EPF balance online - Resolving the Invalid Member_id error / code not in list
While trying to check my
online on , I got an error which says "Invalid Member_id / Data not updated against this". It took me a little while to figure out that the region code and office code have changed and my office pay slip was still showing the old codes (KN/BN/BMS/). Here is how I resolved the problem.I went back to
page and selected Karnataka in the "Select PF Office State" selectbox. Below it there was a list from which you have to select your EPFO Office. Here I got confused as my Office code (which is 3 character long) BMS was not there! I was not able to select the right EPFO office due to which I was getting the Invalid Member_id error.
To search the right EPFO office code I clicked on link "Search your establishment code here".
It presented a screen with quite a bit of information and options. The fourth option seemed promising which said- "I also know the establishment code". I knew my establishment code (Its a number of max 7 digits and 3rd piece of data in your epf code: region code/office code**/establishment code/**extension/account number). So I just entered it and got some records back in which my employer's name was right there on 3rd row with the new office code. The mapping of old-new was - KN/46499/ -& PY/BOM/46499/ which meant my new PF account number would be PY/BOM/.
I selected the new office code 'BOM' in the above EPFO Office list and entered other details. On submitting I got a sms with my EPF account balance information. Yippie!!
A Final Note: In the SMS EE amount means "Employee's contributed amount" and ER amount means "Employer's contributed amount".
Good luck with finding your EPF account balance details! :)
To read all articles related to EPF/PF go to
& 2016, Humlog.net.:-1: error: The Qt version is invalid: qmake does not exist or is not executable - Ask Ubuntu
Ask Ubuntu is a question and answer site for Ubuntu users and developers. J it only takes a minute:
Here's how it works:
Anybody can ask a question
Anybody can answer
The best answers are voted up and rise to the top
When I do deploy to Ubuntu device debug I get the following message
:-1: error: The Qt version is invalid: qmake does not exist or is not executable
13.2k12865
Try to do this:
sudo apt-get install qt5-default
And then create manual Qt version.
4,57871730
Depending on whether you need QT4 or QT5 , install qtbase5-dev
sudo apt-get install qtbase5-dev
and/or install qtbase4-dev
sudo apt-get install qtbase4-dev
respectively...
19.7k1246132
59.4k11131216
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Post as a guest
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
Ask Ubuntu works best with JavaScript enabledApache Tomcat 7 (7.0.82) - ChangelogApache Tomcat 7Version 7.0.82, Sep 29 2017LinksUser GuideReferenceApache Tomcat DevelopmentChangelog
: When running under a SecurityManager, do not print a
warning about not being able to read a logging configuration file when
that file does not exist. (markt)
: Add RFC 7617 support to the
BasicAuthenticator. Note that the default configuration
does not change the existing behaviour. (markt)
: Fix a copy paste error that caused an
UnsupportedEncodingException when using WebDAV. (markt)
Correct regression in 7.0.80 that broke the use of relative paths with
the extraResourcePaths attribute of a
VirtualDirContext. (markt)
: When using the CGI servlet, make the generation of
command line arguments from the query string (as per section 4.4 of RFC
3875) optional. The feature is enabled by default for consistency with
previous releases. Based on a patch by jm009. (markt)
Correct a regression in 7.0.80 and 7.0.81 that wrapped the
DirContext that represented the web application in a
ProxyDirContext twice rather than just once. (markt)
: Fix CVE- and prevent JSPs from being
uploaded via a specially crafted request when HTTP PUT was enabled.
Use the correct path when loading the JVM logging.properties
file for Java 9. (rjung)
: Exclude test files in unusual encodings and markdown
files intended for display in GitHub from RAT analysis. Patch provided
by Chris Thistlethwaite. (markt)
: Enable Tomcat to shutdown cleanly when using sendfile,
the APR/native connector and a multi-part download is in progress.
: Handle the case when OpenSSL resumes a TLS session
using a ticket and the full client certificate chain is not available.
In this case the client certificate without the chain will be presented
to the application. (markt)
Fix random SocketTimeoutExceptions when reading the request
InputStream. Based on a patch by Peter Major. (markt)
: Avoid a NullPointerException in the APR
Poller if a connection is closed at the same time as new data arrives on
that connection. (markt)
Add an option to reject requests that contain HTTP headers with invalid
(non-token) header names with a 400 response. (markt)
: When using the permessage-deflate
extension, correctly handle the sending of empty messages after
non-empty messages to avoid the IllegalArgumentException.
To avoid unexpected session timeout notification from backup session,
update the access time when receiving the map member notification
message. (kfujino)
Add member info to the log message when the failure detection check
fails in TcpFailureDetector. (kfujino)
Avoid Ping timeout until the added map member by receiving
MSG_START message is completely started. (kfujino)
When sending a channel message, make sure that the Sender has connected.
Correct the backup node selection logic that node 0 is returned twice
consecutively. (kfujino)
Fix race condition of responseMap in
RpcChannel. (kfujino)
: Ensure that failed queries are logged if the
SlowQueryReport interceptor is configured to do so and the
connection has been abandoned. Patch provided by Craig Webb. (markt)
: Ensure that transaction of idle connection has
terminated
when the testWhileIdle is set to
true and defaultAutoCommit is set to
false. Patch provided by WangZheng. (kfujino)
: Correctly handle invocations of methods defined in the
PooledConnection interface when using pooled XA
connections. Patch provided by Nils Winkler. (markt)
: Remove the Java Annotation API classes from
tomcat-embed-core.jar and package them in a separate JAR in the
embedded distribution to provide end users with greater flexibility to
handle potential conflicts with the JRE and/or other JARs. (markt)
: Improve the detection of JAVA_HOME by the
daemon.sh script when running on a platform where Java has
been installed from an RPM. (rjung)
Update the packaged version of the Tomcat Native Library to 1.2.14 to
pick up the latest Windows binaries built with APR 1.6.2 and OpenSSL
1.0.2l. (markt)
Update fix for
so that values less than zero are accepted
instead of throwing a NegativeArraySizeException. (remm)
: Correct typos in Spanish translation. Patch provided by
Gonzalo V&squez. (csutherl)
Correct regression in 7.0.80 that broke WebDAV. (markt)
not released
: Avoid NullPointerException if directory
exists on the class path that is not readable by the Tomcat user.
Additional permission for deleting files is granted to JULI as it is
required by FileHandler when running under a Security Manager. The
thread that cleans the log files is marked as daemon thread.
(violetagg)
: Correct a regression in 7.0.78 that broke WebDAV
handling for resources with names that included a &
character. (markt)
If the Content-Language HTTP header is set directly,
attempt to determine the Locale from the header value and call
ServletResponse.setLocale() with the derived Locale.
: When log rotation is disabled only one separator will
be used when generating the log file name. For example if the prefix is
catalina. and the suffix is .log then the log
file name will be catalina.log instead of
catalina..log. Patch provided by Katya Stoycheva.
(violetagg)
: Add warn message when Digester.updateAttributes
throws an exception instead of ignoring it. (csutherl)
: Make the read timeout configurable in the
JNDIRealm and ensure that a read timeout will result in an
attempt to fail over to the alternateURL. Based on patches by Peter
Maloney and Felix Schumacher. (markt)
: Ensure to explicitly signal an empty request body for
HTTP 205 responses. Additional fix to r1795278. Based on a patch
provided by Alexandr Saperov. (violetagg)
: Correct two regressions caused by the fix for
when using BIO with an external Executor. Firstly, use
the maxThreads setting from the Executor as the default for
maxConnections if none is specified. Secondly, use
maxThreads from the Executor when calculating the point at
which to disable keep-alive. (markt)
Add additional logging to record problems that occur while waiting for
the NIO pollers to stop during the Connector stop process. (markt)
Prevent exceptions being thrown during normal shutdown of NIO
connections. This enables TLS connections to close cleanly. (markt)
: Add support for the fork option when
compiling JSPs with the Jasper Ant task and javac. (markt)
: Add support to the WebSocket client for following
redirects when attempting to establish a WebSocket connection. Patch
provided by J Fernandez. (markt)
: Add the ability to set the defaults used by the
Windows installer from a configuration file. Patch provided by Sandra
Madden. (markt)
: CORS filter should set Vary header in response.
Submitted by Rick Riemer. (remm)
: Add a new JULI FileHandler configuration for
specifying the maximum number of days to keep the log files.
(violetagg)
Improve the SSLValve so it is able to handle client
certificate headers from Nginx. Based on a patch by Lucas Ventura Carro.
: Allow the Manager and Host Manager web applications to
start by default when running under a security manager. This was
accomplished by adding a custom permission,
org.apache.catalina.security.DeployXmlPermission, that
permits an application to use a META-INF/context.xml file
and then granting that permission to the Manager and Host Manager.
: Polish the javadoc for
o.a.catalina.startup.Tomcat. Patch provided by
peterhansson_se. (violetagg)
A new configuration property crawlerIps is added to the
o.a.catalina.valves.CrawlerSessionManagerValve. Using this
property one can specify a regular expression that will be used to
identify crawlers based on their IP address. Based on a patch provided
by Tetradeus. (violetagg)
: Log a warning message rather than an information
message if it takes more than 100ms to initialised a
SecureRandom instance for a web application to use to
generate session identifiers. Patch provided by Piotr Chlebda. (markt)
: When an asynchronous request is dispatched via
AsyncContext.dispatch() ensure that
getRequestURI() for the dispatched request matches that of
the original request. (markt)
: Ensure that the SCRIPT_NAME environment
variable for CGI executables is populated in a consistent way regardless
of how the CGI servlet is mapped to a request. (markt)
: Correctly define addConnectorPort and
invalidAuthenticationWhenDeny in the
mbean-descriptors.xml file for the
org.apache.catalina.valves package so that the attributes
are accessible via JMX. (markt)
: Explicitly signal an empty request body for HTTP 205
responses. (markt)
Revert a change introduced in the fix for bug
changed the status code recorded in the access log when the client
dropped the connection from 200 to 500. (markt)
Make asynchronous error handling more robust. In particular ensure that
onError() is called for any registered
AsyncListeners after an I/O error on a non-container
thread. (markt)
: Improve error message when JSP compiler configuration
options are not valid. (markt)
Correct the log message when a MessageHandler for
PongMessage does not implement
MessageHandler.Whole. (rjung)
Improve thread-safety of Futures used to report the result
of sending WebSocket messages. (markt)
: Correct a regression in the previous fix for
that could trigger a deadlock depending on the locking
strategy employed by the client code. (markt)
Better document the meaning of the trimSpaces option for Jasper. (markt)
: Configure the Manager and Host-Manager web
applications to permit serialization and deserialization of
CRSFPreventionFilter related session objects to avoid warning messages
and/or stack traces on web application stop and/or start when running
under a security manager. (markt)
Add JMX support for Tribes components. (kfujino)
: Add HTTP DIGEST authentication support to the Catalina
Ant tasks used to communicate with the Manager application. (markt)
: Add the RELEASE-NOTES file to the root of
the installation created by the Tomcat installer for Windows to make it
easier for users to identify the installed Tomcat version. (markt)
: Document the altDDName attribute for the
Context element. (markt)
: Add missing @Documented annotation to
annotations in the annotations API. Patch provided by Katya Todorova.
: Add missing lookup() method to
@EJB annotation in the annotations API. Patch provided by
Katya Todorova. (markt)
Correct typo in Context Container Configuration Reference.
Patch provided by Katya Todorova. (violetagg)
Allow to exclude JUnit test classes using the build property
test.exclude and document the property in
BUILDING.txt. (rjung)
Review those places where Tomcat re-encodes a URI or URI component and
ensure that that correct encoding (path differs from query string) is
applied and that the encoding is applied consistently. (markt)
Use a more reliable mechanism for the DefaultServlet when
determining if the current request is for custom error page or not.
Ensure that when the Default or WebDAV servlets process an error
dispatch that the error resource is processed via the
doGet() method irrespective of the method used for the
original request that triggered the error. (markt)
If a static custom error page is specified that does not exist or cannot
be read, ensure that the intended error status is returned rather than a
404. (markt)
When the WebDAV servlet is configured and an error dispatch is made to a
custom error page located below WEB-INF, ensure that the
target error page is displayed rather than a 404 response. (markt)
: Add MIME mapping for woff2 fonts in the default
web.xml. Patch provided by Justin Williamson. (violetagg)
Correct the logic that selects the encoding to use to decode the query
string in the SSIServletExternalResolver so that the
useBodyEncodingForURI attribute of the
Connector is correctly taken into account. (markt)
: Respect the documentation statements that allow
using the platform default secure random for session id generation.
Correct the javadoc for
o.a.c.connector.CoyoteAdapter#parseSessionCookiesId.
Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
: Improve the handling of access to properties defined
by interfaces when a BeanELResolver is used under a
SecurityManager. (markt)
: Ensure the flags for reading/writing in
o.a.t.websocket.AsyncChannelWrapperSecure are correctly
reset even if some exceptions occurred during processing. (markt/violetagg)
Document the property test.excludePerformance
in BUILDING.txt. (rjung)
Add documents for maxIdleTime attribute to Channel Receiver
docs. (kfujino)
Refactor the creating a constructor for a proxy class to reduce
duplicate code. (kfujino)
In StatementFacade, the method call on the statements that
have been closed throw SQLException rather than
NullPointerException. (kfujino)
Correct comments about Java 8 in Jre8Compat.
Patch provided by fibbers via Github. (violetagg)
: Correctly escape single quotes when used in i18n
messages. Based on a patch by Michael Osipov. (markt)
: Add support to the
HttpHeaderSecurityFilter for the HSTS preload parameter.
: Ensure NPE will not be thrown when looking for SSL
session ID. Based on a patch by Didier Gutacker. (violetagg)
When using the NIO2 connector, ensure a WebSocket close frame is
processed before the end of stream is processed to ensure that the end
of stream is processed correctly. (markt)
: Correctly spell compressible when used in
configuration attributes and internal code. Based on a patch by Michael
Osipov. (markt)
Improve sendfile handling when requests are pipelined. (markt)
Improve the error handling for simple tags to ensure that the tag is
released and destroyed once used. (remm, violetagg)
: Correctly handle the error when fewer parameter values
than required by the method are used to invoke an EL method expression.
Patch provided by Daniel Gray. (markt)
: Implement equals() and
hashCode() in the StatementFacade in order to
enable these methods to be called on the closed statements if any
statement proxy is set. This behavior can be changed with
useStatementFacade attribute. (kfujino)
Make it easier for sub-classes of Tomcat to modify the
default web.xml settings by over-riding
getDefaultWebXmlListener(). Patch provided by Aaron
Anderson. (markt)
Reduce the contention in the default InstanceManager
implementation when multiple threads are managing objects and need to
reference the annotation cache. (markt)
: Remove final marker from
CorsFilter to enable sub-classing. (markt)
: Security manager failure causing NPEs when doing IO
on some JVMs. (csutherl)
: Update the internal fork of Apache Commons BCEL to
r1782855 to add early access Java 9 support to the annotation scanning
code. (markt)
: Improve error handling for asynchronous processing and
correct a number of cases where the requestDestroyed()
event was not being fired and an entry wasn't being made in the access
logs. (markt)
: Ensure that the Map returned by
ServletRequest.getParameterMap() is fully immutable. Based
on a patch provided by woosan. (markt)
: Correctly cache the Subject in the
session - if there is a session - when running under a
SecurityManager. Patch provided by Jan Engehausen. (markt)
Ensure request and response facades are used when firing application
listeners. (markt/remm)
When HTTP TRACE requests are disabled on the Connector, ensure that the
HTTP OPTIONS response from the WebDAV servlet does not include
TRACE in the returned Allow header. (markt)
Ensure that executor thread pools used with connectors pre-start the
configured minimum number of idle threads. (markt)
: Allow some invalid characters that were recently
restricted to be processed in requests by using the system property
tomcat.util.http.parser.HttpParser.requestTargetAllow.
(csutherl)
Refactor code generated for JSPs to reduce the size of the code required
for tags. (markt)
Make the accessTimeout configurable in
ClusterSingleSignOn. The accessTimeout is used
as a timeout period for PING in replication map. (kfujino)
: To avoid ClassNotFoundException, make
sure that the web application class loader is passed to
ReplicatedContext. (kfujino)
: Correctly create a CONNECT request when
establishing a WebSocket connection via a proxy. Patch provided by
Svetlin Zarev. (markt)
Ensure that NoRpcChannelReply messages are not received on
RpcCallback. (kfujino)
: Take account of the
dispatchersUseEncodedPaths setting on the current
Context when generating paths for dispatches triggered
by AsyncContext.dispatch(). (markt)
: Fix configuration of Eclipse projects, broken by
introduction of SafeForkJoinWorkerThreadFactory helper
class. This class cannot be built with Java 6. (kkolinko)
Update the packaged version of the Tomcat Native Library to 1.2.12 to
pick up the latest Windows binaries built with OpenSSL 1.0.2k. (violetagg)
: Update all unit tests that test the HTTP status line
to check for the required space after the status code. Patch provided by
Michael Osipov. (markt)
Update the NSIS Installer used to build the Windows installer to version
3.01. (markt)
Refactor the build script and the NSIS installer script so that either
NSIS 2.x or NSIS 3.x can be used to build the installer. This is
primarily to re-enable building the installer on the Linux based CI
system where the combination of NSIS 3.x and wine leads to failed
installer builds. (markt)
Make the accessTimeout configurable in
BackupManager. The accessTimeout is used as a
timeout period for PING in replication map. (kfujino)
Ensure the ASF logo image is correctly displayed in docs and
host-manager applications. (violetagg)
not released
: Add HTTP status code 451 (RFC 7725) to the list of
HTTP status codes recognised by Tomcat. (markt)
Correctly handle the configClass attribute of a Host when
embedding Tomcat. (markt)
: Dispose of the GSS credential once it is no longer
required. Patch provided by Michael Osipov. (markt)
: Ensure that a call to
HttpServletRequest#logout() triggers a call to
TomcatPrincipal#logout(). Based on a patch by Michael
Osipov. (markt)
: Correct the javadoc for
o.a.catalina.AccessLog.setRequestAttributesEnabled.
The default value is different for the different implementations.
(violetagg)
: Use consistent parameter naming in implementations of
Realm#authenticate(GSSContext, boolean). (markt)
: Log when an Authenticator passes an
incomplete GSSContext to a Realm since it indicates a bug
in the Authenticator. Patch provided by Michael Osipov.
Update the warnings that reference required options for running on Java
9 to use the latest syntax for those options. (markt)
: Fix thread safety issue with RMI cleanup code. (remm)
Extend the JreMemoryLeakPreventionListener to provide
protection against <monPool() related memory
leaks. (markt)
Ensure that the endpoint is able to unlock the acceptor thread during
shutdown if the endpoint is configured to listen to any local address
of a specific type such as 0.0.0.0 or ::.
Ensure sendfile is enabled by default for APR. (markt)
Prevent read time out when the file is deleted while serving the
response. The issue was observed only with APR Connector and
sendfile enabled. (violetagg)
Improve the logic that selects an address to use to unlock the Acceptor
to take account of platforms what do not listen on all local addresses
when configured with an address of 0.0.0.0 or
::. (markt)
: When unable to complete sendfile request, ensure the
Processor will be added to the cache only once. (markt/violetagg)
: Add support for varargs in UEL expressions. (markt)
: Fix pre-compilation of JSPs that depend on nested tag
files packaged in a JAR. (markt)
: Improve handling of varargs in UEL expressions. Based
on a patch by Ben Wolfe. (markt)
: Restore previous tag reuse behavior following the use
of try/finally. (remm)
Improve the error handling for simple tags to ensure that the tag is
released and destroyed once used. (remm)
: Follow up fix using a better variable name for the
tag reuse flag. (remm)
Revert use of try/finally for simple tags. (remm)
Correct a typo in Host Configuration Reference.
Issue reported via comments.apache.org. (violetagg)
In the documentation web application, be explicit that clustering
requires a secure network for all of the cluster network traffic.
Update the ASF logos to the new versions.
Reduce the warning logs for a message received from a different domain
in order to avoid excessive log outputs. (kfujino)
Add log message that PING message has received beyond the timeout
period. (kfujino)
When a PING message that beyond the time-out period has been received,
make sure that valid member is added to the map membership. (kfujino)
: Avoid possible handshake overflows in the websocket
client. (remm)
: Implement the statistics of jdbc-pool. The stats infos
are borrowedCount, returnedCount,
createdCount, releasedCount,
reconnectedCount, releasedIdleCount and
removeAbandonedCount. (kfujino)
: If validationQuery is not specified,
connection validation is done by calling the isValid()
method. (kfujino)
: Fix testcase of TestSlowQueryReport.
Enable reset the statistics without restarting the pool. (kfujino)
: Change catalina.bat to use directly
LOGGING_MANAGER and LOGGING_CONFIG variables
in order to configure logging, instead of modifying
JAVA_OPTS. Patch provided by Petter Isberg. (violetagg)
New property is added test.verbose in order to control
whether the output of the tests is displayed on the console or not.
Patch provided by Emmanuel Bourg. (violetagg)
Update the ASF logos used in the Apache Tomcat installer for Windows to
use the new versions.
Spelling corrections provided by Josh Soref. (violetagg)
: Ensure that the name of LogLevel is
localized when using OneLineFormatter. Patch provided by
Tatsuya Bessho. (kfujino)
: Improve the exception error messages when a
ResourceLink fails to specify the type, specifies an
unknown type or specifies the wrong type. (markt)
: Ignore empty lines in /etc/passwd files
when using the PasswdUserDatabase. (markt)
Improve the access checks for linked global resources to handle the case
where the current class loader is a child of the web application class
loader. (markt)
: Log a warning if deserialization issues prevent a
session attribute from being loaded. (markt)
Correctly test for control characters when reading the provided shutdown
password. (markt)
When configuring the JMX remote listener, specify the allowed types for
the credentials. (markt)
: Avoid potential threading issues that could cause
excessively large vales to be returned for the processing time of
a current request. (markt)
: Log instances of HeadersTooLargeException
during request processing. (markt)
Correct the HTTP header parser so that DEL is not treated as a valid
token character. (markt)
: When using an Executor, disconnect it from the
Connector attributes maxThreads,
minSpareThreads and threadPriority to enable
the configuration settings to be consistently reported. These Connector
attributes will be reported as -1 when an Executor is in
use. The values used by the executor may be set and obtained via the
Executor. (markt)
If an I/O error occurs during async processing on a non-container
thread, ensure that the onError() event is triggered.
Improve detection of I/O errors during async processing on non-container
threads and trigger async error handling when they are detected. (markt)
Add additional checks for valid characters to the HTTP request line
parsing so invalid request lines are rejected sooner. (markt)
Add an example of using the classesToInitialize attribute
of the JreMemoryLeakPreventionListener to the documentation
web application. Based on a patch by Cris Berneburg. (markt)
: Correct a typo in the status output of the Manager
application. Patch provided by
Radhakrishna Pemmasani. (markt)
Correct a typo in HTTP Connector How-To.
Issue reported via comments.apache.org. (violetagg)
Fix default value of validationInterval attribute in
jdbc-pool. (kfujino)
Correct a typo in CGI How-To.
Issue reported via comments.apache.org. (violetagg)
: Add a note to BUILDING.txt regarding using the source
bundle with the correct line endings. (markt)
When the proxy node sends a backup retrieve message, ensure that using
the channelSendOptions that has been set rather than the
default channelSendOptions. (kfujino)
: Ensure that use all method arguments as a cache key
when using StatementCache. (kfujino)
: Correct Javadocs for
PoolConfiguration.getValidationInterval and
setValidationInterval. Reported by Phillip Webb. (kfujino)
Add documentation to the bin/catalina.bat script to remind users that
environment variables don't affect the configuration of Tomcat when
run as a Windows Service. Based upon a documentation patch by
James H.H. Lampert. (schultz)
Ensure Digester.useContextClassLoader is considered in
case the class loader is used. (violetagg)
: Remove preloading of the class that was deleted.
(violetagg)
Notify jmx when returning the connection that has been marked suspect.
Ensure that the POOL_EMPTY notification has been added to
the jmx notification types. (kfujino)
Update the packaged version of the Tomcat Native Library to 1.2.10 to
pick up the latest Windows binaries built with OpenSSL 1.0.2j. (markt)
not released
: Add debug logging for requests denied by the remote
host and remote address valves and filters. Based on a patch by Graham
Leggett. (markt)
Change the default of the
sessionCookiePathUsesTrailingSlash attribute of the
Context element to false since the problems
caused when a Servlet is mapped to /* are more significant
than the security risk of not enabling this option by default. (markt)
: Modify the LockOutRealm logic. Valid authentication
attempts during the lock out period will no longer reset the lock out
timer to zero. (markt)
Improve error handling around user code prior to calling
InstanceManager.destroy() to ensure that the method is
executed. (markt)
Ensure that reading the singleThreadModel attribute of a
StandardWrapper via JMX does not trigger initialisation of
the associated servlet. With some frameworks this can trigger an
unexpected initialisation thread and if initilisation is not thread-safe
the initialisation can then fail. (markt)
By default, treat paths used to obtain a request dispatcher as encoded.
This behaviour can be changed per web application via the
dispatchersUseEncodedPaths attribute of the Context.
: Apply roleSearchAsUser to all nested searches
in JNDIRealm. (fschumacher)
Provide a mechanism that enables the container to check if a component
(typically a web application) has been granted a given permission when
running under a SecurityManager without the current execution stack
having to have passed through the component. Use this new mechanism to
extend SecurityManager protection to the system property replacement
feature of the digester. (markt)
When retrieving an object via a ResourceLink, ensure that
the object obtained is of the expected type. (markt)
: When scanning WEB-INF/classes for
annotations, don't scan the contents of
WEB-INF/classes/META-INF (if present) since classes will
never be loaded from that location. (markt)
: Fix an edge case in input stream handling where an
IOException could be thrown when reading a POST body.
: Do not start the web application if the error page
configuration in web.xml is invalid. (markt)
Switch the CGI servlet to the standard logging mechanism and remove
support for the debug attribute. (markt)
Add a new initialisation parameter, envHttpHeaders, to
the CGI Servlet to mitigate
() by default and to provide a mechanism that can be
used to mitigate any future, similar issues. (markt)
When adding and removing ResourceLinks dynamically, ensure
that the global resource is only visible via the
ResourceLinkFactory when it is meant to be. (markt)
: When processing CORs requests, treat any origin with a
URI scheme of file as a valid origin. (markt)
Improve handling of exceptions during a Lifecycle events triggered by a
state transition. The exception is now caught and the component is now
placed into the FAILED state. (markt)
Fix a file descriptor leak when reading the global web.xml. (markt)
: Better error message if a JAR is deleted while a web
application is running. Note: Deleting a JAR while the application is
running is not supported and errors are expected. Based on a patch by
gehui. (markt)
Improve error handling around user code prior to calling
InstanceManager.destroy() to ensure that the method is
executed. (markt)
: Add a limit (default 200) for the number of cookies
allowed per request. Based on a patch by gehui. (markt)
Make timing attacks against the Realm implementations harder. (schultz)
Refactor the code that implements the requirement that a call to
complete() or dispatch() made from a
non-container thread before the container initiated thread that called
startAsync() completes must be delayed until the container
initiated thread has completed. Rather than implementing this by
blocking the non-container thread, extend the internal state machine to
track this. This removes the possibility that blocking the non-container
thread could trigger a deadlock. (markt)
Improve error handling around user code prior to calling
InstanceManager.destroy() to ensure that the method is
executed. (markt)
Improve the error handling for custom tags to ensure that the tag is
returned to the pool or released and destroyed once used. (markt)
Fixed StringIndexOutOfBoundsException. Based on a patch provided by
wuwen via Github. (violetagg)
Improve error handling around user code prior to calling
InstanceManager.destroy() to ensure that the method is
executed. (markt)
: Clarify the documentation for the Manager web
application to make clearer that the host name and IP address in the
server section are the primary host name and IP address. (markt)
: Ensure that a reason phrase is included in the close
message if a session is closed due to a timeout. (markt)
Do not log an additional case of IOExceptions in the
error handler for the Drawboard WebSocket example when the root cause is
the client disconnecting since the logs add no value. (markt)
: Mention the localDataSource in the
DataSourceRealm section of the Realm How-To. (markt)
Follow-up to the fix for . Ensure that the new attribute
transportGuaranteeRedirectStatus is documented for all
Realms. Also document the NullRealm and
when it is automatically created for an Engine. (markt)
MBeans Descriptors How-To is moved to
mbeans-descriptors-howto.html. Patch provided by Radoslav
Husar. (violetagg)
: Correct a typo in the Manager How-To page of the
documentation web application. (markt)
Add log message when the ping has timed-out. (kfujino)
If the ping message has been received at the
AbstractReplicatedMap#leftOver method, ensure that notify
the member is alive than ignore it. (kfujino)
Fix the duplicated connection release when connection verification
failed. (kfujino)
Ensure that do not remove the abandoned connection that has been already
released. (kfujino)
In order to avoid the unintended skip of PoolCleaner,
remove the check code of the execution interval in the task that has
been scheduled. (kfujino)
: Ensure that the connection verification is executed by
initSQL (if required) if the borrowing
PooledConnection has not been initialized. (kfujino)
: Ensure that the ResultSet is closed when
enabling the StatementCache interceptor. (kfujino)
: Reduce the default value of
validationInterval in order to avoid the potential issue
that continues to return an invalid connection after database restart.
Ensure that the ResultSet is returned as Proxy object when
enabling the StatementDecoratorInterceptor. (kfujino)
: Ensure that the suspectTimeout works
without removing connection when the removeAbandoned is
disabled. (kfujino)
Add log message of when returning the connection that has been marked
suspect. (kfujino)
Correct Javadoc for ConnectionPool.suspect(). Based on a
patch by Yahya Cahyadi. (markt)
Use the mirror network rather than the ASF master site to download the
current ASF dependencies. (markt)
Update the packaged version of the Tomcat Native Library to 1.2.8 to
pick up the latest fixes and make 1.2.8 the minimum recommended version.
Fixed typos in mbeans-descriptors.xml files. (violetagg)
Update the internal fork of Commons BCEL to r1757132 to align with the
BCEL 6 release. (markt)
Update the internal fork of Commons Codec to r1757174. Code formatting
changes only. (markt)
Update the internal fork of Commons FileUpload to afdedc9. This pulls in
a fix to improve the performance with large multipart boundaries.
Update the download location for Objenesis. (violetagg)
: Ensure AsyncListener.onError() is called
if an Exception is thrown during async processing. (markt)
: Ensure that AsyncListener.onComplete() is
called if the async request times out and the response is already
committed. (markt)
: ServletRequest.getAsyncContext() now
throws an IllegalStateException as required by the Servlet
specification if the request is not in asynchronous mode when called.
: Do not add a Content-Length: 0 header for
custom responses to HEAD requests that do not set a
Content-Length value. (markt)
When normalizing paths, improve the handling when paths end with
/. or /.. and ensure that input and output are
consistent with respect to whether or not they end with /.
: Ensure that
HttpServletRequest.getRequestURI() returns an encoded URI
rather than a decoded URI after a dispatch. (markt)
Ensure that the value for the header X-Frame-Options is
constructed correctly according to the specification when
ALLOW-FROM option is used. (violetagg)
: Add a new option to the Realm implementations that
ship with Tomcat that allows the HTTP status code used for HTTP -& HTTPS
redirects to be controlled per Realm. (markt)
: In ContainerBase, ensure that the process
to remove a child container is the reverse of the process to add one.
Patch provided by Huxing Zhang. (markt)
RMI Target related memory leaks are avoidable which makes them an
application bug that needs to be fixed rather than a JRE bug to work
around. Therefore, start logging RMI Target related memory leaks on web
application stop. Add an option that controls if the check for these
leaks is made. Log a warning if running on Java 9 with this check
enabled but without the command line option it requires. (markt)
Fix a potential concurrency issue with the web application class loader
concurrent reads and writes of the resource cache. (markt)
: Within the web application class loader, always use
path as the key for the resource cache to improve the hit ratio. This
also fixes a problem exposed by the fix for
enabled file based configuration resources to be loaded from the class
path. (markt)
Fix error message when failed to register MBean. (kfujino)
: Fix a connection counting bug in the NIO connector
that meant some dropped connections were not removed from the current
connection count. (markt)
: Do not recycle upgrade processors in unexpected close
situations. (remm)
Ensure that requests with HTTP method names that are not tokens (as
required by RFC 7231) are rejected with a 400 response. (markt)
When an asynchronous request is processed by the AJP connector, ensure
that request processing has fully completed before starting the next
request. (markt)
If an async dispatch results in the completion of request processing,
ensure that any remaining request body is swallowed before starting the
processing of the next request else the remaining body may be read as the
start of the next request leading to a 400 response. (markt)
Fix a memory leak in the expression language implementation that caused
the class loader of the first web application to use expressions to be
pinned in memory. (markt)
: Enforce the requirements of section 7.3.1 of the JSP
specification regarding the permitted locations for TLD files. Patch
provided by Huxing Zhang. (markt)
Ensure that a client disconnection triggers the error handling for the
associated WebSocket end point. (markt)
Correct a typo in SSL/TLS Configuration How-To.
Issue reported via comments.apache.org. (violetagg)
: Update the SSL how-to. Based on a suggestion by
Alexander Kj&ll. (markt)
Fix potential NPE that depends on the setting order of attributes of
static member when using the static cluster. (kfujino)
Add get/set method for the channel that is related to
ChannelInterceptorBase. (kfujino)
As with the multicast cluster environment, in the static cluster
environment, the local member inherits properties from the cluster
receiver. (kfujino)
Add get/set method for the channel that is related to each Channel
services. (kfujino)
Add name to channel in order to identify channels. In tomcat cluster
environment, it is set the cluster name + "-Channel" as default value.
Add the channel name to the thread which is invoked by channel services
in order to identify the associated channel. (kfujino)
Ensure that clear the channel instance from channel services when
stopping channel. (kfujino)
Implement map state in the replication map. (kfujino)
Ensure that the ping is not executed during the start/stop of the
replication map. (kfujino)
In ping processing in the replication map, send not the
INIT message but the newly introduced PING
message. (kfujino)
Fix a memory leak with the pool cleaner thread that retained a reference
to the web application class loader for the first web application to use
a connection pool. (markt)
Update the packaged version of the Tomcat Native Library to 1.2.7 to
pick up the Windows binaries that are based on OpenSSL 1.0.2h and APR
1.5.2. (violetagg/markt)
Remove native code (Windows Service Wrapper, APR/native connector)
support for Windows Itanium. (markt)
Update the internal fork of Commons File Upload to r.3.1 plus
additional fixes). (markt)
: Add support for a new environment variable
(USE_NOHUP) that causes nohup to be used when
starting Tomcat. It is disabled by default except on HP-UX where it is
enabled by default since it is required when starting Tomcat at boot on
HP-UX. (markt)
Fix the type of InstanceManager attribute of mbean
definition of StandardContext. (kfujino)
: Make the server build date and server version number
accessible via JMX. Patch provided by
Huxing Zhang. (markt)
: Correctly handle the case when Tomcat is installed on
a path where one of the segments ends in an exclamation mark. (markt)
Expand the fix for
to cover the special sequences used
in Tomcat's custom jar:war: URLs. (markt)
: Avoid warning while expiring sessions associated with
a single sign on if HttpServletRequest.logout() is used.
: Ensure that using the
CrawlerSessionManagerValve in a distributed environment
does not trigger an error when the Valve registers itself in the
session. (markt)
Log a warning message if a user tries to configure the default session
timeout via the deprecated (and ignored)
Manager.setMaxInactiveInterval() method. (markt)
Correct a regression introduced in 7.0.68 where the deprecated
Manager.getMaxInactiveInterval() method returned the
current default session timeout in minutes rather than seconds. (markt)
When a Host is configured with an appBase that does not exist, create
the appBase before trying to expand an external WAR file into it.
: When using the Servlet 3.0 file upload, the submitted
file name may be provided as a token or a quoted-string. If a
quoted-string, unquote the string before returning it to the user.
: Close NamingEnumeration objects used by
the JNDIRealm once they are no longer required.
(fschumacher/markt)
: Correct a false positive warning for ThreadLocal
related memory leaks when the key class but not the value class has been
loaded by the web application class loader. (markt)
: Don't log an invalid warning when a user logs out of
a session associated with SSO. (markt)
: Fix a regression in the fix for
added additional (and arguably unnecessary) validation to the provided
redirect location. (markt)
: Ensure NPE will not be thrown by
o.a.tomcat.util.file.ConfigFileLoader when
catalina.base is not specified. (violetagg)
: Async dispatches should be based off a wrapped request.
: Remove duplication in the recycling of the path in
o.a.tomcat.util.http.ServerCookie. Patch is provided by
Kyohei Nakamura. (violetagg)
Ensure that javax.servlet.ServletRequest and
javax.servlet.ServletResponse provided during
javax.servlet.AsyncListener registration are made
available via javax.servlet.AsyncEvent.getSuppliedRequest
and javax.servlet.AsyncEvent.getSuppliedResponse
(violetagg)
Clarify the log message that specifying both urlPatterns and value
attributes in WebServlet and WebFilter annotations is not allowed.
(violetagg)
Ensure the exceptions caused by Valves will be available in the log
files so that they can be evaluated when
o.a.catalina.valves.ErrorReportValve.showReport is
disabled. Patch is provided by Svetlin Zarev. (violetagg)
: Preload ResourceEntry as a workaround for security
manager issues on some JVMs. (kkolinko/remm)
: Correct the implementation of
PersistentManagerBase so that minIdleSwap
functions as designed and sessions are swapped out to keep the active
session count below maxActiveSessions. (markt)
: Correct a problem with sendfile that resulted in a
Processor being added to the cache twice leading to broken responses.
: Fix potential cause of endless APR Poller loop during
shutdown if the Poller experiences an error during the shutdown process.
Limit the default TLS ciphers for JSSE (BIO, NIO) and OpenSSL (APR) to
those currently considered secure. (markt)
Add a new environment variable JSSE_OPTS that is intended
to be used to pass JVM wide configuration to the JSSE implementation.
The default value is -Djdk.tls.ephemeralDHKeySize=2048
which protects against weak Diffie-Hellman keys. (markt)
: Ensure that a WebSocket close message can be sent
after a close message has been received. (markt)
Correctly handle compression of partial messages when the final message
fragment has a zero length payload. (markt)
Extend the WebSocket programmatic echo endpoint provided in the examples
to handle binary messages and also partial messages. This aligns the
code with Tomcat 8 and makes it easier to run the Autobahn testsuite
against the WebSocket implementation. (markt)
: Correct read logic for WebSocket client when using
secure connections. (markt)
: Correct client connect logic for secure connections
made through a proxy. (markt)
: Explicitly release the native memory held by the
Inflater and Deflater when using
PerMessageDeflate and the WebSocket session ends. Based on a patch by
Henrik Olsson. (markt)
Correct the description of the
ServletRequest.getServerPort() in Proxy How-To.
Issue reported via comments.apache.org. (violetagg)
Fix a potential indefinite wait in the Comet Chat servlet in the
examples web application. (markt)
: Fix error in HTTP docs and make clear the the HTTP NIO
connector uses non-blocking I/O to read the HTTP request headers.
Update in the documentation the link to the maven repository where
Tomcat snapshot artifacts are deployed. (markt/violetagg)
Clarify in the documentation that calls to
ServletContext.log(String, Throwable) or
GenericServlet.log(String, Throwable) are logged at the
SEVERE level. (violetagg)
If promoting a proxy node to a primary node when getting a session,
notify the change of the new primary node to the original backup node.
Avoid NPE when a proxy node failed to retrieve a backup entry. (kfujino)
Add log of when received an unexpected messages. (kfujino)
Add the flag indicating that member is a localMember. (kfujino)
: Change the default download location for libraries
during the build process from /usr/share/java to
${user.home}/tomcat-build-libs. Patch provided by
Ahmed Hosni. (markt)
: When using the Windows uninstaller, do not remove the
contents of any directories that have been symlinked into the Tomcat
directory structure. (markt)
Modify the default tomcat-users.xml file to make it harder
for users to configure the entries intended for use with the examples
web application for the Manager application. (markt)
: Add hamcrest to Eclipse classpath. Patch is provided
by Huxing Zhang. (violetagg)
: Update the NSIS Installer used to build the
Windows Installers to version 2.51. (kkolinko)
Allow to configure multiple JUnit test class patterns with the build
property test.name and document the property in
BUILDING.txt. (rjung)
Correct implementation of
validateClientProvidedNewSessionId so client provided
session IDs may be rejected if validation is enabled. (markt)
: Avoid NullPointerException if directory
exists on the class path that is not readable by the Tomcat user.
(kkolinko)
: Suppress WebappClassLoader log messages when running
with a security manager on Java 6, caused by
java.beans.Introspector.findExplicitBeanInfo() calls
during evaluation of EL expressions. (kkolinko)
: Make StandardJarScanner more robust. Log
a warning if a class path entry cannot be scanned rather than triggering
the failure of the web application. (markt)
: Reset the instanceInitialized field in
StandardWrapper when unloading a Servlet so that a new
instance may be correctly initialized. (markt)
: Ensure an access log entry is generated if the client
aborts the connection. (markt)
Fixed various issues reported by Findbugs. (violetagg)
: Add support for the X-XSS-Protection
header to the HttpHeaderSecurityFilter. Patch provided by
Jacopo Cappellato. (markt)
: Correctly handle the case where an
AsyncListener dispatches to a Servlet on an asynchronous
timeout and the Servlet uses sendError() to trigger an
error page. Includes a test case based on code provided by Andy
Wilkinson.(markt)
: Change default for
mapperContextRootRedirectEnabled to true since
this is required for correct session management because of the default
for sessionCookiePathUsesTrailingSlash. (markt)
Add the StatusManagerServlet to the list of Servlets that
can only be loaded by privileged applications. (markt)
Simplify code and fix messages in
org.apache.catalina.core.DefaultInstanceManager class.
(kkolinko)
Ensure that the proper file encoding if specified will be used when
a readme file is served by DefaultServlet. (violetagg)
Fix declaration of localPort attribute of Connector MBean:
it is read-only. (kkolinko)
: Make skipping non-class files during annotation
scanning faster by checking the file name first. Improve debug logging.
(kkolinko)
: Log a warning if a redirect fails because of an
invalid location. (markt)
: Correctly merge query string parameters when
processing a forwarded request where the target includes a query string
that contains a parameter with no value. (markt/kkolinko)
Make sure that shared Digester is reset in an unlikely error case
in HostConfig.deployWAR(). (kkolinko)
Fix a potential JDBC resource leak in DataSourceRealm. (schultz)
: Correctly undeploy symlinked resources and prevent an
infinite cycle of deploy / undeploy. (markt)
Protect initialization of ResourceLinkFactory when
running with a SecurityManager. (kkolinko)
Extend the feature available in the cluster session manager
implementations that enables session attribute replication to be
filtered based on attribute name to all session manager implementations.
Note that configuration attribute name has changed from
sessionAttributeFilter to
sessionAttributeNameFilter. Apply the filter on load as
well as unload to ensure that configuration changes made while the web
application is stopped are applied to any persisted data. (markt)
Extend the session attribute filtering options to include filtering
based on the implementation class of the value and optional
WARN level logging if an attribute is filtered. These
options are available for all of the Manager implementations that ship
with Tomcat. When a SecurityManager is used filtering will
be enabled by default. (markt)
: Ensure that Tomcat.silence() silences the
correct logger and respects the current setting. (markt)
: Ensure that the request parameter map remains
immutable when processing via a RequestDispatcher. (markt)
New configuration option ajpFlush for the AJP connectors
to disable the sending of AJP flush packets. (rjung)
Fix handling of missing messages in
org.apache.el.util.MessageFactory. (violetagg)
Ignore engineOptionsClass and scratchdir when
running under a security manager. (markt)
In order to avoid that the heartbeat thread and the background thread to
run Channel.heartbeat simultaneously, if
heartbeatBackgroundEnabled of SimpleTcpCluster
set to true, ensure that the heartbeat thread does not
start. (kfujino)
: Ensure onClose() is called when a
WebSocket connection is closed even if the sending of the close message
fails. Includes test cases by Barry Coughlan. (markt)
Fix a timing issue on session close that could result in an exception
being thrown for an incomplete message even through the message was
completed. (markt)
Correct some typos in the JNDI resources How-To. (markt)
Don't create sessions unnecessarily in the Manager application. (markt)
Don't create sessions unnecessarily in the Host Manager application.
: Clarify documentation and error messages for the text
interface of the manager to make clear that version must be used with
path when referencing contexts deployed using parallel deployment.
Correct an error in the documentation of the expected behaviour for
automatic deployment. If a WAR is updated and an expanded directory is
present, the directory will always be deleted and recreated by expanding
the WAR if unpackWARs is true. (markt)
: Remove incorrect references in the documentation to
using jar:file: URLs with the Manager application. (markt)
Add support for the startup notification of local members in the static
cluster. (kfujino)
Ignore the unnecessary member remove operation from different domain.
Add support for the shutdown notification of local members in the static
cluster. (kfujino)
Ensure that asynchronous session replication thread is a daemon thread.
Update the NSIS Installer used to build the Windows Installers to
version 2.50. (markt/kkolinko)
: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later
redirects to use relative URIs. This is controlled by a new attribute
useRelativeRedirects on the Context and
defaults to true. (markt)
: Correct a regression in 7.0.66 caused by the change
that moved the redirection for context roots from the Mapper to the
Default Servlet. (markt)
Fixed potential NPE in HostConfig while deploying an
application. Issue reported by coverity scan. (violetagg)
IllegalStateException when
calling HttpServletResponse.sendRedirect() with the
RemoteIpFilter. This was caused by trying to correctly
generate the absolute URI for the redirect. With the fix for
, redirects may now be relative making the
sendRedirect() implementation for the
RemoteIpFilter much simpler. This also addresses issues
where the redirect may not have behaved as expected when redirecting
from http to https to from https to http. (markt)
: Correct a regression in 7.0.66 that prevented Tomcat
from starting on Java 6 unless the WebSocket JARs (that require Java 7)
were removed. (markt)
Add a description of the default value of
heartbeatSleeptime attribute and optionCheck
attribute in the cluster channel docs. (kfujino)
Fix potential NPE in AbstractReplicatedMap.breakdown().
not released
: Clarify the description in RUNNING.txt of how
environment variables are used. (markt)
: Only load those keys in StoreBase.processExpire
from JDBCStore, that are old enough, to be expired. Based on a patch
by Tom Anderson. (fschumacher)
: Allow file based configuration resources (user
database, certificate revocation lists, keystores and trust stores) to
be configured using URLs as well as files. Back-port provided by Huxing
Zhang. (markt/violetagg)
: Enable the CGI servlet to use the standard error page
mechanism. Note that if the CGI servlet's debug init parameter is
set to 10 or higher then the standard error page mechanism will be
bypassed and a debug response generated by the CGI servlet will be
returned instead. (markt)
: Protect against two further possible memory leaks
associated with XML parsing. (markt)
: Make AbstractHttp11Processor easy to
extend. (markt)
: Escape role names when generating associated MBeans in
case the role name contains characters not permitted in an MBean name.
: Fixed concurrency issue when iterating web
application's resources. (violetagg)
: Removed repeated conditional tests in
o.a.tomcat.websocket.pojo.PojoMethodMapping and
o.a.tomcat.util.net.AprEndpoint
Patch provided by Anthony Whitford. (violetagg)
: Use Collections.reverseOrder
when a reverse ordering is needed. (violetagg)
: Some of the inner classes in
o.a.catalina.valves.ExtendedAccessLogValve are made static.
Patch provided by Anthony Whitford. (violetagg)
: Removed unused code from
o.a.catalina.connector.Request.
Patch provided by Anthony Whitford. (violetagg)
, : It is more efficient to call
Integer.toString(int) instead of
Integer.valueOf(int).toString() when only a string
representation of a primitive is needed. Based on a patch provided by
Anthony Whitford. (violetagg)
, : It is more efficient to call
valueOf(...) instead of Number constructor. Based on a
patch provided by Anthony Whitford. (violetagg)
: In some use cases it is more efficient to use
Map.entrySet() instead of Map.keySet()
Based on a patch provided by Anthony Whitford. (violetagg)
Add a new RestCsrfPreventionFilter that provides basic CSRF protection
for REST APIs. (violetagg)
: If a custom error page fails, fall back to the
standard error page rather than throwing an NPE. Based on a patch by
Huxing Zhang. (markt)
: Combined realm should perform background processing
on its sub-realms. Based upon a patch provided by Aidan. (kkolinko)
Handle the unlikely case where different versions of a web application
are deployed with different session settings. (markt)
Add a new Context option, enabled by default, that enables an additional
check that a client provided session ID is in use in at least one other
web application before allowing it to be used as the ID for a new
session in the current web application. (markt)
Add support for DIGEST authentication to the JNDIRealm. Based on a patch
by Alexis Hassler. (markt)
: Ensure that
HttpServletRequest.getRequestURL() returns the correct
value when using the RemoteIpFilter. (markt)
Ensure that in an embedded Tomcat the logging configuration is
not lost during garbage collection. (violetagg)
Move the functionality that provides redirects for context roots and
directories where a trailing / is added from the Mapper to
the DefaultServlet. This enables such requests to be
processed by any configured Valves and Filters before the redirect is
made. This behaviour is configurable via the
mapperContextRootRedirectEnabled and
mapperDirectoryRedirectEnabled attributes of the Context
which may be used to restore the previous behaviour. (markt)
: Enable break points to be set within agent code when
running Tomcat with a Java agent. Based on a patch by Huxing Zhang.
Add path parameter handling to
HttpServletRequest.getContextPath(). This is a follow-up to
the fix for . (markt)
: Implement a setting that controls what quoting
rule is used when parsing EL expressions in attributes on a JSP page
(chapter JSP.1.6 of specification). The setting name is
quoteAttributeEL and it is configured as initialisation
parameter of JSP Servlet (per web application configuration is possible)
and as a command line option for JspC. The default value was changed to
true, which restores behaviour implemented in
Tomcat 7.0.64. It means that attribute quoting is applied on top of EL
quoting. This provides better compatibility with older versions of
Tomcat and other implementations. (kkolinko)
Optimize the session lock range in DeltaManager.requestCompleted.
Enable an explicit configuration of local member in the static cluster
membership. (kfujino)
Fix potential integer overflow in DeltaSession.
Reported by coverity scan. (fschumacher)
Distinguish the handling of the shutdown payload and member verification
clearly. When handling shutdown payload, verification completion message
is not required. (kfujino)
When starting the StaticMembershipInterceptor,
StaticMembershipInterceptor checks
the required
Interceptors. If the required Interceptor does not exist, it issues
warning logs. (kfujino)
Ensure that the static member is registered to the add suspect list even
if the static member that is registered to the remove suspect list has
disappeared. (kfujino)
Correct the warning log of when the member that is not registered in the
membership is detected. (kfujino)
When using a static cluster, add the members that have been cached in
the membership service to the map members list in order to ensure that
the map member is a static member. (kfujino)
Use instance manager for server endpoint instances. (remm)
: The WebSocket client now honors the
java.net.java.net.ProxySelector configuration (using the
HTTP type) when establishing WebSocket connections to servers. Based on
a patch by Niki Dokovski. (markt)
: Correct a thread safety issue that meant that blocking
message writes could block indefinitely if the WebSocket connection was
closed while a message write was in progress. (markt)
Make it clear in the documentation for the CGI servlet that the debug
page is not considered secure and should not be used in production.
The domain attribute of StaticMember is not
required but optional. (kfujino)
: Correct the continuation character use in the Windows
Service How-To page of the documentation web application. (markt)
: Correct QueryStatsComparator to hold up the
general contract for Comparator. (fschumacher)
When creating a QueryStats object, ensure that
maxQueries is checked. If maxQueries is a
value less than or equal to 0, QueryStats are never
created. (kfujino)
Fix potential integer overflow in ConnectionPool and
PooledConnection. Reported by coverity scan. (fschumacher)
: Add a web application class loader implementation that
supports the parallel loading of web application classes. Use of this
feature requires a Java 7 or later JRE. Based on a patch by Huxing
Zhang. (markt)
: Correct a regression in the fix for
that meant that deployment of web applications deployed via the Manager
application was delayed until the next execution of the automatic
deployment background process. (markt)
: Correctly implement session serialization so
non-serializable attributes are skipped with a warning. Patch provided
by Andrew Shore. (markt)
: Fix concurrent access of encoders map when clearing
encoders prior to switch to async. (markt)
: Fix concurrent access of request attributes which is
possible during asynchronous processing. (markt)
In preparation for implementing enhancement , replace
the use of the StandardClassLoader with
URLClassLoader. This removes the server class loader from
JMX. (markt)
: Always trigger a thread dump if Tomcat fails to stop
gracefully from catalina.sh even if using
-force. Patch provided by
Alexandre Garnier. (markt)
: Correctly detect when a forced stop fails to stop
Tomcat because the Tomcat process is waiting on some system call or is
uninterruptible. (markt)
: Fix some rare data races in JULI's
ClassLoaderLogManager during shutdown. (markt)
Correct some edge cases in RequestUtil.normalize(). (markt)
: The IBM JREs accept cipher suite names starting with
TLS_ or SSL_ but when listing the supported
cipher suites only the SSL_ version is reported. This can
break Tomcat's check that at least one requested cipher suite is
supported. Tomcat now includes a work-around so either form of the
cipher suite name can be used when running on an IBM JRE. (markt)
: For reasons not currently understood when the
APR/native connector is used with OpenSSL reads can return an error code
when there is no apparent error. This was work-around for HTTP upgrade
connections by treating this as EAGAIN. The same fix has
now been applied to the standard HTTP connector. (markt)
: Remove useless sendfile check for NIO SSL. (remm)
: Correct a regression in the previous fix for this
issue. \${ should only be an escape for ${
within an EL expression. Within a JSP page \$ should be an
escape for $. The EL specification applies when parsing the
expression delimited by ${ and }. Parsing of
the delimiting ${ and } is the responsibility
of the JSP specification. (markt)
: Fix a memory leak in the JSP unloading feature that
meant that using a value other than -1 for
maxLoadedJsps triggered a memory leak once the limit was
reached. (markt)
: Improve error reporting for tag files packaged in
JARs. (markt)
: Ensure that JSPs work with any custom base class that
meets the requirements defined in the JSP specification without
requiring that base class to implement Tomcat specific code. (markt)
Fix a default clusterListeners in SimpleTcpCluster. The
optimal default value is different for each session manager.
ClusterSessionListener is never used in
BackupManager. (kfujino)
Correct log messages in case of using BackupManager.
: Fix a copy and paste error that meant MessageHandler
removal could fail for binary and pong MessageHandlers. Patch provided
by DJ. (markt)
: Correctly handle sending zero length messages when
using per message deflate. (markt)
Correct documentation for cluster-howto. (kfujino)
Ensure JULI adapters does not include the LogFactoryImpl class. Patch
provided by Benjamin Gandon. (markt)
Add support for configurations of ChannelListener and
MembershipListener in server.xml. (kfujino)
Correct log messages in case of using ReplicatedMap.
Make sure the pool has been properly configured when attributes that
related to the pool size are changed via JMX. (kfujino)
: Facilitate weaving by allowing ClassFileTransformer to
be added to WebappClassLoader. Patch by Nick Williams. (markt)
: Make the (first) reason parameter parsing failed
available as a request attribute and then use it to provide a better
status code via the FailedRequstFilter (if configured). (markt)
: Ensure that WAR URLs are handled properly when using
Apache Ant for web application deployment. (violetagg)
: Fix cosmetic error log when using non standard
non cacheable resources, like with the empty resources used in some
tests. (remm)
: Classes loaded from /WEB-INF/classes/
should use that directory as their code base. (markt)
Fix possible resource leaks by closing streams properly.
Issues reported by Coverity Scan. (violetagg)
: Fix a regression in the fix for
broke Comet support when running under a security manager. Based on a
patch provided by Johno Crawford. (markt)
: Fix a thread safety issues that could mean concurrent
threads setting the same attribute on a ServletContext
could both see null as the old value. (markt)
: Correct a regression in the previous fix for
. Ensure that cla