Download Apache Tomcat 7.0.6

Apache Tomcat is a Web container developed by the Apache Software Foundation. Tomcat runs Java Servlets and JavaServer Pages and provides an http web environment on which Java code can be run directly. For more information, please refer to this page. The developers released version 7.0.6 a few days ago with the following announcement and list of changes:

Tomcat 7.0.6 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.6 of Apache Tomcat. This is the first stable release of the Tomcat 7 branch. This release contains a number of bug fixes, further performance improvements in session management and several enhancements to the memory leak detection and prevention features.

General

• Update to Commons Daemon 1.0.5. (turkish)

Catalina

• 8705: org.apache.catalina.SessionListener now extends java.util.EventListener. (market)
• 10526: Add an option to the Authenticators to force the creation of a session on authentication which may offer some performance benefits. (market)
• 10972: Improve error message if the className attribute is missing on an element in server.xml where it is required. (market)
• 48692: Provide option to parse application/x-www-form-urlencoded PUT requests. (schultz)
• 48822: Include context name in case of error while stopping or starting a context during its reload. Patch provided by Marc Guillemot. (salarant)
• 48837: Extend thread local memory leak detection to include classes loaded by subordinate class loaders to the web application’s class loader such as the Jasper class loader. Based on a patch by Sylvain Laurent. (market)
• 48973: Avoid creating a SESSIONS.ser file when stopping an application if there’s no session. Patch provided by Marc Guillemot. (salarant)
• 49000: No longer accept specification invalid name only cookies by default. This behavior can be restored using a system property. (market)
• 49159: Improve memory leak protection by renewing threads of the pool when a web application is stopped. (salarant)
• 49372: Re-fix after connector refactoring. If connector initialization fails (eg if a port is alreasy in use) do not trigger an LifecycleException for an invalid state transition. (market)
• 49543 Allow Tomcat to use shared data sources with per application credentials. (fhanik)
• 49650: Remove unnecessary entries package.access property defined in catalina.properties. Patch provided by Owen Farrell. (market)
• 50106: Correct several MBean descriptors. Patch provided by Eiji Takahashi. (market)
• Further performance improvements to session ID generation. Remove legacy configuration options that are no longer required. Provide additional options to control the SecureRandom instances used to generate session IDs. (market)
• 50201: Update the access log reference in StandardEngine when the ROOT web application is redeployed, started, stopped or defaultHost is changed. (market/kkolinko)
• 50282: Load javax.security.auth.login.Configuration with JreMemoryLeakPreventionListener to avoid memory leak when stopping a web application that would use JAAS. (salarant)
• 50351: Fix the regression that broke BeanFactory resources caused by the previous fix for 50159. (market)
• 50352: Ensure that AsyncListener.onComplete() is fired when AsyncContext.complete() is called. (market)
• 50358: Set the correct LifecycleState when stopping instances of the deprecated Embedded class. (market)
• Further Lifecycle refactoring for Connectors and associated components. (market)
• Correct handling of versioned web applications in deployer. (market)
• Correct removal of LifeCycleListenters from Containers via JMX. (market)
• Don’t use nulls to construct log messages. (market)
• Code clean up. Replace use of inefficient constructors with more efficient alternatives. (market)
• 50411: Ensure sessions are removed from the Store associated with a PersistentManager. (market)
• 50413: Ensure 304 responses are not returned when using static files as error pages. (market/kkolinko)
• 50448: Fix possible IllegalStateException caused by recent session management refactoring. (market)
• Ensure aliases settings for a context are retained after a context is reloaded. (market)
• Log a warning if context.xml files define values ​​for properties that do not exist (eg if there is a typo in a property name). (market)
• 50453: Correctly handle multiple X-Forwarded-For headers in the RemoteIpFilter and RemoteIpValve. Patch provided by Jim Riggs. (market)
• 50541: Add support for setting the size limit and time limit for LDAP seaches when using the JNDI Realm with userSearch. (market)
• All configuration options that use regular expression now require a single regular expression (using java.util.regex) rather than a list of comma-separated or semi-colon-separated expressions. (market)
• 50496: Bytes sent in the access log are now counted after compression, chunking etc rather than before. (market)
• 50550: When a new directory is created (eg via WebDAV) ensure that a subsequent request for that directory does not result in a 404 response. (market)
• 50554: Code cleanup. (market)
• 50556: Improve JreMemoryLeakPreventionListener to prevent a potential class loader leak caused by a thread spawned when the class com.sun.jndi.ldap.LdapPoolManager is initialized and the system property com.sun.jndi.ldap.connect.pool.timeout is set to a value greater than 0. (slaurent)

Coyote

• 47319: Return the client’s IP address rather than null for calls to getRemoteHost() when the APR connector is used with enableLookups=”true” but the IP address is not resolveable. (market)
• 50108: Add get/set methods for Connector property minSpareThreads. Patch provided by Eiji Takahashi. (market)
• 50360: Provide an option to control when the socket associated with a connector is bound. By default, the socket is bound on Connector.init() and released on Connector.destroy() as per the current behavior but this can be changed so that the socket is bound on Connector.start() and released on Connector.stop( ). This fix also includes further Lifecycle refactoring for Connectors and associated components. (market)
• Remove a huge memory leak in the NIO connector introduced by the fix for 49884. (market)
• 50467: Protected against NPE triggered by a race condition that causes the NIO poller to fail, preventing the processing of further requests. (market)

Jasper

• 13731: Make variables in _jspService() method final where possible. (market)
• 50408: Fix NoSuchMethodException when using scoped variables with EL method invocation. (market)
• 50460: Avoid leak caused by using a cached exception instance in JspDocumentParser and ProxyDirContext. (kkolinko)
• 50500: Use correct coercions (as per the EL spec) for arithmetic operations involving string values ​​containing ‘.’, ‘e’ or ‘E’. Based on a patch by Brian Weisleder. (market)

cluster

• 50185: Add additional trace level logging to Tribes to assist with fault diagnosis. Based on a patch by Ariel. (market)
• Don’t try and obtain session data from the cluster if the current node is the only node in the cluster. Log requesting session data as INFO rather than WARNING. (market)
• 50503: When web application has a version, Engine level Clustering works correctly. (kfujino)
• 50547: Add time stamp for CHANGE_SESSION_ID message and SESSION_EXPIRED message. (kfujino)

web applications

• 21157: Ensure cookies are written before the response is committed in the Cookie example. Patch provided by Stefan Radzom. (market)
• 50294: Add more information to documentation regarding format of configuration files. Patch provided by Luke Meyer. (market)
• Correctly validate provided context path so sessions for the ROOT web application can be viewed through the HTML Manager. (market)
• Improve documentation of database connection factory. (rjung)
• 50488: Update classpath required when using jsvc and add a note regarding server VMs. (market)
• Further filtering of Manager display output. (kkolinko)

Other

• Don’t configure Windows installer to use PID file since it is not removed when the service stops which prevents the service from starting. (market)
• 14416: Make TagLibraryInfo.getTag() more robust at handling nulls. (market)
• 50552: Avoid NPE that hides error message when using Ant tasks. (schultz)
• Provide two alternative locations for the libraries downloaded from the ASF web site at build time. Use the main distribution site as default and the archive one as fallback. (kkolinko)