tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1155406 [2/2] - /tomcat/trunk/webapps/docs/changelog.xml
Date Tue, 09 Aug 2011 15:36:45 GMT

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1155406&r1=1155405&r2=1155406&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Aug  9 15:36:44 2011
@@ -24,16 +24,6 @@
   &project;
 
   <properties>
-    <author email="remm@apache.org">Remy Maucherat</author>
-    <author email="fhanik@apache.org">Filip Hanik</author>
-    <author email="rjung@apache.org">Rainer Jung</author>
-    <author email="kkolinko@apache.org">Konstantin Kolinko</author>
-    <author email="pero@apache.org">Peter Rossbach</author>
-    <author email="kfujino@apache.org">Keiichi Fujino</author>
-    <author email="timw@apache.org">Tim Whittington</author>   
-    <author email="mturk@apache.org">Mladen Turk</author>
-    <author email="schultz@apache.org">Christopher Schultz</author>
-    <author email="slaurent@apache.org">Sylvain Laurent</author>
     <title>Changelog</title>
   </properties>
 
@@ -52,3677 +42,11 @@
   Other fixed issues are added to the end of the list, chronologically.
   They eventually become mixed with the numbered issues. (I.e., numbered
   issues to not "pop up" wrt. others).
+  
+  Until the first Tomcat 8.0.0 release, only changes not back-ported to 7.0.x
+  should be listed here.
 -->
-<section name="Tomcat 7.0.20 (markt)">
-  <subsection name="Catalina">
-    <changelog>
-      <fix>
-        Corrected missing comma in the value of <code>jarsToSkip</code>
-        property in <code>conf/catalina.properties</code> file, which
-        caused tomcat-jdbc.jar and commons-beanutils*.jar to be not
-        ignored when scanning jars for tag libraries. (kkolinko)
-      </fix>
-      <fix>
-        <bug>41709</bug>: Provide exception messages where no message is
-        provided currently for IllegalStateExcpetions triggered by calling
-        HttpServletResponse methods when the reponse is committed. (markt)
-      </fix>
-      <fix>
-        <bug>51509</bug>: Fix potential concurrency issue in CSRF prevention
-        filter that may lead to some requests failing that should not. (markt)
-      </fix>
-      <fix>
-        <bug>51518</bug>: Correct error in web.xml parsing rules for the
-        &lt;others/&gt; tag when using absolute ordering. (markt)
-      </fix>
-      <add>
-        Move the SetCharacterEncoding filter from the examples web application
-        to the <code>org.apache.catalina.filters</code> package so it is
-        available for all web applications. (markt)
-      </add>
-      <fix>
-        <bug>51550</bug>: Internal errors in Tomcat components that process
-        requests before they are passed to a web application, such as
-        Authenticators, now return a 500 response rather than a 200 response.
-        (markt)
-      </fix>
-      <fix>
-        <bug>51555</bug>: Allow destroy() to be called on Lifecycle components
-        that are in the initialized state. (markt)
-      </fix>
-      <add>
-        Add x-threadname pattern format token to ExtendedAccessLogValve to log
-        the current request thread name. Based on a patch from Felix Schumacher.
-        (timw)
-      </add>
-      <fix>
-        <bug>51584</bug>: Ensure file paths are encoded/decoded when translated
-        to/from URLs when working with resources from a Context so special
-        characters don't cause issues. (markt)
-      </fix>
-      <fix>
-        <bug>51586</bug>: Expand error handling to cover anything that is
-        recoverable (or might be recoverable) when loading classes during
-        HandlesTypes processing. (markt)
-      </fix>
-      <fix>
-        <bug>51588</bug>: Make it easier to extend the AccessLogValve to add
-        support for custom elements. (markt)
-      </fix>
-      <fix>
-        Ensure that calls to StandardWrapper methods() that may trigger creation
-        of a Servlet instance always do so in way that correctly instantiates a
-        Servlet instance. (markt)
-      </fix>
-      <fix>
-        In JDBCStore: Committing connection if autoCommit is false.
-        Make sure committed connection is returned to the pool if datasource is 
-        enabled. (kfujino)
-      </fix>
-      <add>
-        Split <code>condition</code> attribute of AccessLogValve into two,
-        <code>conditionIf</code> and <code>conditionUnless</code>. Implement
-        conditional logging that logs only if a request attribute is present.
-        (kkolinko)
-      </add>
-      <fix>
-        Allow to have several AccessLogValve instances in the same scope (e.g.
-        in the same Context). (kkolinko)
-      </fix>
-      <fix>
-        <bug>51610</bug>: If an unchecked exception occurs during a lifecycle
-        transition (e.g. web application start) ensure that the component is
-        put into the failed state. (markt)
-      </fix>
-      <fix>
-        <bug>51614</bug>: Avoid calling store.load() and  session.expire()
-        twice in PersistentManager when expiring sessions. (kfujino)
-      </fix>
-      <fix>
-        Prevent spurious log warnings on container stop if a child component has
-        previously failed. (markt)
-      </fix>
-      <fix>
-        Add missing getter and setter for the alwaysUseSession attribute of the
-        authenticators. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <fix>
-        <bug>49595</bug>: Prevent JVM crash with the AJP APR connector when
-        flushing a closed socket. (jfclere)
-      </fix>
-      <fix>
-        <bug>50394</bug>: Return -1 instead throwing an exception when
-        encountering an EOF while processing an input stream with the HTTP APR
-        connector. (jfclere)
-      </fix>
-      <fix>
-        Correctly handle a connectionTimeout value of -1 (no timeout) for the
-        HTTP NIO and AJP NIO connectors. (markt)
-      </fix>
-      <fix>
-        <bug>51503</bug>: Add additional validation that prevents a connector
-        from starting if it does not have a port > 0. (markt)
-      </fix>
-      <fix>
-        <bug>51557</bug>: Ignore HTTP headers that do not comply with RFC 2616
-        and use header names that are not tokens. (markt)
-      </fix>
-      <add>
-        Improve error handling for HTTP APR if an error occurs while using
-        sendfile. (markt) 
-      </add>
-      <fix>
-        Ensure that when using sendfile, HTTP APR sockets are not added to
-        multiple pollers. This may cause errors during shutdown. (markt)
-      </fix>
-      <update>
-        Set <code>reuse</code> flag of final AJP <code>END_RESPONSE</code>
-        packet to <code>0</code> if we plan to close the connection. (rjung)
-      </update>
-      <update>
-        Correctly indicate if socket is closing when calling recycle for the AJP
-        NIO processor. Note since the flag is unused in this case there were no
-        bugs triggered by the re-factoring error. (rjung)
-      </update>
-    </changelog>
-  </subsection>
-  <subsection name="Jasper">
-    <changelog>
-      <fix>
-        <bug>51532</bug>: JSP files with dependencies in JARs were recompiled on
-        every access leading to poor performance. (markt)
-      </fix>
-      <fix>
-        <bug>51544</bug>: Correctly resolve bean methods in EL so accessible
-        methods that are overridden by inaccessible methods do not cause an
-        IllegalAccessException. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Web applications">
-    <changelog>
-      <fix>
-        <bug>41498</bug>: Add the allRolesMode attribute to the Realm
-        configuration page in the documentation web application. (markt)
-      </fix>
-      <fix>
-        <bug>48997</bug>: Fixed some typos and correct cross-referencing to the
-        HTTP Connector documentation with the SSL How-To page of the
-        documentation web application. (markt)
-      </fix>
-      <fix>
-        <bug>49122</bug>: Improvements and fixes for index page for ROOT web
-        application. Based on a patch provided by pidster. (markt)
-      </fix>
-      <fix>
-        <bug>51516</bug>: Correct documentation web application to show correct
-        system property name for changing the name of the SSO session cookie.
-        (markt)
-      </fix>
-      <update>
-        Configure the Manager and Host Manager web applications with the Set
-        Character Encoding Filter to make the default request character encoding
-        UTF-8 to improve i18n support. Note that best results will be obtained
-        if the connector is also configured with
-        <code>URIEncoding=&quot;UTF-8&quot;</code>.(markt)  
-      </update>
-      <update>
-        Update the documentation web application to be even more explicit about
-        the implications of setting the path attribute on a Context element in
-        server.xml. (markt)
-      </update>
-      <fix>
-        <bug>51561</bug>: Update the Realm page within the documentation web
-        application to recommend the use of digest.[bat|sh] to generate digests
-        rather than calling RealmBase directly. (markt) 
-      </fix>
-      <fix>
-        <bug>51567</bug>: Update the class loading page of the documentation
-        web application to include information on the search order for the
-        common class loader when separate values are used for $CATALINA_HOME and
-        $CATALINA_BASE. (markt) 
-      </fix>
-      <update>
-        Improve class loading documentation and logging documentation.
-        (kkolinko)
-      </update>
-      <add>
-        Add information to the security page of the the documentation web
-        application for the ciphers attribute of the Connector element. (markt)
-      </add>
-    </changelog>
-  </subsection>
-  <subsection name="Other">
-    <changelog>
-      <fix>
-        <bug>51503</bug>: Add additional validation to Windows installer that
-        ensure that the shutdown port, HTTP port and AJP port are all specified
-        during the install process. (markt)
-      </fix>
-      <fix>
-        <bug>51531</bug>: Update sample Eclipse classpath file to reflect
-        updated ECJ jar. Patch provided by Ian Brandt. (markt)
-      </fix>
-      <update>
-        Convert Tomcat unit tests to JUnit 4. (kkolinko)
-      </update>
-      <update>
-        Update optional CheckStyle library to 5.4. (kkolinko)
-      </update>
-      <update>
-        Remove <code>resolveHosts</code> attribute from AccessLogValve
-        configuration in the default <code>server.xml</code>. It was documented
-        in 7.0.19 that it has no effect. (kkolinko)
-      </update>
-      <update>
-        Simplify mapping for <code>jsp</code> servlet in the default
-        <code>web.xml</code>. (kkolinko)
-      </update>
-      <fix>
-        Correctly handle uninstall with the Windows installer of the service is
-        installed with a name that contains a &apos;-&apos; character. (markt)
-      </fix>
-      <fix>
-        <bug>51598</bug>: Prevent direct invocation of the Windows uninstaller
-        without a service name from executing since the uninstall will not be
-        complete. (markt)
-      </fix>
-      <fix>
-        Use Tomcat icon (cat) instead of Apache Commons Daemon (feather) one
-        in the list of uninstallable programs on Windows. (kkolinko) 
-      </fix>
-      <update>
-        Update to Apache Commons Daemon 1.0.7. (markt)
-      </update>
-      <fix>
-        <bug>51621</bug>: Add additional required JARs to the deployer
-        distribution. (markt) 
-      </fix>
-      <fix>
-        Fix a small number of warnings reported by FindBugs. (markt)
-      </fix>
-      <update>
-        Update to version 1.1.22 of the native component for the AJP APR/native
-        and HTTP APR/native connectors. (markt)
-      </update>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.19 (markt)" rtext="released 2011-07-19">
-  <subsection name="Catalina">
-    <changelog>
-      <add>
-        Add option to activate access log for unit tests. (rjung)
-      </add>
-      <fix>
-        Fix regression in year number formatting for AccessLogValve. (rjung)
-      </fix>
-      <add>
-        <bug>46252</bug>: Allow to specify character set to be used to write
-        the access log in AccessLogValve. (kkolinko)
-      </add>
-      <fix>
-        <bug>51494</bug>: Prevent an NPE when a long running request completes
-        if the associated web application was destroyed while the request was
-        processing. (markt)
-      </fix>
-      <update>
-        Allow choosing a locale for timestamp formatting in AccessLogValve.
-        (rjung)
-      </update>
-      <fix>
-        When generating access logs for errors, log at the Context/Host level if
-        a Context or Host can be identified for the failed request. (markt)
-      </fix>
-      <update>
-        Create a directory for access log or error log (in AccessLogValve and
-        in JULI FileHandler) automatically when it is specified as a part of
-        the file name, e.g. in the <code>prefix</code> attribute. Earlier this
-        happened only if it was specified with the <code>directory</code>
-        attribute. (kkolinko)
-      </update>
-      <fix>
-        Log a failure if access log file cannot be opened. (kkolinko)
-      </fix>
-      <fix>
-        Use en_US as locale for timestamps in ExtendedAccessLogValve.
-        (rjung)
-      </fix>
-      <fix>
-        Use en_US as locale for creationdate in WebdavServlet. (rjung)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <update>
-        <bug>51477</bug>: Support all SSL protocol combinations in the
-        APR/native connector. This only works when using the native library
-        version 1.1.21 or later, which is not yet released. (rjung)
-      </update>
-      <update>
-        Various refactorings to reduce code duplication and unnecessary code in
-        the connectors. (markt)
-      </update>
-      <fix>
-        Correct regression introduced in 7.0.17 that triggered 400 entries in
-        the AccessLog when using the AJP/BIO connector. (markt)
-      </fix>
-      <fix>
-        Fix regression producing invalid MBean names when using IPV6
-        addresses for connectors. (rjung)
-      </fix>
-      <fix>
-        Add missing thread name in RequestProcessor when Servlet 3 Async
-        is used. Fixes null thread name in access log and JMX MBean. (rjung)
-      </fix>
-      <fix>
-        Fix CVE-2011-2526. Protect against infinite loops (HTTP NIO) and crashes
-        (HTTP APR) if sendfile is configured to send more data than is available
-        in the file. (markt)
-      </fix>
-      <fix>
-        Prevent NPEs when a socket is closed in non-error conditions after
-        sendfile processing when using the HTTP NIO connector. (markt) 
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Cluster">
-    <changelog>
-      <update>
-        Remove unnecessary server.xml parsing code for old cluster
-        implementation that does not ship as part of Tomcat 7. (markt)
-      </update>
-    </changelog>
-  </subsection>
-  <subsection name="Web applications">
-    <changelog>
-      <add>
-        Add additional information to the documentation web application on the
-        benefits and remaining risks when running under a security manager.
-        (markt)
-      </add>
-      <fix>
-        <bug>51490</bug>: Correct broken HTML in JSP tag plugin examples and
-        improve the &lt;c:if&gt; example to make failures more obvious. Based on
-        suggestions by Charles. (markt)
-      </fix>
-      <add>
-        Document ExtendedAccessLogValve. (rjung)
-      </add>
-      <fix>
-        Correct default value of <code>enableLookups</code> for connectors
-        and mention, that <code>resolveHosts</code> for the AccessLogValve
-        is replaced by <code>enableLookups</code>. (rjung)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Other">
-    <changelog>
-      <update>
-        Update to Commons Daemon 1.0.6. (markt)
-      </update>
-      <update>
-        Update to Eclipse JDT Compiler 3.7. (markt)
-      </update>
-      <add>
-        Include jdbc-pool into tomcat release. (fhanik)
-      </add>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.18 (markt)" rtext="not released">
-  <subsection name="Catalina">
-    <changelog>
-      <fix>
-        Correct regression introduced in 7.0.17 that triggered an NPE if a
-        CrawlerSessionManagerValve was used without setting crawlerUserAgents.
-        (markt)
-      </fix>
-      <fix>
-        <bug>51466</bug>: Correct comment typos in HostManagerServlet. Patch
-        provided by Felix Schumacher. (markt)
-      </fix>
-      <fix>
-        <bug>51467</bug>: Invoke Thread.start() rather than Thread.run() so that
-        listeners and filters are stopped in a separate thread rather than the
-        current thread. Patch provided by Felix Schumacher. (markt)  
-      </fix>
-      <fix>
-        <bug>51473</bug>: Fix concatenation of values in
-        <code>SecurityConfig.setSecurityProperty()</code>. (kkolinko)
-      </fix>
-      <fix>
-        Fix response.encodeURL() for the special case of an absolute URL
-        with no path segment (http://name). (rjung)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <fix>
-        Correct regression caused by connector re-factoring that made AJP
-        APR/native connector very unstable on Windows platforms. (markt)
-      </fix>
-      <fix>
-        Correct regression caused by connector re-factoring that meant that
-        sendfile data was not reset between pipe-lined HTTP requests. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Tribes">
-    <changelog>
-      <update>
-        Re-factor tests to align packages for tests with the classes under test.
-        Start to convert non-JUnit tests to JUnit. Remove unnecessary code.
-        (markt) 
-      </update>
-      <fix>
-        Add synchronization to receiver socket binding to prevent test failures
-        on Linux. (markt) 
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Other">
-    <changelog>
-      <fix>
-        More code clean-up to remove unused code and reduce IDE warnings.
-        (markt/kkolinko)
-      </fix>
-      <update>
-        Further improvements to the Windows installer. (markt/kkolinko)
-      </update>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.17 (markt)" rtext="not released">
-  <subsection name="Catalina">
-    <changelog>
-      <add>
-        <bug>48956</bug>: Add regular expression support for SSI. (markt)
-      </add>
-      <add>
-        <bug>49165</bug>: Allow any time stamp formats supported by
-        SimpleDateFormat in AccessLogValve. Support logging begin and/or end of
-        request. (rjung)
-      </add>
-      <add>
-        <bug>50677</bug>: Allow system property variables to be used in the
-        values of "common.loader" and other "*.loader" properties in the
-        <code>catalina.properties</code> file. (kkolinko)
-      </add>
-      <fix>
-        <bug>51376</bug>: When adding a Servlet via
-        ServletContext#addServlet(String, Servlet), the Servlet was not
-        initialized when the web application started and a load on startup value
-        was set. (markt)
-      </fix>
-      <fix>
-        <bug>51386</bug>: Correct code for processing @HandlesTypes annotations
-        so only types of interest are reported to a ServletContainerInitializer.
-        (markt)
-      </fix>
-      <update>
-        Add the Tomcat extras, ant-junit and Java Help Jars to the list of JARs
-        to skip when scanning for TLDs and web fragments. (rjung)
-      </update>
-      <fix>
-        The fix for bug <bug>51310</bug> caused a regression that re-introduced
-        bug <bug>49957</bug> and deleted the contents of the work directory
-        when Tomcat was shutdown. This fix ensures that that work directory for
-        an application is not deleted when Tomcat is shutdown. (markt)
-      </fix>
-      <fix>
-        Correct issues with JULI&apos;s OneLineFormatter including: correctly
-        re-using formatted timestamps when possible; thread-safety issues in
-        timestamp formatting; correcting the output of any milliseconds to
-        include leading zeros and formatting any parameters present.
-        (kkolinko/markt/rjung)
-      </fix>
-      <fix>
-        <bug>51395</bug>: Fix memory leak triggered when an application that
-        includes a SAXParserFactory is the first web application to be loaded.
-        (markt)
-      </fix>
-      <fix>
-        <bug>51396</bug>: Correctly handle jsp-file entries in web.xml when the
-        JSP servlet has been configured via code when embedding Tomcat. (markt)
-      </fix>
-      <fix>
-        <bug>51400</bug>: Avoid known bottleneck in JVM when converting between
-        Strings and bytes by always providing a Charset rather than an encoding
-        name. Based on a patch by Dave Engberg. (markt)
-      </fix>
-      <fix>
-        <bug>51401</bug>: Correctly initialise shared WebRuleSet instance used
-        by the digesters that parse web.xml and prevent incorrect warnings about
-        multiple occurrences of elements that are only allowed to appear once in
-        web.xml and web-fragment.xml. (kfujino)
-      </fix>
-      <add>
-        <bug>51403</bug>: Avoid NPE in JULI FileHandler if formatter is
-        misconfigured. (kkolinko)
-      </add>
-      <fix>
-        Previous improvements in JAR scanning performance introduced a start-up
-        performance penalty for some use cases. This fix addresses those
-        performance penalties while retaining the original improvements. (markt) 
-      </fix>
-      <add>
-        <bug>51418</bug>: Provide more control over Context creation when
-        embedding Tomcat. Based on a patch by Benson Margulies. (markt/kkolinko)
-      </add>
-      <fix>
-        Remove redundant copy of catalina.properties from o.a.c.startup.
-        Generate this copy for inclusion in bin and src jars during the
-        ant "compile" task. (rjung)
-      </fix>
-      <fix>
-        Use system properties loaded from catalina.properties via the class
-        path in unit tests. (rjung)
-      </fix>
-      <update>
-        Improve JMX unit test. (rjung)
-      </update>
-      <fix>
-        Fix IllegalStateException for JavaScript files when switching from
-        Writer to OutputStream. The special handling of this case in the
-        DefaultServlet was broken due to a MIME type change for JavaScript.
-        (funkman)
-      </fix>
-      <fix>
-        Fix CVE-2011-2204. Prevent user passwords appearing in log files if a
-        runtime exception (e.g. OOME) occurs while creating a new user for a
-        MemoryUserDatabase via JMX. (markt)
-      </fix>
-      <fix>
-        Fix an issue with the CrawlerSessionManagerValve that meant sessions
-        were not always correctly tracked. (markt)
-      </fix>
-      <fix>
-        <bug>51436</bug>: Send 100 (Continue) response earlier to enable
-        ServletRequestListener implementations to read the request body. Based
-        on a patch by Simon Olofsson. (markt)
-      </fix>
-      <fix>
-        Ensure an access log entry is made if an error occurs during
-        asynchronous request processing and the socket is immediately closed.
-        (markt)
-      </fix>
-      <fix>
-        Ensure that if asyncDispatch() is called during an onTimeout event and
-        the target Servlet does not call startAsync() or complete() that Tomcat
-        calls complete() once the target Servlet exits. (markt)
-      </fix>
-      <fix>
-        Improve the handling for Servlets that implement the deprecated
-        SingleThreadModel when embedding Tomcat. (markt)
-      </fix>
-      <fix>
-        <bug>51445</bug>: Correctly initialise all instances of Servlets that
-        implement SingleThreadModel. Based on a patch by Felix Schumacher.
-        (markt)
-      </fix>
-      <fix>
-        <bug>51453</bug>: Fix a regression in the preemptive authentication
-        support (enhancement <bug>12428</bug>) that could trigger authentication
-        even if preemptive authentication was disabled. (markt) 
-      </fix>
-      <fix>
-        Prevent possible NPE when serving Servlets that implement the
-        SingleThreadModel interface. (markt)
-      </fix>
-      <fix>
-        In launcher for embedded Tomcat: do not change <code>catalina.home</code>
-        system property if it had a value. (kkolinko)
-      </fix>
-      <fix>
-        When using Servlets that implement the SingleThreadModel interface, add
-        the single instance created to the pool when it is determined that a
-        pool of servlets is required rather than throwing it away. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <fix>
-        Fix unit test for bindOnInit which was failing for APR on some
-        platforms. (rjung)
-      </fix>
-      <fix>
-        Remove superfluous quotes from thread names for connection pools.
-        (rjung)
-      </fix>
-      <fix>
-        Fix crash observed during pausing the connector when using APR.
-        Only add socket to poller if we are sure we don't close it later.
-        (rjung)
-      </fix>
-      <update>
-        Various refactorings to reduce code duplication and unnecessary code in
-        the connectors. (markt)
-      </update>
-      <fix>
-        Correct a regression introduced in Apache Tomcat 7.0.11 that broke
-        certificate revocation list handling. (markt) 
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Jasper">
-    <changelog>
-      <update>
-        Improve the message printed by TldLocationsCache and add configuration
-        example to the <code>logging.properties</code> file. (kkolinko)
-      </update>
-      <fix>
-        <bug>33453</bug>: Recompile JSPs if last modified time of the source or
-        any of its dependencies changes either forwards or backwards. Note that
-        this introduces an incompatible change to the code generated for JSPs.
-        Tomcat will automatically re-compile any JSPs and tag files found in the
-        work directory when upgrading from 7.0.16 or earlier to 7.0.17 or later.
-        If you later downgrade from 7.0.17 or later to 7.0.16 or earlier, you
-        must empty the work directory as part of the downgrade process. (markt)
-      </fix>
-      <fix>
-        <bug>36362</bug>: Handle the case where tag file attributes (which can
-        use any valid XML name) have a name which is not a Java identifier.
-        (markt/kkolinko)
-      </fix>
-      <add>
-        Broaden the exception handling in the EL Parser so that more failures to
-        parse an expression include the failed expression in the exception
-        message. Hopefully, this will help track down the cause of
-        <bug>51088</bug>. (markt)
-      </add>
-    </changelog>
-  </subsection>
-  <subsection name="Cluster">
-    <changelog>
-      <fix>
-        <bug>51306</bug>: Avoid NPE when handleSESSION_EXPIRED is processed 
-        while handleSESSION_CREATED is being processed. (kfujino)
-      </fix>
-      <fix>
-        Notifications of changes in session ID to other nodes in the cluster
-        should be controlled by notifySessionListenersOnReplication rather than
-        notifyListenersOnReplication. (markt)
-      </fix>
-      <fix>
-        The change in session ID is notified to the container event listener on 
-        the backup node in cluster. 
-        This notification is controlled by 
-        notifyContainerListenersOnReplication.(kfujino)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Web applications">
-    <changelog>
-      <fix>
-        Update Maven repository information in the documentation to reflect
-        current usage. (markt)
-      </fix>
-      <add>
-        <bug>43538</bug>: Add host name and IP address to the HTML Manager
-        application. Patch by Dennis Lundberg. (markt)
-      </add>
-      <fix>
-        Add <code>session="false"</code> directive to the index page of the
-        ROOT web application. (kkolinko)
-      </fix>
-      <fix>
-        <bug>51443</bug>: Document the notifySessionListenersOnReplication
-        attribute for the DeltaManager. (markt)
-      </fix>
-      <fix>
-        <bug>51447</bug>: Viewing a back up session in the HTML Manager web
-        application no longer changes the session to a primary session. Based on
-        a patch provided by Eiji Takahashi. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Other">
-    <changelog>
-      <fix>
-        <bug>33262</bug>: Install monitor to auto-start for current user only
-        rather than all users to be consistent with menu item creation. (markt)
-      </fix>
-      <add>
-        <bug>40510</bug>: Provide an option to install shortcuts for the current
-        user or all users. Also ensure registry is correctly cleaned on
-        uninstall for 64-bit platforms. (markt)
-      </add>
-      <add>
-        <bug>50949</bug>: Provide the ability to specify the AJP port and
-        service name when installing Tomcat using the Windows installer. This
-        permits multiple instances of the same Tomcat version to be installed
-        side-by-side. (markt)
-      </add>
-      <update>
-        Clean up shell and batch scripts (improve consistency,
-        clarify comments, add <code>configtest</code> command support for
-        Windows). (rjung)
-      </update>
-      <fix>
-        <bug>51206</bug>: Make CATALINA_BASE visible for setenv.sh. (rjung)
-      </fix>
-      <update>
-        Remove unnecessary variable BASEDIR from scripts. (rjung)
-      </update>
-      <fix>
-        <bug>51425</bug>, <bug>51450</bug>: Update Spanish translations. Based
-        on patches provided by Jesus Marin. (markt) 
-      </fix>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.16 (markt)" rtext="released 2011-06-17">
-  <subsection name="Catalina">
-    <changelog>
-      <fix>
-        <bug>51249</bug>: Further improve system property replacement code
-        in ClassLoaderLogManager of Tomcat JULI to cover some corner cases.
-        (kkolinko)
-      </fix>
-      <fix>
-        <bug>51264</bug>: Improve the previous fix for this issue by returning
-        the connection to the pool when not in use so it does not appear to be
-        an abandoned connection. Patch provided by Felix Schumacher. (markt)
-      </fix>
-      <fix>
-        <bug>51324</bug>: Improve handling of exceptions when flushing the
-        response buffer to ensure that the doFlush flag does not get stuck in
-        the enabled state. Patch provided by Jeremy Norris. (markt)
-      </fix>
-      <fix>
-        Correct a regression in the fix for <bug>51278</bug> that prevented any
-        web application from being marked as distributable. (kfujino/markt)
-      </fix>
-      <fix>
-        Correct a regression in the fix for <bug>51278</bug> that prevented a
-        web application from overriding the default welcome files. (markt)
-      </fix>
-      <fix>
-        Enable remaining valves for Servlet 3 asynchronous processing support.
-        (markt)
-      </fix>
-      <fix>
-        Avoid possible NPE when logging requests received during embedded Tomcat
-        shutdown. (markt)
-      </fix>
-      <fix>
-        <bug>51340</bug>: Fix thread-safety issue when parsing multiple web.xml
-        files in parallel. Apache Tomcat does not do this but products that
-        embed it may. (markt)
-      </fix>
-      <fix>
-        <bug>51344</bug>: Fix problem with Lifecycle re-factoring for deprecated
-        embedded class that prevented events being triggered. (markt) 
-      </fix>
-      <fix>
-        <bug>51348</bug>: Prevent possible NPE when processing WebDAV locks.
-        (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <fix>
-        When parsing the port in the HTTP host header, restrict the value to be
-        base 10 integer digits rather than hexadecimal ones.
-        (rjung/markt/kkolinko) 
-      </fix>
-      <update>
-        Various refactorings to reduce code duplication and unnecessary code in
-        the connectors. (markt)
-      </update>
-    </changelog>
-  </subsection>
-  <subsection name="Jasper">
-    <changelog>
-      <update>
-        Change JAR scanning log messages where no TLDs are found to DEBUG level
-        and replace the multiple messages with a single INFO level message that
-        indicates that at least one JAR was scanned needlessly and how to obtain
-        more info. (markt)
-      </update>
-    </changelog>
-  </subsection>
-  <subsection name="Cluster">
-    <changelog>
-      <fix>
-        Enable Servlet 3 asynchronous processing support when using clustering.
-        (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Web applications">
-    <changelog>
-      <fix>
-        Correct the log4j configuration settings when defining conversion
-        patterns in the documentation web application. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.15 (markt)" rtext="not released">
-  <subsection name="Catalina">
-    <changelog>
-      <fix>
-        <bug>27122</bug>: Remove a workaround for a very old and since fixed
-        Mozilla bug and change the default value of the securePagesWithPragma
-        attribute of the Authenticator Valves to false. These changes should
-        reduce the likelihood of issues when downloading files with IE. (markt) 
-      </fix>
-      <fix>
-        <bug>35054</bug>: Check that a file is not specified for a Host&apos;s
-        appBase and log an error if it is. (markt)
-      </fix>
-      <fix>
-        <bug>51197</bug>: Fix possible dropped connection when sendError or
-        sendRedirect are used during async processing. (markt)
-      </fix>
-      <fix>
-        <bug>51221</bug>: Correct Spanish translation of text used in a 302
-        response. Patch provided by Paco Soberón. (markt)
-      </fix>
-      <fix>
-        <bug>51249</bug>: Correct ClassLoaderLogManager system property
-        replacement code so properties of the form "}${...}" can be used
-        without error. (markt) 
-      </fix>
-      <fix>
-        <bug>51264</bug>: Allow the JDBC persistent session store to use a
-        JNDI datasource to define the database in which sessions are persisted.
-        Patch provided by Felix Schumacher. (markt)
-      </fix>
-      <fix>
-        <bug>51274</bug>: Add missing i18n strings in PersistentManagerBase.
-        Patch provided by Eiji Takahashi. (markt)
-      </fix>
-      <fix>
-        <bug>51276</bug>: Provide an abstraction for accessing content in JARs
-        so the most efficient method can be selected depending on the type of
-        URL used to identify the JAR. This improves startup time when JARs are
-        located in $CATALINA_BASE/lib. (markt)
-      </fix>
-      <fix>
-        <bug>51277</bug>: Improve error message if an application is deployed
-        with an incomplete FORM authentication configuration. (markt)
-      </fix>
-      <fix>
-        <bug>51278</bug>: Allow ServletContainerInitializers to override
-        settings in the global default web.xml and the host web.xml. (markt)
-      </fix>
-      <fix>
-        <bug>51310</bug>: When stopping the Server object on shutdown call
-        destroy() after calling stop(). (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <add>
-        <bug>51145</bug>: Add an AJP-NIO connector. (markt/rjung)
-      </add>
-    </changelog>
-  </subsection>
-  <subsection name="Jasper">
-    <changelog>
-      <add>
-        <bug>51220</bug>: Add a system property to enable tag pooling with JSPs
-        that use a custom base class. Based on a patch by Dan Mikusa. (markt)
-      </add>
-      <add>
-        Include a comment header in generated java files that indicates when the
-        file was generated and which version of Tomcat generated it. (markt)
-      </add>
-      <fix>
-        <bug>51240</bug>: Ensure that maxConnections limit is enforced when
-        multiple acceptor threads are configured. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Cluster">
-    <changelog>
-      <fix>
-        <bug>51230</bug>: Add missing attributes to JMX for ReplicationValve and
-        JvmRouteBinderValve. Patch provided by Eiji Takahashi. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Web applications">
-    <changelog>
-      <add>
-        Add documentation for AJP-NIO connector. (markt/rjung)
-      </add>
-      <fix>
-        <bug>51182</bug>: Document JAAS supported added in <bug>51119</bug>.
-        Patch provided by Neil Laurance. (markt)
-      </fix>
-      <fix>
-        <bug>51225</bug>: Fix broken documentation links for non-English locales
-        in the HTML Manager application. Patch provided by Eiji Takahashi.
-        (markt)
-      </fix>
-      <fix>
-        <bug>51229</bug>: Fix bugs in the Servlet 3.0 asynchronous examples.
-        Patch provided by Eiji Takahashi. (markt)
-      </fix>
-      <fix>
-        <bug>51251</bug>: Add web application version support to the Ant tasks.
-        Based on a patch provided by Eiji Takahashi. (markt) 
-      </fix>
-      <fix>
-        <bug>51294</bug>: Clarify behaviour of unpackWAR attribute of
-        StandardContext components. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Other">
-    <changelog>
-      <fix>
-        <bug>46451</bug>: Configure svn:bugtraq properties for Tomcat trunk.
-        Based on a patch provided by Marc Guillemot. (markt)
-      </fix>
-      <fix>
-        <bug>51309</bug>: Correct logic in catalina.sh stop when using a PID
-        file to ensure the correct message is shown. Patch provided by Caio
-        Cezar. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.14 (markt)" rtext="released 2011-05-12">
-  <subsection name="Catalina">
-    <changelog>
-      <update>
-        Stylistic improvements to MIME type sync script.
-        Based on a patch provided by Felix Schumacher. (rjung)
-      </update>
-      <fix>
-        Ensure that the SSLValve provides the SSL key size as an Integer rather
-        than a String. (markt)
-      </fix>
-      <fix>
-        Ensure that the RemoteIpValve works correctly with Servlet 3.0
-        asynchronous requests. (markt)
-      </fix>
-      <fix>
-        Use safe equality test when determining event type in the
-        MapperListener. (markt)
-      </fix>
-      <fix>
-        Use correct class loader when loading Servlet classes in
-        StandardWrapper. (markt)
-      </fix>
-      <add>
-        Provide additional configuration options for the RemoteIpValve and
-        RemoteIpFilter to allow greater control over the values returned by
-        ServletRequest#getServerPort() and ServletRequest#getLocalPort() when
-        Tomcat is behind a reverse proxy. (markt)
-      </add>
-      <fix>
-        Ensure session cookie paths end in <code>/</code> so that session
-        cookies created for a context with a path of <code>/foo</code> do not
-        get returned with requests mapped to a context with a path of
-        <code>/foobar</code>. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Jasper">
-    <changelog>
-      <fix>
-        <bug>51177</bug>: Ensure Tomcat&apos;s MapElResolver always returns
-        <code>Object.class</code> for <code>getType()</code> as required by the
-        EL specification. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.13 (markt)" rtext="not released">
-  <subsection name="Catalina">
-    <changelog>
-      <fix>
-        Correct mix-up in Realm Javadoc. (markt)
-      </fix>
-      <fix>
-        Fix display of response headers in AccessLogValve. (kkolinko)
-      </fix>
-      <update>
-        Implement display of multiple request headers in AccessLogValve:
-        print not just the value of the first header, but of the all of them,
-        separated by commas. (kkolinko)
-      </update>
-      <add>
-        <bug>50306</bug>: New StuckThreadDetectionValve to detect requests that
-        take a long time to process, which might indicate that their processing
-        threads are stuck. Based on a patch provided by TomLu. (slaurent)
-      </add>
-      <fix>
-        <bug>51038</bug>: Ensure that asynchronous requests are included in
-        access logs. (markt)
-      </fix>
-      <fix>
-        <bug>51042</bug>: Don&apos;t trigger session creation listeners when a
-        session ID is changed as part of the authentication process. (markt)
-      </fix>
-      <fix>
-        <bug>51050</bug>: Add additional common but non-standard file extension
-        to MIME type mappings for MPEG 4 files. Based on a patch by Cédrik Lime.
-        (markt)
-      </fix>
-      <add>
-        Add some additional common JARs that do not contain TLDs or web
-        fragments to the list of JARs to skip when scanning for TLDs and web
-        fragments. (markt)
-      </add>
-      <fix>
-        While scanning JARs for TLDs and fragments, avoid using JarFile and use
-        JarInputStream as in most circumstances where JARs are scanned, JarFile
-        will create a temporary copy of the JAR rather than using the resource
-        directly. This change significantly improves startup performance for
-        applications with lots of JARs to be scanned. (markt)
-      </fix>
-      <fix>
-        Ensure response is committed when <code>AsyncContext#complete()</code>
-        is called. (markt)
-      </fix>
-      <add>
-        Add a container event that is fired when a session&apos;s ID is changed,
-        e.g. on authentication. (markt)
-      </add>
-      <fix>
-        <bug>51099</bug>: Correctly implement non-default login configurations
-        (configured via the loginConfigName attribute) for the the SPNEGO
-        authenticator. (fhanik/markt)
-      </fix>
-      <add>
-        <bug>51119</bug>: Add JAAS authentication support to the
-        JMXRemoteLifecycleListener. Patch provided by Neil Laurance. (markt) 
-      </add>
-      <add>
-        <bug>51136</bug>: Provide methods that enable the name of a Context on
-        Context creation when using Tomcat in an embedded scenario. Based on a
-        patch provided by David Calavera. (markt)
-      </add>
-      <fix>
-        <bug>51137</bug>: Add additional Microsoft Office MIME type mappings.
-        (rjung)
-      </fix>
-      <add>
-        Partial sync of MIME type mapping with mime.types from the Apache web
-        server. About 600 MIME types added, some changed. (rjung)
-      </add>
-      <fix>
-        Make access logging more robust when logging requests that generate 400
-        responses since the request object is unlikely to be fully/correctly
-        populated in that case. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <fix>
-        <bug>50957</bug>: Fix regression in HTTP BIO connector that triggered
-        errors when processing pipe-lined requests. (markt)
-      </fix>
-      <fix>
-        <bug>50158</bug>: Ensure the asynchronous requests never timeout if the
-        timeout is set to zero or less. Based on a patch provided by Chris.
-        (markt)
-      </fix>
-      <fix>
-        <bug>51073</bug>: Throw an exception and do not start the APR connector
-        if it is configured for SSL and an invalid value is provided for
-        SSLProtocol. (markt)
-      </fix>
-      <fix>
-        Align all the connector implementations with the documented default
-        setting for processorCache of 200. This changes the default from -1
-        (unlimited) for the AJP-BIO, AJP-APR and HTTP-APR connectors. Additional
-        information was also added to the documentation on how to select an
-        appropriate value. 
-      </fix>
-      <fix>
-        Take account of time spent waiting for a processing thread when
-        calculating connection and keep-alive timeouts for the HTTP BIO
-        connector. (markt)
-      </fix>
-      <fix>
-        <bug>51095</bug>: Don&apos;t trigger a NullPointerException when the SSL
-        handshake fails with the HTTP-APR connector. Patch provided by Mike
-        Glazer. (markt)
-      </fix>
-      <fix>
-        Improve handling in AJP connectors of the case where too large a AJP
-        packet is received. (markt) 
-      </fix>
-      <fix>
-        Restore the automatic disabling of HTTP keep-alive with the BIO
-        connector once 75% of the processing threads are in use and make the
-        threshold configurable. (markt)
-      </fix>
-      <fix>
-        Make pollerSize and maxConnections synonyms for the APR connectors since
-        they perform the same function. (markt)
-      </fix>
-      <fix>
-        Use maxThreads rather than 10000 as the default maxConnections for the
-        BIO connectors. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Jasper">
-    <changelog>
-      <fix>
-        <bug>47371</bug>: Correctly coerce the empty string to zero when used as
-        an operand in EL arithmetic. Patch provided by gbt. (markt)
-      </fix>
-      <add>
-        Label JSP/tag file line and column numbers when reporting errors since
-        it may not be immediately obvious what the numbers represent. (markt)
-      </add>
-      <fix>
-        Correct a regression in the fix for <bug>49916</bug> that resulted in
-        JSPs being compiled twice rather than just once. (markt)
-      </fix>
-      <add>
-        Log JARs that are scanned for TLDs where no TLD is found so that users
-        can easily identify JARs that can be added to the list of JARs to skip.
-        (markt)
-      </add>
-      <update>
-        Use a single TLD location cache for a web application rather than one
-        per JSP compilation to speed up JSP compilation. (markt)
-      </update>
-      <add>
-        <bug>51124</bug>: Refactor BodyContentImpl to assist in determining the
-        root cause of this bug. Based on a patch by Ramiro. (markt)
-      </add>
-    </changelog>
-  </subsection>
-  <subsection name="Cluster">
-    <changelog>
-      <fix>
-        <bug>50950</bug>: Correct possible NotSerializableException for an
-        authenticated session when running with a security manager. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Web applications">
-    <changelog>
-      <update>
-        Configure Security Manager How-To to include a copy of the actual
-        conf/catalina.policy file when the documentation is built, rather
-        than maintaining a copy of its content. (kkolinko)
-      </update>
-      <fix>
-        Fix broken stylesheet URL in XML based manager status output. (rjung)
-      </fix>
-      <fix>
-        <bug>51156</bug>: Ensure session expiration option is available in
-        Manager application was running web applications that were defined in
-        server.xml. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Other">
-    <changelog>
-      <update>
-        Clarify error messages in *.sh files to mention that if a script is
-        not found it might be because execute permission is needed. (kkolinko)
-      </update>
-      <update>
-        Update commons pool to 1.5.6. (markt)
-      </update>
-      <fix>
-        <bug>51135</bug>: Fix auto-detection of JAVA_HOME for 64-bit Windows
-        platforms that only have a 32-bit JVM installed. (markt) 
-      </fix>
-      <fix>
-        <bug>51154</bug>: Remove duplicate @deprecated tags in ServletContext
-        Javadoc. Patch provided by sebb. (markt)
-      </fix>
-      <fix>
-        <bug>51155</bug>: Add comments to @deprecated tags that have none. Patch
-        provided by sebb. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.12 (markt)" rtext="released 2011-04-06">
-  <subsection name="Catalina">
-    <changelog>
-      <add>
-        Automatically correct invalid paths when specified for Context elements
-        inside server.xml and log a warning that the configuration has been
-        corrected. (markt)
-      </add>
-      <fix>
-        Don&apos;t unpack WAR files if they are not located in the Host&apos;s
-        appBase. (markt)
-      </fix>
-      <fix>
-        Don&apos;t log to standard out in SSLValve. (markt)
-      </fix>
-      <fix>
-        Handle the case where a web crawler provides an invalid session ID in
-        the CrawlerSessionManagerValve. (markt)
-      </fix>
-      <update>
-        Update pattern used in CrawlerSessionManagerValve to that used by the
-        ASF infrastructure team. (markt)
-      </update>
-      <fix>
-        Remove unnecessary whitespace from MIME mapping entries in global
-        web.xml file. (markt)
-      </fix>
-      <fix>
-        When using parallel deployment, correctly handle the scenario when the
-        client sends multiple JSESSIONID cookies. (markt)
-      </fix>
-      <add>
-        <bug>12428</bug>: Add support (disabled by default) for preemptive
-        authentication. This can be configured per context. Based on a patch
-        suggested by Werner Donn. (markt)
-      </add>
-      <fix>
-        <bug>50929</bug>: When wrapping an exception, include the root cause.
-        Patch provided by sebb. (markt) 
-      </fix>
-      <fix>
-        Make the CSRF nonce cache serializable so that it can be replicated
-        across a cluster and/or persisted across Tomcat restarts. (markt)
-      </fix>
-      <update>
-        Resolve some refactoring TODOs in the implementation of the new Context
-        attribute "swallowAbortedUploads". (markt) 
-      </update>
-      <fix>
-        Include the seed time when calculating the time taken to create
-        SecureRandom instances for session ID generation, report excessive times
-        (greater than 100ms) at INFO level and provide a value for the message
-        key so a meaningful message appears in the logs. (markt)
-      </fix>
-      <fix>
-        Don&apos;t register Contexts that fail to start with the Mapper. (markt)
-      </fix>
-      <add>
-        <bug>48685</bug>: Add initial support for SPNEGO/Kerberos authentication
-        also referred to as integrated Windows authentication. This includes
-        user authentication, authorisation via the directory using the
-        user&apos;s delegated credentials and exposing the user&apos;s delegated
-        credentials via a request attribute so applications can make use of them
-        to impersonate the current user when accessing third-party systems that
-        use a compatible authentication mechanism. Based on a patch provided by
-        Michael Osipov. (markt)
-      </add>
-      <fix>
-        HTTP range requests cannot be reliably served when a Writer is in use so
-        prevent the DefaultServlet from attempting to do so. (kkolinko)
-      </fix>
-      <fix>
-        Protect the DefaultServlet from Valves, Filters and Wrappers that write
-        content to the response. Prevent partial responses to partial GET
-        requests in this case since the range cannot be reliably determined.
-        Also prevent the DefaultServlet from setting a content length header
-        since this too cannot be reliably determined. (markt)
-      </fix>
-      <fix>
-        <bug>50991</bug>: Fix regression in fix for <bug>25060</bug> that called
-        close on a JNDI resource while it was still available to the
-        application. (markt)
-      </fix>
-      <add>
-        Provide a configuration option that lets the close method to be used for
-        a JNDI Resource to be defined by the user. This change also disables
-        using the close method unless one is explicitly defined for the
-        resource and limits it to singleton resources. (markt)
-      </add>
-      <fix>
-        Correctly track changes to context.xml files and trigger redeployment
-        when copyXML is set to false. (markt) 
-      </fix>
-      <fix>
-        <bug>50997</bug>: Relax the requirement that directories must have a
-        name ending in <code>.jar</code> to be treated as an expanded JAR file
-        by the default JarScanner. Based on patch by Rodion Zhitomirsky. (markt)
-      </fix>
-      <fix>
-        Don&apos;t append the jvmRoute to a session ID if the jvmRoute is a zero
-        length string. (markt) 
-      </fix>
-      <fix>
-        Don&apos;t register non-singelton DataSource resources with JMX. (markt)
-      </fix>
-      <add>
-        Provide additional configuration options for the DIGEST authenticator.
-        (markt)
-      </add>
-      <fix>
-        Provide a workaround for Tomcat hanging during shutdown when running the
-        unit tests. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <add>
-        <bug>50887</bug>: Add support for configuring the JSSE provider used to
-        convert client certificates. Based on a patch by pknopp. (markt)
-      </add>
-      <fix>
-        <bug>50903</bug>: When a connector is stopped, ensure that requests that
-        are currently in a keep-alive state and waiting for client data are not
-        processed. Requests where processing has started will continue to
-        completion. (markt) 
-      </fix>
-      <fix>
-        <bug>50927</bug>: Improve error message when SSLCertificateFile is not
-        specified when using APR with SSL. Based on a patch provided by sebb.
-        (markt)
-      </fix>
-      <fix>
-        <bug>50928</bug>: Don&apos;t ignore keyPass attribute for HTTP BIO and
-        NIO connectors. Based on a patch provided by sebb. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Cluster">
-    <changelog>
-      <fix>
-        Securely seed the SecureRandom instance used for UUID generation and
-        report excessive creation time (greater than 100ms) at INFO level.
-        (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Web applications">
-    <changelog>
-      <fix>
-        <bug>50924</bug>: Clean-up HTTP connector comparison table. (markt)
-      </fix>
-      <add>
-        Slightly expanded the documentation of the Host element to clarify the
-        relationship between host name and DNS name. (markt)
-      </add>
-      <fix>
-        <bug>50925</bug>: Update SSL how-to to take account of
-        <code>keyPass</code> connector attribute. (markt)
-      </fix>
-      <update>
-        Improve Tomcat Logging documentation. (kkolinko)
-      </update>
-      <fix>
-        Align the authenticator documentation and MBean descriptors with the
-        implementation. (markt)
-      </fix>
-      <fix>
-        Prevent the custom error pages for the Manager and Host Manager
-        applications from being accessed directly. (markt)
-      </fix>
-      <fix>
-        <bug>50984</bug>: When using the Manager application ensure that
-        undeployment fails if a file cannot be deleted. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Other">
-    <changelog>
-      <update>
-        Update Eclipse JDT complier to 3.6.2. (markt)
-      </update>
-      <update>
-        Update WSDL4J library to 1.6.2 (used by JSR 109 support in the extras
-        package). (markt)
-      </update>
-      <update>
-        Update optional CheckStyle library to 5.3. (markt)
-      </update>
-      <fix>
-        <bug>50911</bug>: Reduce noise generated during the build of the Windows
-        installer so warnings are more obvious. Patch provided by sebb. (markt)
-      </fix>
-      <fix>
-        Further work to reduce compiler and validation warnings across the code
-        base. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.11 (markt)" rtext="released 2011-03-11">
-  <subsection name="Catalina">
-    <changelog>
-      <fix>
-        CVE-2011-1088: Completed fix. Don&apos;t ignore @ServletSecurity
-        annotations. (markt)
-      </fix>
-      <add>
-        <bug>25060</bug>: Close Apache Commons DBCP datasources when the
-        associated JNDI naming context is stopped (e.g. for a non-global
-        DataSource resource on web application reload) to close remaining
-        database connections immediately rather than waiting for garbage 
-        collection. (markt)
-      </add>
-      <add>
-        <bug>26701</bug>: Provide a mechanism for users to register their own
-        <code>URLStreamHandlerFactory</code> objects. (markt)
-      </add>
-      <fix>
-        <bug>50855</bug>: Fix NPE on HttpServletRequest.logout() when debug
-        logging is enabled. (markt)
-      </fix>
-      <add>
-        New context attribute "swallowAbortedUploads" allows
-        to make request data swallowing configurable for requests
-        that are too large. (rjung)
-      </add>
-      <fix>
-        <bug>50854</bug>: Add additional permissions required by the Manager
-        application when running under a security Manager and support a shared
-        Manager installation when $CATALINA_HOME != CATALINA_BASE. (markt)
-      </fix>
-      <fix>
-        <bug>50893</bug>: Add additional information to the download README for
-        the extras components. (markt)
-      </fix>
-      <fix>
-        Calling <code>stop()</code> and then <code>destroy()</code> on a
-        connector incorrectly triggered an exception. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <add>
-        <bug>48208</bug>: Allow the configuration of a custom trust manager for
-        use in CLIENT-CERT authentication. (markt)
-      </add>
-      <fix>
-        Fix issues that prevented asynchronous servlets from working when used
-        with the HTTP APR connector on platforms that support TCP_DEFER_ACCEPT.
-        (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Jasper">
-    <changelog>
-      <fix>
-        Correct possible threading issue in JSP compilation when development
-        mode is used. (markt)
-      </fix>
-      <fix>
-        <bug>50895</bug>: Don&apos;t initialize classes created during the
-        compilation stage. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.10 (markt)"  rtext="released 2011-03-08">
-  <subsection name="Catalina">
-    <changelog>
-      <fix>
-        CVE-2011-1088: Partial fix. Don&apos;t ignore @ServletSecurity
-        annotations. (markt)
-      </fix>
-      <fix>
-        <bug>27988</bug>: Improve reporting of missing files. (markt)
-      </fix>
-      <fix>
-        <bug>28852</bug>: Add URL encoding where missing to parameters in URLs
-        presented by Ant tasks to the Manager application. Based on a patch by
-        Stephane Bailliez. (markt) 
-      </fix>
-      <fix>
-        Improve handling of SSL renegotiation by failing earlier when the
-        request body contains more bytes than maxSavePostSize. (markt)
-      </fix>
-      <fix>
-        Improve shut down speed by not renewing threads during shut down when
-        the <code>ThreadLocalLeakPreventionListener</code> is enabled. (markt)  
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <add>
-        <bug>49284</bug>: Add SSL re-negotiation support to the HTTP NIO
-        connector and extend test cases to cover CLIENT-CERT authentication.
-        (fhanik/markt)
-      </add>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.9 (markt)" rtext="not released">
-  <subsection name="Catalina">
-    <changelog>
-      <add>
-        <bug>19444</bug>: Add an option to the JNDI realm to allow role searches
-        to be performed by the authenticated user. (markt)
-      </add>
-      <add>
-        <bug>21669</bug>: Add the ability to specify the roleBase for the JNDI
-        Realm as relative to the users DN. Based on a patch by Art W. (markt)
-      </add>
-      <add>
-        <bug>22405</bug>: Add a new Lifecycle listener,
-        <code>org.apache.catalina.security.SecurityListener</code> that prevents
-        Tomcat from starting insecurely. It requires that Tomcat is not started
-        as root and that a umask at least as restrictive as 0007 is used. This
-        new listener is not enabled by default.
-        (markt)
-      </add>
-      <fix>
-        <bug>48863</bug>: Better logging when specifying an invalid directory
-        for a class loader. Based on a patch by Ralf Hauser. (markt/kkolinko)
-      </fix>
-      <fix>
-        <bug>48870</bug>: Refactor to remove use of parallel arrays. (markt)
-      </fix>
-      <add>
-        Enhance the RemoteIpFilter and RemoteIpValve so that the modified remote
-        address, remote host, protocol and server port may be used in an access
-        log if desired. (markt)
-      </add>
-      <fix>
-        Restore access to Environments, Resources and ResourceLinks via JMX
-        which was lost in early 7.0.x re-factoring. (markt)
-      </fix>
-      <update>
-        Remove ServerLifecycleListener. This was already removed from server.xml
-        and with the Lifecycle re-factoring is no longer required. (markt)
-      </update>
-      <add>
-        Add additional checks to ensure that sub-classes of
-        <code>org.apache.catalina.util.LifecycleBase</code> correctly implement
-        the expected state transitions. (markt)
-      </add>
-      <fix>
-        <bug>50189</bug>: Once the application has finished writing to the
-        response, prevent further reads from the request since this causes
-        various problems in the connectors which do not expect this. (markt)
-      </fix>
-      <fix>
-        <bug>50700</bug>: Ensure that the override attribute of context
-        parameters is correctly followed. (markt)
-      </fix>
-      <fix>
-        <bug>50721</bug>: Correctly handle URL decoding where the URL ends in
-        %nn. Patch provided by Christof Marti. (markt)
-      </fix>
-      <add>
-        <bug>50737</bug>: Add additional information when an invalid WAR file is
-        detected. (markt)
-      </add>
-      <fix>
-        <bug>50748</bug>: Allow the content length header to be set up to the
-        point the response is committed when a writer is being used. (markt)
-      </fix>
-      <fix>
-        <bug>50751</bug>: When authenticating with the JNDI Realm, only attempt
-        to read user attributes from the directory if attributes are required.
-        (markt)
-      </fix>
-      <fix>
-        <bug>50752</bug>: Fix typo in debug message in deprecated Embedded
-        class. (markt)
-      </fix>
-      <fix>
-        <bug>50789</bug>: Provide an option to enable ServletRequestListeners
-        for forwards as required by some CDI frameworks. (markt)
-      </fix>
-      <fix>
-        <bug>50793</bug>: When processing Servlet 3.0 async requests, ensure
-        that the requestInitialized and requestDestroyed events are only fired
-        once per request at the correct times. (markt)
-      </fix>
-      <fix>
-        <bug>50802</bug>: Ensure that
-        <code>ServletContext.getResourcePaths()</code> includes static resources
-        packaged in JAR files in its output. (markt)
-      </fix>
-      <add>
-        Web crawlers can trigger the creation of many thousands of sessions as
-        they crawl a site which may result in significant memory consumption.
-        The new Crawler Session Manager Valve ensures that crawlers are
-        associated with a single session - just like normal users - regardless
-        of whether or not they provide a session token with their requests.
-        (markt)
-      </add>
-      <fix>
-        Don&apos;t attempt to start NamingResources for Contexts multiple times.
-        (markt) 
-      </fix>
-      <fix>
-        <bug>50826</bug>: Avoid <code>IllegalArgumentException</code> if an
-        embedded Tomcat instance that includes at least one Context is destroyed
-        without ever being started. (markt)
-      </fix>
-      <fix>
-        Ensure a web application is taken out of service if the web.xml file is
-        not valid. (kkolinko/markt)
-      </fix>
-      <fix>
-        Ensure Servlet 2.2 jspFile elements are correctly converted to use a
-        leading &apos;/&apos; if missing. (markt)
-      </fix>
-      <fix>
-        <bug>50836</bug>: Better documentation of the meaning of
-        <code>Lifecycle.isAvailable()</code> and correct a couple of cases where
-        this could incorrectly return true. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <fix>
-        <bug>50780</bug>: Fix memory leak in APR implementation of AJP
-        connector introduced by the refactoring for <bug>49884</bug>. (markt) 
-      </fix>
-      <fix>
-        If server configuration errors and/or faulty applications caused the
-        ulimit for open files to be reached, the acceptor threads for all
-        connectors could enter a tight loop. This loop consumed CPU and also
-        logged an error message for every iteration of the loop which lead to
-        large log files being generated. The acceptors have been enhanced to
-        better handle this situation. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Jasper">
-    <changelog>
-      <fix>
-        <bug>50720</bug>: Ensure that the use of non-ISO-8859-1 character sets
-        for web.xml does not trigger an error when Jasper parses the web.xml
-        file. (markt)
-      </fix>
-      <fix>
-        <bug>50726</bug>: Ensure that the use of the genStringAsCharArray does
-        not result in String constants that are too long for valid Java code.
-        (markt)
-      </fix>
-      <fix>
-        <bug>50790</bug>: Improve method resolution in EL expressions. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Cluster">
-    <changelog>
-      <fix>
-        <bug>50771</bug>: Ensure HttpServletRequest#getAuthType() returns the 
-        name of the authentication scheme if request has already been 
-        authenticated. (kfujino)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Web applications">
-    <changelog>
-      <fix>
-        <bug>50713</bug>: Remove roles command from the Manager application.
-        (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Tribes">
-    <changelog>
-      <fix>
-        <rev>1068549</rev> <bug>50667</bug>: Allow RPC callers to get
-        confirmation when sending a reply. (fhanik)
-      </fix>  
-    </changelog>
-  </subsection>
-  <subsection name="Other">
-    <changelog>
-      <fix>
-        <bug>50743</bug>: Cache CheckStyle results between builds to speed up
-        validation. Patch provided by Oliver. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.8 (markt)" rtext="released 2011-02-05">
-  <subsection name="Catalina">
-    <changelog>
-      <fix>
-        Fix NPE in CoyoteAdapter when postParseRequest() call fails. (kkolinko)
-      </fix>
-      <fix>
-       <bug>50709</bug>: Make <code>ApplicationContextFacade</code> non-final to
-       enable extension. (markt)
-      </fix>
-      <fix>
-        When running under a security manager, user requests may fail with a
-        security exception. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <fix>
-        Reduce level of log message for invalid URL parameters from WARNING to
-        INFO. (markt) 
-      </fix>
-      <fix>
-        Fix hanging Servlet 3 asynchronous requests when using the APR based AJP
-        connector. (markt) 
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Other">
-    <changelog>
-      <fix>
-        Align server.xml installed by the Windows installer with the one
-        bundled in zip/tar.gz files. The differences are LockOutRealm being
-        used and AccessLogValve being enabled by default. (kkolinko)
-      </fix>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.7 (markt)" rtext="not released">
-  <subsection name="Catalina">
-    <changelog>
-      <fix>
-        <bug>18462</bug>: Don&apos;t merge <code>stdout</code> and
-        <code>stderr</code> internally so users retain the option to treat them
-        separately. (markt)
-      </fix>
-      <add>
-        <bug>18797</bug>: Provide protection against <code>null</code> or zero
-        length names being provided for users, roles and groups in the
-        <code>MemoryRealm</code> and <code>UserDatabaseRealm</code>. (markt)
-      </add>
-      <update>
-        Improve fix for <bug>50205</bug> to trigger an error earlier if invalid
-        configuration is used. (markt)
-      </update>
-      <add>
-        Provide additional control over component class loaders, primarily for
-        use when embedding. (markt)
-      </add>
-      <fix>
-        Fix NPE in RemoteAddrFilter, RemoteHostFilter. (kkolinko)
-      </fix>
-      <fix>
-        <bug>49711</bug>: HttpServletRequest#getParts will work in a filter
-        or servlet without an @MultipartConfig annotation or
-        MultipartConfigElement if the new "allowCasualMultipartParsing"
-        context attribute is set to "true". (schultz)
-      </fix>
-      <fix>
-        <bug>49978</bug>: Correct another instance where deployment incorrectly
-        failed if a directory in the work area already existed. (markt)
-      </fix>
-      <fix>
-        <bug>50582</bug>: Refactor access logging so chunked encoding is not
-        forced for all requests if bytes sent is logged. (markt)
-      </fix>
-      <fix>
-        <bug>50597</bug>: Don&apos;t instantiate a new instance of a Filter if
-        an instance was provided via the
-        <code>ServletContext.addFilter(String, Filter)</code> method. Patch
-        provided by Ismael Juma. (markt)
-      </fix>
-      <fix>
-        <bug>50598</bug>: Correct URL for Manager text interface. (markt)
-      </fix>
-      <fix>
-        <bug>50620</bug>: Stop exceptions that occur during
-        <code>Session.endAccess()</code> from preventing the normal completion
-        of <code>Request.recycle()</code>. (markt)
-      </fix>
-      <fix>
-        <bug>50629</bug>: Make <code>StandardContext.bindThread()</code> and
-        <code>StandardContext.unbindThread()</code> protected to allow use by
-        sub-classes. (markt)
-      </fix>
-      <update>
-        Use getName() instead of logName() in error messages in StandardContext.
-        (kkolinko)
-      </update>
-      <fix>
-        <bug>50642</bug>: Move the <code>sun.net.www.http.HttpClient</code>
-        keep-alive thread memory leak protection from the
-        JreMemoryLeakPreventionListener to the WebappClassLoader since the
-        thread that triggers the memory leak is created on demand. (markt)
-      </fix>
-      <fix>
-        <bug>50673</bug>: Improve Catalina shutdown when running as a service.
-        Do not call System.exit(). (kkolinko)
-      </fix>
-      <fix>
-        <bug>50683</bug>: Ensure annotations are scanned when
-        <code>unpackWARs</code> is set to <code>false</code> in the Host
-        where a web application is deployed. (markt)
-      </fix>
-      <fix>
-        Improve HTTP specification compliance in support of
-        <code>Accept-Language</code> header. (kkolinko)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <fix>
-        Prevent possible thread exhaustion if a Comet timeout event takes a
-        while to complete. (markt)
-      </fix>
-      <fix>
-        Prvent multiple Comet END events if the CometServlet calls
-        <code>event.close()</code> during an END event. (markt) 
-      </fix>
-      <fix>
-        <bug>50325</bug>: When the JVM indicates support for RFC 5746, disable
-        Tomcat&apos;s <code>allowUnsafeLegacyRenegotiation</code> configuration
-        attribute and use the JVM configuration to control renegotiation.
-        (markt)
-      </fix>
-      <fix>
-        <bug>50405</bug>: Fix occassional NPE when using NIO connector and
-        Comet. (markt)
-      </fix>
-      <fix>
-        Ensure correct recycling of NIO input filters when processing Comet
-        events. (markt)
-      </fix>
-      <fix>
-        <bug>50627</bug>: Correct interaction of NIO socket and Poller when
-        processing Comet events. (markt)
-      </fix>
-      <fix>
-        Correct interaction of APR socket and Poller when processing Comet
-        events. (markt)
-      </fix>
-      <fix>
-        <bug>50631</bug>: InternalNioInputBuffer should honor
-        <code>maxHttpHeadSize</code>. (kkolinko)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Jasper">
-    <changelog>
-      <fix>
-        Improve special case handling of
-        <code>javax.servlet.jsp.el.ScopedAttributeELResolver</code> in
-        <code>javax.el.CompositeELResolver</code> to handle sub-classes. (markt)
-      </fix>
-      <update>
-        <bug>15688</bug>: Use fully-qualified class names in generated jsp files
-        to avoid naming conflicts with user imports. (markt)
-      </update>
-      <fix>
-        <bug>46819</bug>: Remove redundant object instantiations in
-        JspRuntimeLibrary. Patch provided by Anthony Whitford. (markt)
-      </fix>
-      <update>
-        Improve error message when EL identifiers are not valid Java identifiers
-        and use i18n for the error message. (markt)
-      </update>
-      <fix>
-        <bug>50680</bug>: Prevent an NPE when using tag files from an exploded
-        JAR file, e.g. from within an IDE. Patch provided by Larry Isaacs.
-        (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Cluster">
-    <changelog>
-      <fix>
-        <bug>50591</bug>: Fix NPE in ReplicationValve. (kkolinko)
-      </fix>
-      <add>
-        Internationalise the log messages for the FarmWarDeployer. (markt)
-      </add>
-      <fix>
-        <bug>50600</bug>: Prevent a <code>ConcurrentModificationException</code>
-        when removing a WAR file via the FarmWarDeployer. (markt)
-      </fix>
-      <fix>
-        Be consistent with locks on sessionCreationTiming,
-        sessionExpirationTiming in DeltaManager.resetStatistics(). (kkolinko)
-      </fix>
-      <fix>
-        <bug>50648</bug>: Correctly set the interrupt status if a thread using
-        <code>RpcChannel</code> is interrupted waiting for a message reply.
-        Based on a patch by Olivier Costet. (markt)
-      </fix>
-      <fix>
-        <bug>50646</bug>: Ensure larger Tribes messages are fully read. Patch
-        provided by Olivier Costet. (markt)
-      </fix>
-      <fix>
-        <bug>50679</bug>: Update the FarmWarDeployer to support parallel
-        deployment. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Web applications">
-    <changelog>
-      <fix>
-        <bug>22278</bug>: Add a commented out <code>RemoteAddrValve</code> that
-        limits access to the Manager and Host Manager applications to localhost.
-        Based on a patch by Yann Cébron. (markt)
-      </fix>
-      <fix>
-        Correct a handful of Javadoc warnings. (markt)
-      </fix>
-      <add>
-        Provide additional detail about how web application version order is
-        determined when using parallel deployment. (markt)
-      </add>
-      <fix>
-        Correct the documentation for the recoveryCount count attribute of the
-        the default cluster membership. (markt)
-      </fix>
-      <fix>
-        <bug>50441</bug>: Clarify when it is valid to set the docBase attribute
-        in a Context element. (markt)
-      </fix>
-      <fix>
-        <bug>50526</bug>: Provide additional documetation on configuring
-        JavaMail resources. (markt)
-      </fix>
-      <fix>
-        <bug>50599</bug>: Use correct names of roles required to access the 
-        Manager application. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Other">
-    <changelog>
-      <add>
-        Extend the Checkstyle tests to check for license headers. (markt)
-      </add>
-      <fix>
-        Modify the build script so a release build always rebuilds the
-        dependencies to ensure that the correct Tomcat version appears in the
-        manifest. (markt) 
-      </fix>
-      <fix>
-        Code clean-up to remove unused code and reduce IDE warnings. (markt)
-      </fix>
-      <fix>
-        <bug>50601</bug>: Code clean-up. Patch provided by sebb. (markt)
-      </fix>
-      <fix>
-        <bug>50606</bug>: Improve CGIServlet: Provide support for specifying
-        empty value for the <code>executable</code> init-param. Provide support
-        for explicit additional arguments for the executable. Those were
-        broken when implementing fix for bug <bug>49657</bug>. (kkolinko)
-      </fix>
-    </changelog>
-  </subsection>
-</section>
-<section name="Tomcat 7.0.6 (markt)" rtext="released 2011-01-14">
-  <subsection name="General">
-    <changelog>
-      <update>
-        Update to Commons Daemon 1.0.5. (mturk)
-      </update>
-    </changelog>
-  </subsection>
-  <subsection name="Catalina">
-    <changelog>
-      <fix>
-        <bug>8705</bug>: <code>org.apache.catalina.SessionListener</code> now
-        extends <code>java.util.EventListener</code>. (markt)
-      </fix>
-      <add>
-        <bug>10526</bug>: Add an option to the <code>Authenticator</code>s to
-        force the creation of a session on authentication which may offer some
-        performance benefits. (markt)
-      </add>
-      <update>
-        <bug>10972</bug>: Improve error message if the className attribute is
-        missing on an element in server.xml where it is required. (markt)
-      </update>
-      <update>
-        <bug>48692</bug>: Provide option to parse
-        <code>application/x-www-form-urlencoded</code> PUT requests. (schultz)
-      </update>
-      <update>
-        <bug>48822</bug>: Include context name in case of error while stopping
-        or starting a context during its reload. Patch provided by Marc 
-        Guillemot. (slaurent)
-      </update>
-      <add>
-        <bug>48837</bug>: Extend thread local memory leak detection to include
-        classes loaded by subordinate class loaders to the web
-        application&apos;s class loader such as the Jasper class loader. Based
-        on a patch by Sylvain Laurent. (markt)
-      </add>
-      <add>
-        <bug>48973</bug>: Avoid creating a SESSIONS.ser file when stopping an 
-        application if there's no session. Patch provided by Marc Guillemot.
-        (slaurent)
-      </add>
-      <fix>
-        <bug>49000</bug>: No longer accept specification invalid name only
-        cookies by default. This behaviour can be restored using a system
-        property. (markt)
-      </fix>
-      <add>
-        <bug>49159</bug>: Improve memory leak protection by renewing threads of
-        the pool when a web application is stopped. (slaurent)
-      </add>
-      <fix>
-        <bug>49372</bug>: Re-fix after connector re-factoring. If connector
-        initialisation fails (e.g. if a port is alreasy in use) do not trigger
-        an <code>LifecycleException</code> for an invalid state transition.
-        (markt)
-      </fix>
-      <fix>
-        <bug>49543</bug>: Allow Tomcat to use shared data sources with per
-        application credentials. (fhanik)
-      </fix>
-      <fix>
-        <bug>49650</bug>: Remove unnecessary entries package.access property
-        defined in catalina.properties. Patch provided by Owen Farrell. (markt) 
-      </fix>
-      <fix>
-        <bug>50106</bug>: Correct several MBean descriptors. Patch provided by
-        Eiji Takahashi. (markt)
-      </fix>
-      <update>
-        Further performance improvements to session ID generation. Remove legacy
-        configuration options that are no longer required. Provide additional
-        options to control the <code>SecureRandom</code> instances used to
-        generate session IDs. (markt)
-      </update>
-      <fix>
-        <bug>50201</bug>: Update the access log reference in
-        <code>StandardEngine</code> when the ROOT web application is redeployed,
-        started, stopped or defaultHost is changed. (markt/kkolinko)
-      </fix>
-      <add>
-        <bug>50282</bug>: Load
-        <code>javax.security.auth.login.Configuration</code> with
-        <code>JreMemoryLeakPreventionListener</code> to avoid memory leak when
-        stopping a web application that would use JAAS. (slaurent)
-      </add>
-      <fix>
-        <bug>50351</bug>: Fix the regression that broke BeanFactory resources
-        caused by the previous fix for <bug>50159</bug>. (markt) 
-      </fix>
-      <fix>
-        <bug>50352</bug>: Ensure that <code>AsyncListener.onComplete()</code> is
-        fired when <code>AsyncContext.complete()</code> is called. (markt)
-      </fix>
-      <fix>
-        <bug>50358</bug>: Set the correct LifecycleState when stopping instances
-        of the deprecated Embedded class. (markt) 
-      </fix>
-      <fix>
-        Further Lifecycle refactoring for Connectors and associated components.
-        (markt)
-      </fix>
-      <fix>
-        Correct handling of versioned web applications in deployer. (markt)
-      </fix>
-      <fix>
-        Correct removal of <code>LifeCycleListener</code>s from
-        <code>Container</code>s via JMX. (markt)
-      </fix>
-      <fix>
-        Don&apos;t use <code>null</code>s to construct log messages. (markt)
-      </fix>
-      <fix>
-        Code clean-up. Replace use of inefficient constructors with more
-        efficient alternatives. (markt)
-      </fix>
-      <fix>
-        <bug>50411</bug>: Ensure sessions are removed from the
-        <code>Store</code> associated with a <code>PersistentManager</code>.
-        (markt) 
-      </fix>
-      <fix>
-        <bug>50413</bug>: Ensure 304 responses are not returned when using
-        static files as error pages. (markt/kkolinko)
-      </fix>
-      <fix>
-        <bug>50448</bug>: Fix possible <code>IllegalStateException</code>
-        caused by recent session management refactoring. (markt)
-      </fix>
-      <fix>
-        Ensure aliases settings for a context are retained after a context is
-        reloaded. (markt)
-      </fix>
-      <fix>
-        Log a warning if context.xml files define values for properties  that do
-        not exist (e.g. if there is a typo in a property name). (markt)
-      </fix>
-      <fix>
-        <bug>50453</bug>: Correctly handle multiple <code>X-Forwarded-For</code>
-        headers in the RemoteIpFilter and RemoteIpValve. Patch provided by Jim
-        Riggs. (markt)
-      </fix>
-      <add>
-        <bug>50541</bug>: Add support for setting the size limit and time limit
-        for LDAP seaches when using the JNDI Realm with <code>userSearch</code>.
-        (markt)
-      </add>
-      <update>
-        All configuration options that use regular expression now require a
-        single regular expression (using <code>java.util.regex</code>) rather
-        than a list of comma-separated or semi-colon-separated expressions.
-        (markt)
-      </update>
-      <fix>
-        <bug>50496</bug>: Bytes sent in the access log are now counted after
-        compression, chunking etc rather than before. (markt)
-      </fix>
-      <fix>
-        <bug>50550</bug>: When a new directory is created (e.g. via WebDAV)
-        ensure that a subsequent request for that directory does not result in a
-        404 response. (markt)
-      </fix>
-      <fix>
-        <bug>50554</bug>: Code clean up. (markt)
-      </fix>
-      <add>
-        <bug>50556</bug>: Improve JreMemoryLeakPreventionListener to prevent
-        a potential class loader leak caused by a thread spawned when the class
-        <code>com.sun.jndi.ldap.LdapPoolManager</code> is initialized and the 
-        system property <code>com.sun.jndi.ldap.connect.pool.timeout</code> is 
-        set to a value greater than 0. (slaurent)
-      </add>
-    </changelog>
-  </subsection>
-  <subsection name="Coyote">
-    <changelog>
-      <fix>
-        <bug>47319</bug>: Return the client&apos;s IP address rather than null
-        for calls to <code>getRemoteHost()</code> when the APR connector is
-        used with <code>enableLookups=&quot;true&quot;</code> but the IP address
-        is not resolveable. (markt)
-      </fix>
-      <add>
-        <bug>50108</bug>: Add get/set methods for Connector property
-        minSpareThreads. Patch provided by Eiji Takahashi. (markt)
-      </add>
-      <fix>
-        <bug>50360</bug>:  Provide an option to control when the socket
-        associated with a connector is bound. By default, the socket is bound on
-        <code>Connector.init()</code> and released on
-        <code>Connector.destroy()</code> as per the current behaviour but this
-        can be changed so that the socket is bound on
-        <code>Connector.start()</code> and released on
-        <code>Connector.stop()</code>. This fix also includes further Lifecycle
-        refactoring for Connectors and associated components. (markt)
-      </fix>
-      <fix>
-        Remove a huge memory leak in the NIO connector introduced by the fix
-        for <bug>49884</bug>. (markt)
-      </fix>
-      <fix>
-        <bug>50467</bug>: Protected against NPE triggered by a race condition
-        that causes the NIO poller to fail, preventing the processing of further
-        requests. (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Jasper">
-    <changelog>
-      <add>
-        <bug>13731</bug>: Make variables in <code>_jspService()</code> method
-        final where possible. (markt)
-      </add>
-      <fix>
-        <bug>50408</bug>: Fix <code>NoSuchMethodException</code> when using
-        scoped variables with EL method invocation. (markt)
-      </fix>
-      <fix>
-        <bug>50460</bug>: Avoid a memory leak caused by using a cached exception
-        instance in <code>JspDocumentParser</code> and
-        <code>ProxyDirContext</code>. (kkolinko)
-      </fix>
-      <fix>
-        <bug>50500</bug>: Use correct coercions (as per the EL spec) for
-        arithmetic operations involving string values containing &apos;.&apos;,
-        &apos;e&apos; or &apos;E&apos;. Based on a patch by Brian Weisleder.
-        (markt)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Cluster">
-    <changelog>
-      <add>
-        <bug>50185</bug>: Add additional trace level logging to Tribes to assist
-        with fault diagnosis. Based on a patch by Ariel. (markt)
-      </add>
-      <fix>
-        Don&apos;t try and obtain session data from the cluster if the current
-        node is the only node in the cluster. Log requesting session data as
-        INFO rather than WARNING. (markt)
-      </fix>
-      <fix>
-        <bug>50503</bug>: When web application has a version, Engine level 
-        Clustering works correctly. (kfujino)
-      </fix>
-      <fix>
-        <bug>50547</bug>: Add time stamp for CHANGE_SESSION_ID message and 
-        SESSION_EXPIRED message. (kfujino)
-      </fix>
-    </changelog>
-  </subsection>
-  <subsection name="Web applications">
-    <changelog>
-      <fix>
-        <bug>21157</bug>: Ensure cookies are written before the response is
-        commited in the Cookie example. Patch provided by Stefan Radzom. (markt)
-      </fix>
-      <add>
-        <bug>50294</bug>: Add more information to documentation regarding format
-        of configuration files. Patch provided by Luke Meyer. (markt) 
-      </add>
-      <fix>
-        Correctly validate provided context path so sessions for the ROOT web
-        application can be viewed through the HTML Manager. (markt)
-      </fix>
-      <update>
-        Improve documentation of database connection factory. (rjung)
-      </update>
-      <fix>
-        <bug>50488</bug>: Update classpath required when using jsvc and add a
-        note regarding server VMs. (markt)
-      </fix>
-      <fix>
-        Further filtering of Manager display output. (kkolinko) 
-      </fix>
-    </changelog>
-  </subsection>

[... 1434 lines stripped ...]


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message