Refactor exception processing using Throwable. Add reference to Context documentation from Host documentation that explains how Context name is obtained from the Context filename. Based on a patch by Kirk Wolf. Character input limited to 8KB. Allow specification of keystore providers. Make certain that classes are first loaded by trusted code when working in a sandbox.

Uploader: Sara
Date Added: 27 January 2011
File Size: 60.29 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 42349
Price: Free* [*Free Regsitration Required]

Add a flag in ContainerBase which could be used in embedded scenarios to avoid a double start of contexts this problem generally occurs when adding contexts to a started host.

Want to stay up to date on a daily basis?

Includes a patch by Nils Eckert and fixes related issues identified in a tomcat 6.0.10 case provided by Konstantin Kolinko.

Re-fix not outputting info messages when there is no terminal. When uploading files, don’t create buffers at the maximum configured size. Don’t swallow bind exceptions. Make allocated servlet count synchronized to ensure the correct allocated servlet count is available during tomcar.


Add reference to Context documentation from Host 6.00.10 that explains how Context name is obtained from the Context filename.

Send file would delay until selector timed out, even though socket was ready to be written. Fix that could occur if a Servlet is accessed while the context is reloading. Encode directory listing output. The actual factory implementations are implemented in tomcat 6.0.10 extras.

Apache Tomcat : Related security vulnerabilities

Correctly replicate timestamp during startup. It contains a fix for issue mturk. Make EL ternary expression without space before colon work.

Correct 6.10 ant script for deploy task. In some circumstances the reloaded ROOT webapp had no associated tomcat 6.0.10. Patch provided by John Kew. Update host configuration document for new behaviour for directories in appBase. Close file stream used to read the Java source. Correct handling of resource constraints so no roles deny all overrides no aoth-constraint allow all.

Apache Tomcat version : Security vulnerabilities

Any use of this information is at the user’s risk. Patch provided by Chris Halstead. Fix various edge-cases when tomcat 6.0.10 EL, particularly inside attribute values. If connector doesn’t support external executor, display warning.


Patch provided by juergen. The fix for had the tomcat 6.0.10 of coercing null values to zero. They say that this version provides support for the upcoming Microsoft Windows 7. Apache Tomcat through 7. Frees up socket buffers and memory. Make context deployment error message for fixDocBase more meaningful. Caching large strings is not useful and takes too much memory, so don’t cache these remm.

Based on a patch provided by Tomczt Halstead.

Make error messages much more helpful when tomcat 6.0.10 Servlet names are used. Patch by Fabian Ritzmann funkman. Remove references to unused commons-collections from the build scripts.

Provide protection against session fixation by changing session ID automatically on authentication.