Apache Tomcat 8.5.4 发布

Apache Tomcat 8.5.4 发布了，本次发布增强了HTTP/2连接，Tomcat Native更新到1.2.8。主要改进如下：

57705: Add debug logging for requests denied by the remote host and remote address valves and filters. Based on a patch by Graham Leggett. (markt)
Correct a regression in the fix for 58588 that removed the entire org.apache.julipackage from the embedded JARs rendering them unusable. (markt)
59399: Add a new option to the Realm implementations that ship with Tomcat that allows the HTTP status code used for HTTP -> HTTPS redirects to be controlled per Realm. (markt)
Change the default of the sessionCookiePathUsesTrailingSlash attribute of the Context element to false since the problems caused when a Servlet is mapped to/* are more significant than the security risk of not enabling this option by default. (markt)
Follow-up to 59655. Improve the documentation for configuring permitted cookie names. Patch provided by Kyohei Nakamura. (markt)
Do not attempt to start web resources during a web application’s initialisation phase since the web application is not fully configured at that point and the web resources may not be correctly configured. (markt)
59708: Modify the LockOutRealm logic. Valid authentication attempts during the lock out period will no longer reset the lock out timer to zero. (markt)
Improve error handling around user code prior to calling InstanceManager.destroy()to ensure that the method is executed. (markt)