Tomcat 7

Tomcat 7 7.0.91

No permission to download
61692: Add the ability to control which HTTP methods are handled by the CGI Servlet via a new initialization parameter cgiMethods. (markt)
Ensure that the HTTP Vary header is set correctly when using the CORS filter and improve the cacheability of requests that pass through the COPRS filter. (markt)
62527: Revert restriction of JNDI to the java: namespace. (remm)
Introduce a new class - MultiThrowable - to report exceptions when multiple actions are taken where each action may throw an exception but all actions are taken before any errors are reported. Use this new class when reporting multiple container (e.g. web application) failures during start. (markt)
Correctly decode URL paths (+ should not be decoded to a space in the path) in the RequestDispatcher and the web application class loader. (markt)
62559: Add jaxb-*.jar to the list of JARs ignored by StandardJarScanner. (markt)
62560: Add oraclepki.jar to the list of JARs ignored by StandardJarScanner. (markt)
62607: Return a non-zero exit code from catalina.[bat|sh] run if Tomcat fails to start. (markt)
Remove ServletException from declaration of Tomcat.addWebapp(String,String) since it is never thrown. Patch provided by Tzafrir. (markt)
Use short circuit logic to prevent potential NPE in CorsFilter. (fschumacher)
Simplify construction of appName from container name in JAASRealm. (fschumacher)
Improve the handling of path parameters when working with RequestDispatcher objects. (markt)
62664: Process requests with content type multipart/form-data to servlets with a @MultipartConfig annotation regardless of HTTP method. (markt)
62669: When using the SSIFilter and a resource does not specify a content type, do not force the content type to application/x-octet-stream. (markt)
When generating a redirect to a directory in the Default Servlet, avoid generating a protocol relative redirect. (markt)​

Refactor code that adds an additional header name to the Vary HTTP response header to use a common utility method that addresses several additional edge cases. (markt)
62526: Correctly handle PKCS12 format key stores when the key store password is configured to be the empty string. Note that Java 6 does not support PKCS12 key stores configured to use a store password of the empty string. (markt)
62670: Adjust the memory leak protection for the DriverManager so that JDBC drivers located in $CATALINA_HOME/lib and $CATALINA_BASE/lib are loaded via the service loader mechanism when the protection is enabled. (markt)
62685: Correct an error in host name validation parsing that did not allow a fully qualified domain name to terminate with a period. Patch provided by AG. (markt)​

53011: When pre-compiling with JspC, report all compilation errors rather than stopping after the first error. A new option -failFastcan be used to restore the previous behaviour of stopping after the first error. Based on a patch provided by Marc Pompl. (markt)
53492: Make the Java file generation process multi-threaded. By default, one thread will be used per core. Based on a patch by Dan Fabulich. (markt)
62603: Fix a potential race condition when development mode is disabled and background compilation checks are enabled. It was possible that some updates would not take effect and/or ClassNotFoundExceptions would occur. (markt)
Correct the JSP version in the X-PoweredBy HTTP header generated when the xpoweredBy option is enabled. (markt)
62662: Fix the corruption of web.xml output during JSP compilation caused by the fix for 53492. Patch provided by Bernhard Frauendienst. (markt)
Correct parsing of XML whitespace in TLD function signatures that incorrectly only looked for the space character. (markt)​

62596: Remove the limit on the size of the initial HTTP upgrade request used to establish the web socket connection. (markt)​

Web applications
62558: Add Russian translations for the Manager and Host Manager web applications. Based on a patch by Ivan Krasnov. (markt)
62561: Add advanced class loader configuration information regarding the use of the Server and Shared class loaders to the documentation web application. (markt)
Expand the information in the documentation web application regarding the use of CATALINA_HOME and CATALINA_BASE. Patch provided by Marek Czernek. (markt)
62652: Make it clearer that the version of DBCP that is packaged in Tomcat 7.0.x is DBCP 1. (markt)
62666: Expand internationalisation support in the Manager application to include the server status page and provide Russian translations in addition to English. Patch provided by Artem Chebykin. (markt)
62676: Expand the CORS filter documentation to make it clear that explicit configuration is required to enable support for cross-origin requests. (markt)​

Ensures that the specified rxBufSize is correctly set to receiver buffer size. (kfujino)​

Fixed spelling. Patch provided by Jimmy Casey via GitHub. (violetagg)
Correct various spelling errors throughout the source code and documentation. Patch provided by Kazuhiro Sera. (markt)​
  • Treat the <mapped-name> element of a <env-entry> in web.xml in the same way as the mappedName element of the equivalent @Resource annotation. Both now attempt to set the mappedName property of the resource. (markt)
  • Correct the processing of resources with <injection-target>s defined in web.xml. First look for a match using JavaBean property names and then, only if a match is not found, look for a match using fields. (markt)
  • When restoring a saved request with a request body after FORM authentication, ensure that calls to the HttpServletRequest methods getRequestURI(), getQueryString() and getProtocol() are not corrupted by the processing of the saved request body. (markt)
  • Fix startup failure when running under SecurityManager, a regression from the fix for bug 62273. (kkolinko)
    62353: Correct a regression introduced in Tomcat 7.0.86. Restore the ability for Tomcat 7 to run on Java 6 where Common Annotations 1.0 is available. Document the requirement to use the Java endorsed mechanism to use Common Annotations 1.1. (markt)
  • 62350: Refactor org.apache.jasper.runtime.BodyContentImpl so a SecurityException is not thrown when running under a SecurityManger and additional permissions are not required in the catalina.policy file. This is a follow-up to the fix for 43925. (kkolinko/markt)
  • Ensure that the correct default value is returned when retrieve unset properties in McastService. (kfujino)
  • Add a .gitattributes file to make sure that Git handles test data files for bug 52121 as binary. (kkolinko)