +Coyote Bug Fixes: +---------------- + +[4.1.13] #12998 + CoyoteAdapter: + Fix compatibility problem with AJP. + +[4.1.13] #13162 + CoyoteAdapter: + Decode the URI as a URI, not as a query-string. + +[4.1.13] #13658 + CoyoteAdapter: + Arrange to have the SSL attributes in the CoyoteRequest so that they + show up for getAttributeNames. + +[4.1.13] CoyoteConnector: + Allow disabling proxyName with an empty string. + +[4.1.13] CoyoteInputStream: + Implement available(). + +[4.1.13] CoyoteResponse: + Fix sendRedirect URL generation. + +[4.1.13] HTTP/1.1 Constants: + Increase max HTTP header buffer size to 48K. + +[4.1.13] HTTP/1.1 Http11Processor: + Performance: Save on B2C for host name handling. + +[4.1.13] HTTP/1.1 Http11Processor: + Performance: Use bytes comparisons to check the "connection" header + values. + +[4.1.13] HTTP/1.1 InternalOutputBuffer: + Performance: improve header generation. + +[4.1.13] #13270 + JK2 ChannelSocket: + TCP no delay was not implemented. + +[4.1.13] JK2 HandlerRequest: + Fix tomcatAuthentication support. + +[4.1.13] #11657 + JK2 JkMain: + Initialize https URLs if only JK connector is used. + +[4.1.13] Fix broken JSSE/SSL-support and include support for Cert-Auth with + JSSE 1.1.x. + +[4.1.15] JK2 JkCoyoteHander: + Fix problem where the same buffer was used for output and input. + +[4.1.15] Tomcat 4 Adapter: + Closing the output stream or writer in the Tomcat 4 adapter will now + finish the response. + +[4.1.15] HTTP/1.1 InternalOutputBuffer: + Fix possible loop scenarios which could happen if an invalid 0 length + read was made. + +[4.1.15] Coyote Response: + Improve special header handling to allow protocol handler to enforce + the protocol. + +[4.1.15] #14281 + Tomcat 4 Adapter OutputBuffer: + Properly compute the total size of the content written. + +[4.1.16] Tomcat 4 Adapter: + Performance: Delayed evaluation of the remote host address. + +[4.1.16] HTTP/1.1 Http11Processor: + Performance: Allow disabling upload timeout. + +[4.1.16] #14658 + Tomcat 4 Adapter CoyoteWriter: + Performance: Full reimplementation of PrintWriter, fixing syncing as + well as performance problems which occurred when a client abruplty + disconnected. + +[4.1.16] HTTP/1.1 Http11Processor: + Performance: Save on GC for commonly used Strings for protocol and + method name. + +[4.1.16] HTTP/1.1 InternalOutputBuffer: + Fix for an ArrayOutOfBound exception which could occur when + IOException (usually caused by a client disconnect) was raised + during a commit. + +[4.1.16] JK2 ChannelSocket: + Handle timeout exceptions. + +[4.1.16] JK2 ChannelSocket: + Allow disabling channel socket for JNI, as well as binding a specific + adress. + +[4.1.16] JK2 HandlerRequest: + Fix null getRemoteHost. + +[4.1.16] JK2 HandlerRequest, JKCoyoteHandler: + Lazy extraction of ssl certs to speed up jk/ajp13 when under SSL. + +[4.1.17] ActionCode: + Allow ActionCode to be used in a switch. + +[4.1.17] Response: + Fix Locale initilization to the default locale (en-us). + +[4.1.17] #15201 + Tomcat 4 Adapter: + Fix SSL attributes retrival with JK 2. + +[4.1.17] Tomcat 4 Adapter CoyoteResponse: + encodeURL does not encode session with empty URL (rfc2396). + +[4.1.17] HTTP/1.1 Http11Processor: + Fix incorrect setting of the socket timeout when the connection is + first established. + +[4.1.17] HTTP/1.1 Http11Processor: + Performance: Optimize soTimeout management when the upload timeout is + disabled. + +[4.1.17] PoolTcpEndpoint: + Reduce synchornization by not using connection object pooling. Also + minimize the amount of time during which no thread is listening on + the server socket. + +[4.1.17] ThreadPool: + Reduce synchronization by using an array of threads instead of + a Vector. + +[4.1.17] #15258 + JK 2 ChannelSocket: + Bind all addresses by default. + +[4.1.18] #15456 + JK 2 CoyoteHandler: + Fix NPE occurring in SSL mode. + +[4.1.19] ActionCode: + Fix incorrect number which could cause bad matching. + +[4.1.19] HTTP/1.1 Http11Processor: + Fix case sensitivity matching of some special header values, which + could prevent HTTP/1.0 keep alive with some clients. + +[4.1.19] PoolTcpEndpoint: + Fix incorrect handling when an exception occurs during a SSL + handshake. + +[4.1.19] PoolTcpEndpoint: + More robust socket restart code for the case where an exception occurs + during an accept. + +[4.1.19] ThreadPool: + Remove thread from active thread list when it ends. + +[4.1.20] CoyoteConnector: + Allow setting socket linger. + + +---------------- +Jasper Bug Fixes: +---------------- + +[4.1.1] #8290 + Summary: Problem in the code generated by jasper 2 + Generator: + This workaround for a JDK bug (BugParade Id: 4414162) introduces + a massive performance improvement when using pages containing + lots of tags. + +[4.1.2] Generator: + Fixes various problems introduced by the patch which removes + the try/catch tag nesting. + +[4.1.2] #8994 + Summary: JSPs don't recompile + JspServletWrapper: + Fix JSP recompilation when the new "development" flag is set to "true". + +[4.1.3] #5793 + Summary: Variable element in tld with TagExtraInfo class + TagLibraryInfoImpl: + Fix spec compliance problem. + +[4.1.3] PagaDataImpl: + Fix bug where only one validator could be used on a page. + +[4.1.3] #8565 + Summary: MyEntityResolver doesn't allow including user-defined entities + +[4.1.3] Generator: + Use an array instead of a collection to simulate the try/catch nesting. + +[4.1.3] Generator: + Fix spec compliance bug where a tag could define scripting variables in + both the TLD and the TagExtraInfo class. + +[4.1.5] Generator, PageContextImpl: + Fix tag BodyContent reuse. + +[4.1.5] Generator: + Code cleanup, removing the need for a state object. + +[4.1.5] Generator: + Fix bug when specifying a redirect which already included part of a + quesry string. + +[4.1.5] Compiler: + Clean up Ant error message generation. + +[4.1.5] #8926 + Summary: Duplicate variable definition in generated Java source, + related to custom tag scripting variable + Generator: + Fix variable declaration locations. + +[4.1.6] Compiler: + Further refactoring of the compiler. + +[4.1.6] #10048 + Summary: JSP forward removes ALL response wrappers + PageContextImpl: + Only unwrap Jasper added response wrapper. + +[4.1.6] #10035 + Summary: in rejected + Parser: + elements are now allowed. + +[4.1.6] #9996 + Summary: <@%include> breaks when the included page contains non-ascii + encoding + Validator: + Fix charset handling. + +[4.1.6] Generator: + Many fixes to nested tags and scripting variables handling. + +[4.1.6] Generator: + Add synchronization of the scripting variables. + +[4.1.8] #10896 + Summary: Parsing ContentType error + ParserController: + Fix parsing. + +[4.1.8] #10713 + Summary: Backslashes quoting quotes in attributes does not work + Parser: + Fix parsing. + +[4.1.8] #10711 + Summary: Relative filenames with ../ do not work for JSP-includes + JspCompilationContext: + Add back path normalization code. + +[4.1.8] #10670 + Summary: Problem in JSP compilation + Generator: + Fix compilation problem. + +[4.1.8] #10766 + Summary: <%@ page extends %> causes ClassCastException + JspServletWrapper: + Fix regression caused by the included JSP modification tracking. + +[4.1.9] #11463 + Summary: PageContextImpl.removeAttribute do not work correctly without + session object + PageContextImpl: + Add check for the existence of the session. + +[4.1.9] Validator: + Fix bug in setting the default content-type. + +[4.1.9] #10949 + Summary: Jasper2 compile error with struts logic tag & jsp:include + Generator: + Fix generated response type to HttpServletResponse. + +[4.1.9] #10629 + Summary: include directive fails when referencing Parent Path within + a WAR + JspCompilationContext: + Canonicalize URIs used for getResource and getResourceAsStream. + +[4.1.10] #11891 + Summary: JspC does not work for webapps + JspC: + Fix -webapp option. + +[4.1.10] Compiler, Generator: + Added step to determine which scripting variables must be declared. + +[4.1.10] #11942 + Summary: reassignment of variables to pagecontext attributes in body + loop + +[4.1.10] #11552 + Summary: Iteration tags do not resynchronize scripting variables after + doAfterBody() + +[4.1.10] #12128 + Summary: JSP Comment end symbol not recognized in some cases + +[4.1.11] Compiler: + Update to work with Jikes with all features. + +[4.1.11] #12387 + Compiler: + Work around limitations of the Ant path tokenization by using files. + +[4.1.11] Generator: + For the conversion of the value used in includes and others + to a String, as was done in previous Tomcat releases. + +[4.1.11] Generator: + Added synchronization of NESTED and AT_BEGIN variables after call to + doStartTag() of tag handlers implementing IterationTag, but not + BodyTag. + +[4.1.11] #12432 + Generator: + Can't compile JSP with nested custom tags that have VariableInfo. + +[4.1.11] JspServletWrapper: + Fix Jasper when "development" option is set to "false". + +[4.1.12] JspRuntimeContext: + Add permission to allow reading the work directory. + +[4.1.13] #13144 + Generator: + Ending comment eats up line following. + +[4.1.13] #13536 + Generator: + Bad value in plugin if the value is an expression. + +[4.1.13] JspRuntimeContext: + Make sure the CodeSource for JSP pages is created consistently + the same. + +[4.1.13] #13206 + JspRuntimeLibrary: + Invalid java bean property error message could be reported better. + +[4.1.13] #13843 + JspServlet: + Fix locking on Windows of big JSP files. + +[4.1.14] Compiler: + Add global synchronization on the javac invocation. + +[4.1.15] Jspc: + Rename "--compile" option to "-compile" (it was undocumented). + +[4.1.15] #14195 + ErrorDispatcher: + Fix NPE. + +[4.1.15] #14197 + Generator: + Allow jspDestroy to be overriden. + +[4.1.15] PageContextImpl: + Avoid flushing after processing the page. + +[4.1.16] #14577 + Generator: + Declarations should geneate a '\n' at end. + +[4.1.16] #14699 + Generator: + Scripting variables declared AT_END do not work when tag + implements TryCatchFinally. + +[4.1.17] Compiler: + Make exception reports more detailed. + +[4.1.19] #15531 + Background Thread Recompile: + Fixed a thread synchronization bug which could cause the thread which + does background JSP recompiles (development=false) to die. + +[4.1.19] #14200 + TldLocationCache: + TLDs under WEB-INF are not scanned for URI mappings. + +[4.1.19] JspWriterImpl: + Remove custom flushing, which caused client disconnects to log + stack traces with Jasper. + +[4.1.19] #15105 + PageContextImpl: + pushBody()/popBody() error on tomcat 4.1.X. + +[4.1.20] #15845 + Fixed JSP page compiles so that objects created for performing + the JSP page compiles which are not reused are dereferenced so + they are eligible for GC. This should reduce the memory footprint + and improve GC performance. + +[4.1.20] JspC: + Port fixes to JspC from HEAD, including support for packaged JSPs, and + fixes to webapp precompilation. + +[4.1.20] Compiler: + Dereference objects used during compilation, in order to allow + garbage collection. + +[4.1.20] Compiler: + Fixed a NPE caused by nulling errorDispatcher. + +[4.1.20] #16181 + Generator: + JspWriter not restored properly when exception thrown + in a tag's body content. + +[4.1.20] #16200 + Generator: + Fix isThreadSafe functionality. + +[4.1.20] #16449 + JspServletWrapper: + Fix race condition in the reloading check by using an object local + boolean. + + +============================ +KNOWN ISSUES IN THIS RELEASE: +============================ + +* Tomcat 4.1 and JNI Based Applications +* Tomcat 4.1 Standard APIs Available +* Tomcat 4.1 and XML Parsers +* Web application reloading and static fields in shared libraries +* JAVAC leaking memory +* Linux and Sun JDK 1.2.x - 1.3.x +* Enabling SSI and CGI Support +* Security manager URLs +* Using Jasper 1 with Tomcat 4.1 +* Administrartion web application +* Symlinking static resources +* Enabling invoker servlet + + +------------------------------------- +Tomcat 4.1 and JNI Based Applications: +------------------------------------- + +Applications that require native libraries must ensure that the libraries have +been loaded prior to use. Typically, this is done with a call like: + + static { + System.loadLibrary("path-to-library-file"); + } + +in some class. However, the application must also ensure that the library is +not loaded more than once. If the above code were placed in a class inside +the web application (i.e. under /WEB-INF/classes or /WEB-INF/lib), and the +application were reloaded, the loadLibrary() call would be attempted a second +time. + +To avoid this problem, place classes that load native libraries outside of the +web application, and ensure that the loadLibrary() call is executed only once +during the lifetime of a particular JVM. + + +---------------------------------- +Tomcat 4.1 Standard APIs Available: +---------------------------------- + +A standard installation of Tomcat 4 makes all of the following APIs available +for use by web applications (by placing them in "common/lib" or "shared/lib"): +* activation.jar (Java Activation Framework) +* ant.jar (Apache Ant 1.5) +* commons-collections.jar (Commons Collections 2.0) +* commons-dbcp.jar (Commons DBCP 1.0) +* commons-logging-api.jar (Commons Logging 1.0.1) +* commons-pool.jar (Commons Pool 1.0) +* jasper-compiler.jar (Jasper 2 Compiler) +* jasper-runtime.jar (Jasper 2 Runtime) +* jdbc2_0-stdext.jar (JDBC 2.0 Optional Package, javax.sql.*) +* jndi.jar (JNDI 1.2 base API classes) +* jta.jar (Java Transacation API 1.0.1a) +* mail.jar (JavaMail 1.2) +* naming-common.jar (JNDI Context implementation) +* naming-factory.jar (JNDI object factories) +* naming-resources.jar (JNDI DirContext implementations) +* servlet.jar (Servlet 2.3 and JSP 1.2 APIs) + +You can make additional APIs available to all of your web applications by +putting unpacked classes into a "classes" directory (not created by default), +or by placing them in JAR files in the "lib" directory. + +Tomcat 4.1 also makes available Xerces 2 to web applications. + + +-------------------------- +Tomcat 4.1 and XML Parsers: +-------------------------- + +As described above, Tomcat 4.1 makes an XML parser (and many other standard +APIs) available to web applications. This parser is also used internally +to parse web.xml files and the server.xml configuration file. If you wish, +you may replace the "xercesImpl.jar" file in "common/endorsed" with another +XML parser, as long as it is compatible with the JAXP 1.1 APIs. + + +--------------------------------------------------------------- +Web application reloading and static fields in shared libraries: +--------------------------------------------------------------- + +Some shared libraries (many are part of the JDK) keep references to objects +instantiated by the web application. To avoid class loading related problems +(ClassCastExceptions, messages indicating that the classloader +is stopped, ...), the shared libraries state should be reinitialized. + +Something which could help is to avoid putting classes which would be +referenced by a shared static field in the web application classloader, +and put them in the shared classloader instead (the JARs should be put in the +"lib" folder, and classes should be put in the "classes" folder). + + +-------------------- +JAVAC leaking memory: +-------------------- + +The Java compiler leaks memory each time a class is compiled. Web applications +containing hundreds of JSP files may as a result trigger out of memory errors +once a significant number of pages have been accessed. The memory can only be +freed by stopping Tomcat and then restarting it. + +The JSP command line compiler (JSPC) can also be used to precompile the JSPs. + +You can prevent this by setting the JspServlet init parameter fork to true +in conf/web.xml. This tells jasper to invoke java compiles of JSP pages +as an external process. + + +------------------------------- +Linux and Sun JDK 1.2.x - 1.3.x: +------------------------------- + +Virtual machine crashes can be experienced when using certain combinations of +kernel / glibc under Linux with Sun Hotspot 1.2 to 1.3. The crashes were +reported to occur mostly on startup. Sun JDK 1.4 does not exhibit the problems, +and neither does IBM JDK for Linux. + +The problems can be fixed by reducing the default stack size. At bash shell, +do "ulimit -s 2048"; use "limit stacksize 2048" for tcsh. + +GLIBC 2.2 / Linux 2.4 users should also define an environment variable: +export LD_ASSUME_KERNEL=2.2.5 + + +---------------------------- +Enabling SSI and CGI Support: +---------------------------- + +Having CGI and SSI available to web applications created security problems when +using a security manager (as a malicious web application could use them to +sidestep the security manager access control). In Tomcat 4.1, they have been +disabled by default, as our goal is to provide a fully secure default +configuration. However, CGI and SSI remain available. + +On Windows: +* rename the file %CATALINA_HOME%\server\lib\servlets-cgi.renametojar to + %CATALINA_HOME%\server\lib\servlets-cgi.jar. +* rename the file %CATALINA_HOME%\server\lib\servlets-ssi.renametojar to + %CATALINA_HOME%\server\lib\servlets-ssi.jar. +* in %CATALINA_HOME%\conf\web.xml, uncomment the servlet declarations starting + line 165 and 213, as well as the associated servlet mappings + line 265 and 274. Alternately, these servlet declarations and mappings can + be added to your web application deployment descriptor. + +On Unix: +* rename the file $CATALINA_HOME/server/lib/servlets-cgi.renametojar to + $CATALINA_HOME/server/lib/servlets-cgi.jar. +* rename the file $CATALINA_HOME/server/lib/servlets-ssi.renametojar to + $CATALINA_HOME/server/lib/servlets-ssi.jar. +* in $CATALINA_HOME/conf/web.xml, uncomment the servlet declarations starting + line 165 and 213, as well as the associated servlet mappings + line 265 and 274. Alternately, these servlet declarations and mappings can + be added to your web application deployment descriptor. + + +--------------------- +Security manager URLs: +--------------------- + +The URLs to be used in the policy file to grant permissions to JARs located +inside the web application repositories have changed in Tomcat 4.1. + +In Tomcat 4.0, codeBase URLs for JARs loaded from web application +repositories were: +jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/- + +In Tomcat 4.1, they should be: +file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar + + +------------------------------ +Using Jasper 1 with Tomcat 4.1: +------------------------------ + +It is possible to use Jasper 1 (included in Tomcat 4.0.x) with Tomcat 4.1, as +it has the same API and supports the same JSP API. + +To use Jasper 1 instead of Jasper 2, copy the two following JARs to +$CATALINA_HOME/common/lib (overwriting the two existing JARs): +* $TOMCAT40_HOME/lib/jasper-runtime.jar +* $TOMCAT40_HOME/lib/jasper-compiler.jar + +However, users are urged to use the version of Jasper included with Tomcat 4.1 +(Jasper 2), as it has much higher performance and scalability than Jasper 1. + + +------------------------------- +Administrartion web application: +------------------------------- + +The administration web application should currently be considered beta quality +code, but is supported as an official component of Tomcat 4.1. + +A finalized version will be delivered in an upcoming Tomcat 4.1 release. + + +--------------------------- +Symlinking static resources: +--------------------------- + +Unix symlinks will not work when used in a web application to link resources +located outside the web application root directory. + +This behavior is optional, and the "allowLinking" flag may be used to disable +the check. + + +------------------------ +Enabling invoker servlet: +------------------------ + +Starting with Tomcat 4.1.12, the invoker servlet is no longer available by +default in all webapp. Enabling it for all webapps is possible by editing +$CATALINA_HOME/conf/web.xml to uncomment the "/servlet/*" servlet-mapping +definition. + +Using the invoker servlet in a production environment is not recommended and +is unsupported. --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org