changelog.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!DOCTYPE document [
  <!ENTITY project SYSTEM "project.xml">

  <!-- DTD is used to validate changelog structure at build time. BZ 64931. -->

  <!ELEMENT document (project?, properties, body)>
  <!ATTLIST document url CDATA #REQUIRED>

  <!-- body and title are used both in project.xml and in this document -->
  <!ELEMENT body ANY>
  <!ELEMENT title (#PCDATA)>

  <!-- Elements of project.xml -->
  <!ELEMENT project (title, logo, body)>
  <!ATTLIST project name CDATA #REQUIRED>
  <!ATTLIST project href CDATA #REQUIRED>

  <!ELEMENT logo (#PCDATA)>
  <!ATTLIST logo href CDATA #REQUIRED>

  <!ELEMENT menu (item+)>
  <!ATTLIST menu name CDATA #REQUIRED>

  <!ELEMENT item EMPTY>
  <!ATTLIST item name CDATA #REQUIRED>
  <!ATTLIST item href CDATA #REQUIRED>

  <!-- Elements of this document -->
  <!ELEMENT properties (author*, title, no-comments) >
  <!ELEMENT author (#PCDATA)>
  <!ATTLIST author email CDATA #IMPLIED>
  <!ELEMENT no-comments EMPTY>

  <!ELEMENT section (subsection)*>
  <!ATTLIST section name CDATA #REQUIRED>
  <!ATTLIST section rtext CDATA #IMPLIED>

  <!ELEMENT subsection (changelog+)>
  <!ATTLIST subsection name CDATA #REQUIRED>

  <!ELEMENT changelog (add|update|fix|scode|docs|design)*>
  <!ELEMENT add ANY>
  <!ELEMENT update ANY>
  <!ELEMENT fix ANY>
  <!ELEMENT scode ANY>
  <!ELEMENT docs ANY>
  <!ELEMENT design ANY>

  <!ELEMENT bug (#PCDATA)>
  <!ELEMENT rev (#PCDATA)>
  <!ELEMENT pr (#PCDATA)>

  <!-- Random HTML markup tags. Add more here as needed. -->
  <!ELEMENT a (#PCDATA)>
  <!ATTLIST a href CDATA #REQUIRED>
  <!ATTLIST a rel CDATA #IMPLIED>

  <!ELEMENT b (#PCDATA)>
  <!ELEMENT code (#PCDATA)>
  <!ELEMENT em (#PCDATA)>
  <!ELEMENT strong (#PCDATA)>
  <!ELEMENT tt (#PCDATA)>
]>
<?xml-stylesheet type="text/xsl" href="tomcat-docs.xsl"?>
<document url="changelog.html">

  &project;

  <properties>
    <title>Changelog</title>
    <no-comments />
  </properties>

<body>
<!--
  Subsection ordering:
  General, Catalina, Coyote, Jasper, Cluster, WebSocket, Web applications,
  Extras, Tribes, jdbc-pool, Other

  Item Ordering:

  Fixes having an issue number are sorted by their number, ascending.

  There is no ordering by add/update/fix/scode/docs/design.

  Other fixed issues are added to the end of the list, chronologically.
  They eventually become mixed with the numbered issues (i.e., numbered
  issues do not "pop up" wrt. others).
-->
<section name="Tomcat 12.0.0-M1 (markt)" rtext="in development">
  <subsection name="General">
    <changelog>
      <scode>
        This release contains all of the changes up to and including those in
        Apache Tomcat 11.0.20 plus the additional changes listed below. (markt)
      </scode>
      <update>
        The minimum Java version has been updated to Java 21. (markt)
      </update>
    </changelog>
  </subsection>
  <subsection name="Catalina">
    <changelog>
      <add>
        Add the Jakarta EE 12 XML schemas. (markt)
      </add>
      <add>
        Add support for the new Servlet API method
        <code>HttpServletResponse.sendEarlyHints()</code>. (markt)
      </add>
      <update>
        Remove <code>JDBCAccessLogValve</code> which provides limited
        functionality compared to what is expected from an
        <code>AccessLog</code> and was not implemented in a scalable way.
        (remm)
      </update>
      <add>
        Added support for limiting the number of parameters in HTTP requests through
        the new <code>ParameterLimitValve</code>. The valve allows configurable
        URL-specific limits on the number of parameters. (dsoumis)
      </add>
      <fix>
        Remove the <code>useAcceptRanges</code> initialisation parameter for
        the default servlet. It is now effectively hard coded to
        <code>true</code>. (markt)
      </fix>
      <update>
        Change the default for the <code>encodedSolidusHandling</code> attribute
        of <strong>Context</strong> from <code>decode</code> to
        <code>reject</code>. (markt)
      </update>
      <fix>
        When searching the web application class loader for a resource or
        resources by name, align the behaviour with the JRE class loaders and
        always return <code>null</code> if the provided name starts with
        <code>/</code>. (markt)
      </fix>
      <update>
        Update the default value for the <code>allowPostAsGet</code>
        initialisation parameter of the Default servlet from <code>true</code>
        to <code>false</code>. This means a direct request (i.e. not a forward
        or an include) for a static resource using the POST method will be
        rejected by default. (markt)
      </update>
      <scode>
        Calls to <code>HttpServletRequest.getContextPath()</code> now return the
        canonical context path for the web application rather than the component
        of the request URI presented by the user agent that maps to the context
        path. (markt)
      </scode>
      <update>
        Change the default value of the <code>archiveIndexStrategy</code>
        attribute of the <code>Resources</code> element from <code>simple</code>
        to <code>bloom</code> to improve web application class loading
        performance. (markt)
      </update>
      <update>
        Remove regular expression support for the configuration of internal and
        trusted proxies for the <code>RemoteIpFilter</code> and
        <code>RemoteIpValve</code>. (markt)
      </update>
      <update>
        Remove the <code>RemoteAddrFilter</code> and
        <code>RemoteAddrValve</code>. (markt)
      </update>
      <update>
        Change the default for the <code>digestInRfc3112Order</code> attribute
        of <code>MessageDigestCredentialHandler</code> from <code>false</code>
        to <code>true</code>. (markt)
      </update>
      <scode>
        Add constants to <code>HttpServletResponse</code> for the HTTP status
        codes defined in RFC 6585. (markt)
      </scode>
      <!-- Entries for backport and removal before 12.0.0-M1 below this line -->
    </changelog>
  </subsection>
  <subsection name="Coyote">
    <changelog>
      <update>
        Change the default value of the <code>cookiesWithoutEquals</code>
        attribute of the <code>Rfc6265CookieProcessor</code> from
        <code>name</code> to <code>ignore</code>. (markt)
      </update>
      <update>
        Remove default password value (was <code>changeit</code>) for the
        <code>certificateKeystorePassword</code> attribute of a certificate.
        (remm)
      </update>
      <update>
        Remove NIO2 connector. (remm)
      </update>
      <update>
        Add specific certificate selection code for TLS 1.3 supporting post
        quantum cryptography. Certificates defined with type
        <code>MLDSA</code> will be selected depending on the TLS client hello.
        (remm)
      </update>
      <update>
        Add <code>groups</code> attribute on <code>SSLHostConfig</code>
        allowing to restrict which groups can be enabled on the SSL engine.
        (remm)
      </update>
      <update>
        Remove support for HTTP 0.9. (markt)
      </update>
      <!-- Entries for backport and removal before 12.0.0-M1 below this line -->
      <fix>
        Fix an HTTP/2 header frame parsing bug that could result in a connection
        being closed without a <code>GOAWAY</code> frame if an invalid
        <code>HEADERS</code> frame was received. (markt)
      </fix>
      <fix>
        <bug>69982</bug>: Fix a bug in the non-blocking flushing code for
        NIO+TLS that meant that a response may not be fully written until the
        connection is closed. Pull request <pr>966</pr> provided by Phil Clay.
        (markt)
      </fix>
      <fix>
        Ensure the HTTP/2 request header read buffer is reset (including
        restoration to default size) after a stream reset. (markt)
      </fix>
      <add>
        Provide trailer field filtering equivalent to that provided for
        non-trailer fields. Control characters (excluding TAB), and characters
        with code points above 255 will be replaced with a space. (markt)
      </add>
    </changelog>
  </subsection>
  <subsection name="Jasper">
    <changelog>
      <add>
        Add support for the new Elvis (<code>:?</code>) and Null coalescing
        (<code>??</code>) operators in Jakarta Expression language. (markt)
      </add>
      <add>
        Extend the existing <code>+=</code> operator in Jakarta Expression
        Language to support merging <code>Map</code>Map and <code>Set</code>Set
        and concatenating <code>List</code>s. (markt)
      </add>
      <update>
        The defaults for <code>compilerSourceVM</code> and
        <code>compilerTargetVM</code> have been updated to 21 to align with Java
        21 being the minimum Java version required for Tomcat 12. (markt)
      </update>
      <scode>
        Refactor the performance optimisation for
        <code>jakarta.servlet.jsp.el.ImportELResolver</code> to use the new
        marker class,
        <code>jakarta.el.ELResolver.StandaloneIdentifierMarker</code>. (markt)
      </scode>
      <add>
        Extend the support for relational operators to include
        <code>TemporalAccessor</code>, <code>Clock</code> and <code>Date</code>.
        (markt)
      </add>
      <add>
        Add support for coercion to <code>java.time.Instant</code> and
        <code>java.util.Date</code>. (markt)
      </add>
      <add>
        Add support for <code>java.util.Optional</code> to the empty operator.
        (markt)
      </add>
      <!-- Entries for backport and removal before 12.0.0-M1 below this line -->
    </changelog>
  </subsection>
  <subsection name="Cluster">
    <changelog>
      <scode>
        Change the default algorithm for the <code>EncyptInterceptor</code> to
        <code>AES/GCM/NoPadding</code>. (markt)
      </scode>
      <!-- Entries for backport and removal before 12.0.0-M1 below this line -->
    </changelog>
  </subsection>
  <subsection name="WebSocket">
    <changelog>
      <update>
        Update Tomcat's WebSocket support to version 2.3 of the Jakarta
        WebSocket API. (markt)
      </update>
      <add>
        Implement the new <code>HandshakeRequest</code> method,
        <code>getUserX509CertificateChain()</code> that provides the client
        certificate chain, if present, during the WebSocket handshake. (markt)
      </add>
      <fix>
        Implement the clarification in WebSocket 2.3 that the method
        <code>ClientEndpointConfig.Configurator.afterResponse()</code> must be
        called after every WebSocket handshake regardless of whether the
        handshake is successful or not. (markt)
      </fix>
      <add>
        Implement the new <code>HandshakeRequest</code> methods that expose the
        client's preferred local and the local and remote host name, address and
        port information. (markt)
      </add>
      <fix>
        <bug>69920</bug>: When attempting to write a message via a WebSocket
        session that has been closed, throw an <code>IOException</code> rather
        than an <code>IllegalStateExcpetion</code> for consistency with
        <code>Writer</code> and <code>OutputStream</code>. (markt)
      </fix>
      <!-- Entries for backport and removal before 12.0.0-M1 below this line -->
    </changelog>
  </subsection>
  <subsection name="Web applications">
    <changelog>
      <!-- Entries for backport and removal before 12.0.0-M1 below this line -->
    </changelog>
  </subsection>
  <subsection name="jdbc-pool">
    <changelog>
      <!-- Entries for backport and removal before 12.0.0-M1 below this line -->
    </changelog>
  </subsection>
  <subsection name="Other">
    <changelog>
      <add>
        Add test profile system for selective test execution. Profiles can be
        specified via <code>-Dtest.profile=&lt;name&gt;</code> to run specific
        test subsets without using patterns directly. Profile patterns are
        defined in <code>test-profiles.properties</code>. (csutherl)
      </add>
      <update>
        Update Derby to 10.17.1.0. (markt)
      </update>
      <add>
        Add warning when OpenSSL binary is not found. (csutherl)
      </add>
      <add>
        Add check for Tomcat Native library, and log warning when it's not found
        to make it easier to see when it's not used by the suite. (csutherl)
      </add>
      <!-- Entries for backport and removal before 12.0.0-M1 below this line -->
    </changelog>
  </subsection>
</section>
</body>
</document>