Apache Tomcat 9.0.0.M4 发布

Apache Tomcat 9.0.0.M4 发布了。

改进记录：

Ensure that /WEB-INF/classes is never processed as a web fragment. (markt)
Switch default connector when native is installed. Unless configured otherwise, the NIO endpoint will be used by default. If SSL is configured, OpenSSL will be used rather than JSSE. (remm)
Correct a regression in the fix for 58867. When configuring a Context to use an external directory for the docBase, and that directory happens to be located along side the original WAR, use the directory as the docBase rather than expanding the WAR into the appBase and using the newly created expanded directory as the docBase. (markt)
58351: Make the server build date and server version number accessible via JMX. Patch provided by Huxing Zhang. (markt)
58988: Special characters in the substitutions for the RewriteValve can now be quoted with a backslash. (fschumacher)
58999: Fix class and resource name filtering in WebappClassLoader. It throws a StringIndexOutOfBoundsException if the name is exactly “org” or “javax”. (rjung)
Add JASPIC (JSR-196) support. (markt)
Make checking for var and map replacement in RewriteValve a bit stricter and correct detection of colon in var replacement. (fschumacher)
Refactor the web application class loader to reduce the impact of JAR scanning on the memory footprint of the web application. (markt)
Fix some resource leaks in the error handling for accessing files from JARs and WARs. (markt)
Refactor the JAR and JAR-in-WAR resource handling to reduce the memory footprint of the web application. (markt)
Refactor the web.xml parsing so a new parser is created every time the web application starts rather than creating and caching the parser when the Context is created. This enables the parser to take account of modified Context configuration parameters and reduces (slightly) the memory footprint of a running Tomcat instance. (markt)
Switch to the web application class loader to the ParallelWebappClassLoaderby default. (markt)
57809: Remove the custom context attribute that held the effective web.xml. Components needing access to configuration information may access it via the Servlet API. (markt)
Refactor JAR scanning to reduce memory footprint. (markt)
59001: Correctly handle the case when Tomcat is installed on a path where one of the segments ends in an exclamation mark. (markt)
Expand the fix for 59001 to cover the special sequences used in Tomcat’s custom jar:war: URLs. (markt)
59043: Avoid warning while expiring sessions associated with a single sign on ifHttpServletRequest.logout() is used. (markt)
59054: Ensure that using the CrawlerSessionManagerValve in a distributed environment does not trigger an error when the Valve registers itself in the session. (markt)
Add socket properties support to storeconfig. (remm)
Fix incorrect parsing of the NE and NC flags in rewrite rules. (remm)
59065: Correct the timing of the check for colons in paths on non-Windows systems implemented in catalina.sh so it works correctly with Cygwin. Patch provided by Ed Randall. (markt)
When a Host is configured with an appBase that does not exist, create the appBase before trying to expand an external WAR file into it. (markt)
59115: When using the Servlet 3.0 file upload, the submitted file name may be provided as a token or a quoted-string. If a quoted-string, unquote the string before returning it to the user. (markt)
59123: Close NamingEnumeration objects used by the JNDIRealm once they are no longer required. (fschumacher/markt)
Implement the proposed Servlet 4.0 API to provide mapping type information for the current request. (markt)
59138: Correct a false positive warning for ThreadLocal related memory leaks when the key class but not the value class has been loaded by the web application class loader. (markt)
59017: Make the pre-compressed file support in the Default Servlet generic so any compression may be used rather than just gzip. Patch provided by Mikko Tiihonen. (markt)
59145: Don’t log an invalid warning when a user logs out of a session associated with SSO. (markt)
59150: Add an additional flag on APR listener to allow disabling automatic use of OpenSSL. (remm)
59151: Fix a regression in the fix for 56917 that added additional (and arguably unnecessary) validation to the provided redirect location. (markt)
59154: Fix a NullPointerException in the JASSMemoryLoginModue resulting from the introduction of the CredentialHandler to Realms. (schultz/markt)