Changelog

Tomcat 9.0.4 (markt)

Catalina

  • Fix: Correct a regression in the previous fix for 61916 that meant that any call to addHeader() would have been replaced with a call to setHeader() for all requests mapped to the AddDefaultCharsetFilter. (markt)
  • Fix: 61999: maxSavePostSize set to 0 should disable saving POST data during authentication. (remm)

Coyote

  • Fix: Fix NIO2 HTTP/2 sendfile. (remm)
  • Fix: 61993: Improve handling for ByteChunk and CharChunk instances that grow close to the maximum size allowed by the JRE. (markt)

Jasper

  • Add: 43925: Add a new system property (org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE) to control the size of the buffer used by Jasper when buffering tag bodies. (markt)

Web applications

  • Fix: 62006: Document the new JvmOptions9 command line parameter for tomcat9.exe. (markt)

not released Tomcat 9.0.3 (markt)

Catalina

  • Add: 57619: Implement a small optimisation to how JAR URLs are processed to reduce the storage of duplicate String objects in memory. Patch provided by Dmitri Blinov. (markt)
  • Fix: Add some missing NPEs to ServletContext. (remm)
  • Fix: Update the Java EE 8 XML schema to the released versions. (markt)
  • Fix: Minor HTTP/2 push fixes. (remm)
  • Fix: 61916: Extend the AddDefaultCharsetFilter to add a character set when the content type is set via setHeader() or addHeader() as well as when it is set via setContentType(). (markt)
  • Fix: When using WebDAV to copy a file resource to a destination that requires a collection to be overwritten, ensure that the operation succeeds rather than fails (with a 500 response). This enables Tomcat to pass two additional tests from the Litmus WebDAV test suite. (markt)
  • Update: Modify the Default and WebDAV Servlets so that a 405 status code is returned for PUT and DELETE requests when disabled via the readonly initialisation parameter.
  • Fix: Align the contents of the Allow header with the response code for the Default and WebDAV Servlets. For any given resource a method that returns a 405 status code will not be listed in the Allow header and a method listed in the Allow header will not return a 405 status code. (markt)

Coyote

  • Add: 60276: Implement GZIP compression support for responses served over HTTP/2. (markt)
  • Fix: Do not call onDataAvailable without any data to read. (remm)
  • Fix: Correctly handle EOF when ServletInputStream.isReady() is called. (markt)
  • Fix: 61886: Log errors on non-container threads at DEBUG rather than INFO. The exception will be made available to the application via the asynchronous error handling mechanism. (markt)
  • Fix: 61914: Possible NPE with Java 9 when creating a SSL engine. Patch submitted by Evgenij Ryazanov. (remm)
  • Fix: 61918: Fix connectionLimitLatch counting when closing an already closed socket. Based on a patch by Ryan Fong. (remm)
  • Add: Add support for the OpenSSL ARIA ciphers to the OpenSSL to JSSE cipher mapping. (markt)
  • Fix: 61932: Allow a call to AsyncContext.dispatch() to terminate non-blocking I/O. (markt)
  • Fix: 61948: Improve the handling of malformed ClientHello messages in the code that extracts the SNI information from a TLS handshake for the JSSE based NIO and NIO2 connectors. (markt)
  • Fix: Fix NIO2 handshaking with a full input buffer. (remm)
  • Add: Return a simple, plain text error message if a client attempts to make a plain text HTTP connection to a TLS enabled NIO or NIO2 Connector. (markt)

Jasper

  • Fix: 61854: When using sets and/or maps in EL expressions, ensure that Jasper correctly parses the expression. Patch provided by Ricardo Martin Camarero. (markt)
  • Fix: Improve the handling of met