| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: tomcat10-webapps | Distribution: openSUSE:Factory:zSystems |
| Version: 10.1.33 | Vendor: openSUSE |
| Release: 1.1 | Build date: Sat Nov 23 01:01:04 2024 |
| Group: Productivity/Networking/Web/Servers | Build host: reproducible |
| Size: 1106584 | Source RPM: tomcat10-10.1.33-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://tomcat.apache.org | |
| Summary: ROOT and examples web applications for Apache Tomcat | |
The ROOT and examples web applications for Apache Tomcat
Apache-2.0
* Sat Nov 23 2024 Michele Bussolotto <michele.bussolotto@suse.com>
- Update to Tomcat 10.1.33
* Fixed CVEs:
+ CVE-2024-52316: If the Jakarta Authentication fails with an exception,
set a 500 status (bsc#1233434)
* Catalina
+ Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints(). (markt)
+ Add: 55470: Add debug logging that reports the class path when a
ClassNotFoundException occurs in the digester or the web application class loader.
Based on a patch by Ralf Hauser. (markt)
+ Update: 69374: Properly separate between table header and body in
DefaultServlet's listing. (michaelo)
+ Update: 69373: Make DefaultServlet's HTML listing file last modified
rendering better (flexible). (michaelo)
+ Update: Improve HTML output of DefaultServlet. (michaelo)
+ Code: Refactor RateLimitFilter to use FilterBase as the base class.
The primary advantage is less code to process init-param values. (markt)
+ Update: 69370: DefaultServlet's HTML listing uses incorrect labels.
(michaelo)
+ Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped requests. (remm)
+ Fix: Add missing WebDAV Lock-Token header in the response when locking
a folder. (remm)
+ Fix: Invalid WebDAV lock requests should be rejected with 400. (remm)
+ Fix: Fix regression in WebDAV when attempting to unlock a collection. (remm)
+ Fix: Verify that destination is not locked for a WebDAV copy operation. (remm)
+ Fix: Send 415 response to WebDAV MKCOL operations that include a request
body since this is optional and unsupported. (remm)
+ Fix: Enforce DAV: namespace on WebDAV XML elements. (remm)
+ Fix: Do not allow a new WebDAV lock on a child resource if a parent
collection is locked (RFC 4918 section 6.1). (remm)
+ Fix: WebDAV DELETE should remove any existing lock on successfully
deleted resources. (remm)
+ Update: Remove WebDAV lock null support in accordance with RFC 4918
section 7.3 and annex D. Instead, a lock on a non-existing resource will
create an empty file locked with a regular lock. (remm)
+ Update: Rewrite implementation of WebDAV shared locks to comply with
RFC 4918. (remm)
+ Update: Implement WebDAV If header using code from the Apache Jackrabbit
project. (remm)
+ Add: Add PropertyStore interface in the WebDAV Servlet, to allow
implementation of dead properties storage. The store used can be configured
using the propertyStore init parameter of the WebDAV servlet by specifying
the class name of the store. A simple non-persistent implementation is
used if no custom store is configured. (remm)
+ Update: Implement WebDAV PROPPATCH method using the newly added
PropertyStore, and update PROPFIND to support it. (remm)
+ Fix: Cache not found results when searching for web application class
loader resources. This addresses performance problems caused by components
such as java.sql.DriverManager, which in some circumstances will search
for the same class repeatedly. The size of the cache can be controlled
via the new notFoundClassResourceCacheSize on the StandardContext. (markt)
+ Fix: Stop after INITIALIZED state should be a noop since it is possible
for subcomponents to be in FAILED after init. (remm)
+ Fix: Fix incorrect web resource cache size calculations when there are
concurrent PUT and DELETE requests for the same resource. (markt)
+ Add: Add debug logging for the web resource cache so the current size
can be tracked as resources are added and removed. (markt)
+ Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens
with urn:uuid: as recommended by RFC 4918, and remove secret init
parameter. (remm)
+ Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the
same path caused corruption of the FileResource where some of the fields
were set as if the file exists and some as set as if it does not. This
resulted in inconsistent metadata. (markt)
+ Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on
GET and HEAD requests. Also, skip requests where the application has
set Cache-Control: no-store. (markt)
+ Fix: 69419: Improve the performance of ServletRequest.getAttribute()
when there are multiple levels of nested includes. Based on a patch
provided by John Engebretson. (markt)
+ Add: All applications to send an early hints informational response
by calling HttpServletResponse.sendError() with a status code of 103.
(schultz)
+ Fix: Ensure that ServerAuthModule.initialize() is called when a
Jakarta Authentication module is configured via registerServerAuthModule().
(markt)
+ Fix: Ensure that the Jakarta Authentication CallbackHandler only creates
one GenericPrincipal in the Subject. (markt)
+ Fix: If the Jakarta Authentication process fails with an Exception,
explicitly set the HTTP response status to 500 as the ServerAuthContext
may not have set it. (markt)
+ Fix: When persisting the Jakarta Authentication provider configuration,
create any necessary parent directories that don't already exist. (markt)
+ Fix: Correct the logic used to detect errors when deleting temporary files
associated with persisting the Jakarta Authentication provider
configuration. (markt)
+ Fix: When processing Jakarta Authentication callbacks, don't overwrite
a Principal obtained from the PasswordValidationCallback with null if the
CallerPrincipalCallback does not provide a Principal. (markt)
+ Fix: Avoid store config backup loss when storing one configuration more
than once per second. (remm)
+ Fix: 69359: WebdavServlet duplicates getRelativePath() method from
super class with incorrect Javadoc. (michaelo)
+ Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and
DefaultServlet. (michaelo)
+ Fix: Make WebdavServlet properly return the Allow header when deletion
of a resource is not allowed. (michaelo)
+ Fix: Add log warning if non-wildcard mappings are used with the WebdavServlet.
(remm)
+ Fix: 69361: Ensure that the order of entries in a multi-status response
to a WebDAV is consistent with the order in which resources were processed.
(markt)
+ Fix: 69362: Provide a better multi-status response when deleting a
collection via WebDAV fails. Empty directories that cannot be deleted
will now be included in the response. (markt)
+ Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to
ensure that the correct path is used when the WebDAV servlet is mounted
at a sub-path within the web application. (markt)
+ Fix 69320, a regression in the fix for 69302 that meant the HTTP/2 processing
was likely to be broken for all clients once any client sent an HTTP/2
reset frame. (markt)
+ Fix: Improve performance of ApplicationHttpRequest.parseParameters().
Based on sample code and test cases provided by John Engebretson. (markt)
+ Fix: Correct regressions in the refactoring that added recycling of the coyote
request and response to the HTTP/2 processing. (markt)
+ Add: Add support for RFC 8297 (Early Hints). Applications can use this
feature by casting the HttpServletResponse to org.apache.catalina.connector.
Response and then calling the method void sendEarlyHints(). This method
will be added to the Servlet API (removing the need for the cast) in Servlet
6.2 onwards. (markt)
+ Fix: 69214: Do not reject a CORS request that uses POST but does not include
a content-type header. Tomcat now correctly processes this as a simple CORS
request. Based on a patch suggested by thebluemountain. (markt)
+ Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather than
Subject.doAs() when available. (markt)
+ Fix: Allow JAASRealm to use the configuration source to load a configured
configFile, for easier use with testing. (remm)
+ Fix: Add missing algorithm callback to the JAASCallbackHandler. (remm)
+ Fix: Add the OpenSSL version number on the APR and OpenSSL status classes.
(remm)
+ Fix: 69131: Expand the implementation of the filter value of the Authenticator
attribute allowCorsPreflight, so that it applies to all requests that match
the configured URL patterns for the CORS filter, rather than only applying
if the CORS filter is mapped to /*. (markt)
+ Fix: Using the OpenSSLListener will now cause the connector to use OpenSSL
if available. (remm)
* Coyote
+ Fix: Return null SSL session id on zero-length byte array returned
from the SSL implementation. (remm)
+ Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+ Fix: Create the HttpParser in Http11Processor if it is not present on
the AbstractHttp11Protocol to provide better lifecycle robustness for
regular HTTP/1.1. The new behavior was introduced in a previous refactoring
to improve HTTP/2 performance. (remm)
+ Fix: OpenSSLContext will now throw a KeyManagementException if something
is known to have gone wrong in the init method, which is the behavior
documented by javax.net.ssl.SSLContext.init. This makes error handling
more consistent. (remm)
+ Fix: 69379: The default HEAD response no longer includes the payload
HTTP header fields as per section 9.3.2 of RFC 9110. (markt)
+ Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to
generate Date headers for HTTP responses) generates the correct string
for the given input. Prior to this change, the output may have been
wrong by one second in some cases. Pull request #751 provided by Chenjp.
(markt)
+ Fix: Request start time may not have been accurately recorded for HTTP/1.1
requests preceded by a large number of blank lines. (markt)
+ Add: Add server and serverRemoveAppProvidedValues to the list of attributes
the HTTP/2 protocol will inherit from the HTTP/1.1 connector it is nested
within. (markt)
+ Fix: Avoid possible crashes when using Apache Tomcat Native, caused by
destroying SSLContext objects through GC after APR has been terminated.
(remm)
+ Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer fields
no longer need to be received before the headers of the subsequent stream,
nor are trailer fields for an in-progress stream swallowed if the Connector
is paused before the trailer fields are received. (markt)
+ Fix: Ensure the request and response are not recycled too soon for an
HTTP/2 stream when a stream-level error is detected during the processing
of incoming HTTP/2 frames. This could lead to incorrect processing times
appearing in the access log. (markt)
+ Fix: Correct a regression in the fix for non-blocking reads of chunked
request bodies that caused InputStream.available() to return a non-zero
value when there was no data to read. In some circumstances this could
cause a blocking read to block waiting for more data rather than return
the data it had already received. (markt)
+ Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor.
The default behaviour is unchanged. (markt)
+ Fix: Ensure that Tomcat sends a TLS close_notify message after receiving
one from the client when using the OpenSSLImplementation. (markt)
+ Fix: 69301: Fix trailer headers replacing non-trailer headers when writing
response headers to the access log. Based on a patch and test case
provided by hypnoce. (markt)
+ Fix: 69302: If an HTTP/2 client resets a stream before the request body
is fully written, ensure that any ReadListener is notified via a call
to ReadListener.onError(). (markt)
+ Fix: Ensure that HTTP/2 stream input buffers are only created when there is
a request body to be read. (markt)
+ Code: Refactor creation of HttpParser instances from the Processor level to
the Protocol level since the parser configuration depends on the protocol
and the parser is, otherwise, stateless. (markt)
+ Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal request
and response processing objects by default. This behaviour can be controlled
via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol.
(markt)
+ Fix: Clean and log OpenSSL errors before processing of OpenSSL conf commands
in the FFM code. (remm)
+ Fix: 69121: Ensure that the onComplete() event is triggered if AsyncListener.
onError() dispatches to a target that throws an exception. (markt)
+ Fix: Following the trailer header field refactoring, -1 is no longer an allowed
value for maxTrailerSize. Adjust documentation accordingly. (remm)
+ Update: Move OpenSSL support using FFM to a separate JAR named tomcat-coyote-ffm.
jar that advertises Java 22 in its manifest. (remm)
+ Fix: Fix search for OpenSSL library for FFM on Mac OS so that java.library.path
is searched. (markt)
+ Update: Add FFM compatibility methods for LibreSSL support. Renegotiation is
not supported at the moment. (remm)
+ Update: Add org.apache.tomcat.util.openssl.LIBRARY_NAME (specifies the name
of the library to load) and org.apache.tomcat.util.openssl.USE_SYSTEM_LOAD_LIBRARY
(set to true to use System.loadLibrary rather than the FFM library loading code)
to configure the OpenSSL library loading using FFM. (remm)
+ Update: Add FFM compatibility methods for BoringSSL support. Renegotiation is
not supported in many cases. (remm)
* Jasper
+ Fix: Add back tag release method as deprecated in the runtime for
compatibility with old generated code. (remm)
+ Fix: 69399: Fix regression caused by improvement 69333, which caused
the tag release to be called when using tag pooling, and to be skipped
when not using it. Patch submitted by Michal Sobkiewicz. (remm)
+ Fix: 69381: Improve method lookup performance in expression language.
When the required method has no arguments, there is no need to consider
casting or coercion, and the method lookup process can be simplified.
Based on a pull request by John Engebretson. (markt)
+ Fix: 69382: Improve the performance of the JSP include action by re-using
results of relatively expensive method calls in the generated code rather
than repeating them. Patch provided by John Engebretson. (markt)
+ Fix: 69398: Avoid unnecessary object allocation in PageContextImpl.
Based on a suggestion by John Engebretson. (markt)
+ Fix: 69406: When using StringInterpreterEnum, do not throw an
IllegalArgumentException when an invalid Enum is encountered. Instead,
resolve the value at runtime. Patch provided by John Engebretson. (markt)
+ Fix: 69429: Optimize EL evaluation of method parameters for methods
that do not accept any parameters. Patch provided by John Engebretson. (markt)
+ Fix: Further optimize EL evaluation of method parameters. Patch provided
by Paolo B. (markt)
+ Fix: 69333: Remove unnecessary code from generated JSPs. (markt)
+ Fix: 69338: Improve the performance of processing expressions that include
AND or OR operations with more than two operands and expressions that use
not empty. (markt)
+ Fix: 69348: Reduce memory consumption in ELContext by using lazy
initialization for the data structure used to track lambda arguments. (markt)
+ Fix: Switch the TldScanner back to logging detailed scan results at debug
level rather than trace level. (markt)
+ Fix: Update the optimisation in jakarta.el.ImportHandler so it is aware of
new classes added to the java.lang package in Java 23. (markt)
+ Fix: Ensure that an exception in toString() still results in an ELException
when an object is coerced to a String using ExpressionFactory.coerceToType().
(markt)
+ Add: Add support for specifying Java 24 (with the value 24) as the compiler
source and/or compiler target for JSP compilation. If used with an Eclipse JDT
compiler version that does not support these values, a warning will be logged
and the default will be used. (markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR file,
ensure that context relative includes are processed correctly. (markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR file,
ensure that file relative includes are processed correctly. (markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR file,
ensure that file relative includes are not permitted to access files outside
of the /META_INF/tags/ directory nor outside of the JAR file. (markt)
* WebSocket
+ Fix: If a blocking message write exceeds the timeout, don't attempt the
write again before throwing the exception. (markt)
+ Fix: An EncodeException being thrown during a message write should not
automatically cause the connection to close. The application should handle
the exception and make the decision whether or not to close the connection.
(markt)
* Web applications
+ Fix: The manager webapp will now be able to access certificates again
when OpenSSL is used. (remm)
+ Fix: Documentation. Align the logging configuration documentation with
the current defaults. (markt)
+ Fix: Fix status servlet detailed view of the connectors when using automatic
port. (remm)
* jdbc-pool
+ Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions
executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException
rather than the application seeing the original SQLException. Fixed by pull
request #744 provided by Michael Clarke. (markt)
+ Fix: 69279: Correct a regression in the fix for 69206 that meant that methods
that previously returned a null ResultSet were returning a proxy with a
null delegate. Fixed by pull request #745 provided by Huub de Beer. (markt)
+ Fix: 69206: Ensure statements returned from Statement methods executeQuery(),
getResultSet() and getGeneratedKeys() are correctly wrapped before being returned
to the caller. Based on pull request #742 provided by Michael Clarke. (markt)
* Other
+ Update: Switch from DigiCert ONE to ssl.com eSigner for code signing. (markt)
+ Update: Update Byte Buddy to 1.15.10. (markt)
+ Update: Update CheckStyle to 10.20.0. (markt)
+ Add: Improvements to German translations. (remm)
+ Update: Update Byte Buddy to 1.15.3. (markt)
+ Update: Update CheckStyle to 10.18.2. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Add: Improvements to Chinese translations by Ch_jp. (markt)
+ Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default. (markt)
+ Fix: Change the default log handler level to ALL so log messages are not
dropped by default if a logger is configured to use trace (FINEST) level
logging. (markt)
+ Update: Update Hamcrest to 3.0. (markt)
+ Update: Update EasyMock to 5.4.0. (markt)
+ Update: Update Byte Buddy to 1.15.0. (markt)
+ Update: Update CheckStyle to 10.18.0. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.10.0. (markt)
+ Add: Improvements to Spanish translations by Fernando. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Fix: Fix packaging regression with missing osgi information following addition
of the test-only build target. (remm)
+ Update: Update Tomcat Native to 2.0.8. (markt)
+ Update: Update Byte Buddy to 1.14.18. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Add test-only build target to allow running only the testsuite,
supporting Java versions down to the minimum supported to run Tomcat. (rjung)
+ Update: Update UnboundID to 7.0.1. (markt)
+ Update: Update to SpotBugs 4.8.6. (markt)
+ Update: Remove cglib dependency as it is not required by the version of EasyMock
used by the unit tests. (markt)
+ Update: Update EasyMock to 5.3.0. This adds a test dependency on Byte-Buddy
1.14.17. (markt)
+ Add: Improvements to Czech translations by Vladimír Chlup. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Add: Improvements to Chinese translations by fangzheng. (markt)
* Thu Oct 03 2024 Fridrich Strba <fstrba@suse.com>
- Adapt the scripts to run also with javapackages-tools >= 6.3
* Sun Sep 29 2024 Fridrich Strba <fstrba@suse.com>
- Fix build after removal of the default %%{java_home} define
* Tue Jul 09 2024 Ricardo Mestre <ricardo.mestre@suse.com>
- Update to Tomcat 10.1.25
* Fixed CVEs:
+ CVE-2024-34750: Improper handling of exceptional conditions
(bsc#1227399)
* Catalina
+ Add: Add support for shallow copies when using WebDAV. (markt)
+ Code: Deprecate the WebdavFixFilter as it is no longer required. (markt)
+ Fix: 69066: Fix regression in SPNEGO authenticator when processing Base64.
Submitted by Daniel Lyko. (remm)
+ Add: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) for
retrieving extended/additional information from an established GSS
context. (michaelo)
+ Fix: Correct a regression in the fix for 68721 that caused some instances
of LinkageError to be reported as ClassNotFoundException. (markt)
+ Fix: Ensure that static resources deployed via a JAR file remain
accessible when the context is configured to use a bloom filter. Based on
pull request #730 provided by bergander. (markt)
+ Add: Introduce reference counting so the AprLifecycleListener is more
robust. This particularly targets more complex embedded configurations
with multiple server instances with independent lifecycles where more than
one server instance requires the AprLifecycleListener. (markt)
+ Add: Small performance optimization when logging cookies with no values.
(schultz)
+ Fix: Correct error handling for asynchronous requests. If the application
performs an dispatch during AsyncListener.onError() the dispatch is now
performed rather than completing the request using the error page
mechanism. (markt)
+ Add: Re-factor ElapsedTimeElement in AbstractAccessLogValve to use a
customizable style. (schultz)
+ Add: Add more timescale options to AccessLogValve and
ExtendedAccessLogValve. Allow timescales to apply to "time-taken" token in
ExtendedAccessLogValve. (schultz)
+ Fix: Fix WebDAV lock null (locks for non existing resources) thread safety
and removal. (remm)
+ Fix: Add periodic checking for WebDAV locks expiration. (remm)
+ Fix: Extend Asn1Parser to parse UTF8Strings. (michaelo)
+ Fix: Remove MBean metadata for attibutes that have been removed. Based on
pull request #719 by Shawn Q. (markt)
+ Update: Deprecate and remove sessionCounter (replaced by the addition of
the active session count and the expired session count, as a reasonable
approximation) and duplicates (which does not represent a possible event
in current implementations) statistics from the session manager. (remm)
+ Fix: 68890 Align output encoding of JSPs in the Manager webapp with the
XML declarations in those same files. (schultz)
+ Fix: Update Basic authentication to implement the requirements of RFC 7617
including the changing of the trimCredentials setting which is now
defaults to false. Note that the trimCredentials setting will be removed
in Tomcat 11. (markt)
+ Fix: Change the thread-safety mechanism for protecting
StandardServer.services from a simple synchronized lock to a
ReentrantReadWriteLock to allow multiple readers to operate
simultaneously. Based upon a suggestion by Markus Wolfe. (schultz)
+ Fix: Improve Service connectors, Container children and Service executors
access sync using a ReentrantReadWriteLock. (remm)
+ Fix: Improve handling of integer overflow if an attempt is made to upload
a file via the Servlet API and the file is larger than
Integer.MAX_VALUE. (markt)
+ Fix: 68862: Handle possible response commit when processing read errors.
(remm)
* Jasper
+ Fix: 68546: Small additional optimisation for initial loading of Servlet
code generated for JSPs. Based on a suggestion by Dan Armstrong. (markt)
+ Add: Add support for specifying Java 23 (with the value 23) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
* Web applications
+ Add: Add the ability to set a sub-title for the Manager web application
main page. This is intended to allow users with lots of instances to
easily distinguish them. Based on pull request #724 by Simon Arame.
(markt)
+ Fix: Examples: Improve performance of WebSocket chat application when
multiple clients disconnect at the same time. (markt)
+ Update: Examples: Increase the number of previous messages displayed when
using the WebSocket chat application. (markt)
+ Fix: Examples: Improve performance of WebSocket snake application when
multiple clients disconnect at the same time. (markt)
* Coyote
+ Fix: Fix OpenSSL FFM use of ERR_error_string with a 128 byte buffer, and
use ERR_error_string_n instead. (remm)
+ Fix: Fix a crash on Windows setting CA certificate on null path. (remm)
+ Fix: 69068: Ensure read timouts are triggered for asynchronous,
non-blocking reads when using HTTP/2. (markt)
+ Update: 69133: Add task queue size configuration on the Connector element,
similar to the Executor element, for consistency. (remm)
+ Fix: Make counting of active HTTP/2 streams per connection more robust.
(markt)
+ Add: Add support for TLS 1.3 client initiated re-keying. (markt)
+ Fix: Improve the algorithm used to identify the IP address to use to
unlock the acceptor thread when a Connector is listening on all local
addresses. Interfaces that are configured for point to point connections
or are not currently up are now skipped. (markt)
+ Fix: Align non-secure and secure writes with NIO and skip the write
attempt when there are no bytes to be written. (markt)
+ Fix: Allow any positive value for socket.unlockTimeout. If a negative or
zero value is configured, the default of 250ms will be used. (mark)
+ Fix: Reduce the time spent waiting for the connector to unlock. The
previous default of 10s was noticeably too long for cases where the unlock
has failed. The wait time is now 100ms plus twice socket.unlockTimeout.
(markt)
+ Fix: Ensure that the onAllDataRead() event is triggered when the request
body uses chunked encoding and is read using non-blocking IO. (markt)
+ Fix: 68934: Add debug logging in the latch object when exceeding
maxConnections. (remm)
+ Fix: Refactor trailer field handling to use a MimeHeaders instance to
store trailer fields. (markt)
+ Fix: Ensure that multiple instances of the same trailer field are handled
correctly. (markt)
+ Fix: Fix non-blocking reads of chunked request bodies. (markt)
+ Fix: When an invalid HTTP response header was dropped, an off-by-one error
meant that the first header in the response was also dropped. Fix based on
pull request #710 by foremans. (markt)
+ Fix: Fix bnd jar descriptor to include the OpenSSL FFM support. (remm)
+ Fix: Add OpenSSL FFM classes to tomcat-embed-core.jar. (remm)
+ Add: Add OpenSSL integration using the FFM API rather than Tomcat Native.
OpenSSL support may be enabled by adding the
org.apache.catalina.core.OpenSSLLifecycleListener listener on the Server
element when using Java 22 or later. (remm)
* WebSocket
+ Fix: 68884: Reduce the write timeout when writing WebSocket close messages
for abnormal closes. The timeout defaults to 50 milliseconds and may be
controlled using the
org.apache.tomcat.websocket.ABNORMAL_SESSION_CLOSE_SEND_TIMEOUT property
in the user properties collection associated with the WebSocket session.
(markt)
* Other
+ Update: Revert Derby to 10.16.1.1 as that is the latest version of Derby
that runs on Java 17. (markt)
+ Update: Update to Commons Daemon 1.4.0. (markt)
+ Update: Update to Objenesis 3.4. (markt)
+ Update: Update to Checkstyle 10.17.0. (markt)
+ Update: Update to SpotBugs 4.8.5. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Switch to using the Base64 encoder and decoder provided by the JRE
rather than the version provided by Commons Codec. The internal fork of
Commons Codec has been deprecated and will be removed in Tomcat 11.
(markt)
+ Update: Update NSIS to 3.10. (mark0t)
+ Update: Update UnboundID to 7.0.0. (markt)
+ Update: Update Checkstyle to 10.16.0. (markt)
+ Update: Update JaCoCo to 0.8.12. (markt)
+ Update: Update SpotBugs to 4.8.4. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.9.0. (markt)
+ Update: Update the internal fork of Apache Commons DBCP to 2.12.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Fix: Release re-built using correct JDK version.
+ Update: Update the internal fork of Apache Commons BCEL to 6.8.2. (markt)
+ Update: Update the internal fork of Apache Commons Codec to 1.16.1.
(markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (remm)
+ Add: Improvements to Chinese translations by leeyazhou. (remm)
- Modified patch:
* tomcat-10.1-build-with-java-11.patch
+ rediff to changed context
* Fri Apr 05 2024 Michele Bussolotto <michele.bussolotto@suse.com>
- Update to Tomcat 10.1.20
* Fixed CVEs:
+ CVE-2024-24549: Improved request header validation for HTTP/2 stream
(bsc#1221386)
+ CVE-2024-23672: Ensure that WebSocket connection closure completes if
the connection is closed when the server side has used the proprietary
suspend/resume feature to suspend the connection (bsc#1221385)
* Catalina
+ Fix: Minor performance improvement for building filter chains.
Based on ideas from #702 by Luke Miao. (remm)
+ Fix: Align error handling for Writer and OutputStream. Ensure
use of either once the response has been recycled triggers a
NullPointerException provided that discardFacades is configured with
the default value of true. (markt)
+ Fix: 68692: The standard thread pool implementations that are
configured using the Executor element now implement ExecutorService
for better support NIO2. (remm)
+ Fix: 68495: When restoring a saved POST request after a
successful FORM authentication, ensure that neither the URI, the
query string nor the protocol are corrupted when restoring the
request body. (markt)
+ Fix: After forwarding a request, attempt to unwrap the
response in order to suspend it, instead of simply closing it if it
was wrapped. Add a new suspendWrappedResponseAfterForward boolean
attribute on Context to control the bahavior, defaulting to false.
(remm)
+ Fix: 68721: Workaround a possible cause of duplicate class
definitions when using ClassFileTransformers and the transformation
of a class also triggers the loading of the same class. (markt)
+ Fix: The rewrite valve should not do a rewrite if the output
is identical to the input. (remm)
+ Update: Add a new valveSkip (or VS) rule flag to the rewrite
valve to allow skipping over the next valve in the Catalina pipeline.
(remm)
+ Update: Add highConcurrencyStatus attribute to the
SemaphoreValve to optionally allow the valve to return an error
status code to the client when a permit cannot be acquired from the
semaphore. (remm)
+ Add: Add checking of the "age" of the running Tomcat instance
since its build-date to the SecurityListener, and log a warning if
the server is old. (schultz)
+ Fix: When using the AsyncContext, throw an
IllegalStateException, rather than allowing an NullPointerException,
if an attempt is made to use the AsyncContext after it has been
recycled. (markt)
+ Fix: Correct JPMS and OSGi meta-data for tomcat-embed-core.jar
by removing reference to org.apache.catalina.ssi package that is no
longer included in the JAR. Based on pull request #684 by Jendrik
Johannes. (markt)
+ Fix: Fix ServiceBindingPropertySource so that trailing \r\n
sequences are correctly removed from files containing property values
when configured to do so. Bug identified by Coverity Scan. (markt)
+ Add: Add improvements to the CSRF prevention filter including
the ability to skip adding nonces for resource name and subtree URL
patterns. (schultz)
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. (remm)
+ Fix: 68089: Further improve the performance of request
attribute access for ApplicationHttpRequest and ApplicationRequest.
(markt)
+ Fix: 68559: Allow asynchronous error handling to write to the
response after an error during asynchronous processing. (markt)
* Coyote
+ Fix: Improve the HTTP/2 stream prioritisation process. If a
stream uses all of the connection windows and still has content to
write, it will now be added to the backlog immediately rather than
waiting until the write attempt for the remaining content. (markt)
+ Fix: Add threadsMaxIdleTime attribute to the endpoint, to
allow configuring the amount of time before an internal executor will
scale back to the configured minSpareThreads size. (remm)
+ Fix: Correct a regression in the support for user provided
SSLContext instances that broke the
org.apache.catalina.security.TLSCertificateReloadListener. (markt)
+ Fix: Setting a null value for a cookie attribute should remove
the attribute. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that
once a connection is marked to be closed, further asynchronous
processing cannot change that. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that
once the call to AsyncListener.onError() has returned to the
container, only container threads can access the AsyncContext. This
protects against various race conditions that woudl otherwise occur
if application threads continued to access the AsyncContext.
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. In particular, most of
the HTTP/2 debug logging has been changed to trace level. (remm)
+ Fix: Add support for user provided SSLContext instances
configured on SSLHostConfigCertificate instances. Based on pull
request #673 provided by Hakan Altındağ. (markt)
+ Fix: Partial fix for 68558: Cache the result of converting to
String for request URI, HTTP header names and the request
Content-Type value to improve performance by reducing repeated byte[]
to String conversions. (markt)
+ Fix: Improve error reporting to HTTP/2 clients for header
processing errors by reporting problems at the end of the frame where
the error was detected rather than at the end of the headers. (markt)
+ Fix: Remove the remaining reference to a stream once the
stream has been recycled. This makes the stream eligible for garbage
collection earlier and thereby improves scalability. (markt)
* Jasper
+ Add: Add support for specifying Java 22 (with the value 22) as
the compiler source and/or compiler target for JSP compilation. If
used with an Eclipse JDT compiler version that does not support these
values, a warning will be logged and the default will used. (markt)
+ Fix: Handle the case where the JSP engine forwards a
request/response to a Servlet that uses an OutputStream rather than a
Writer. This was triggering an IllegalStateException on code paths
where there was a subsequent attempt to obtain a Writer. (markt)
+ Fix: Correctly handle the case where a tag library is packaged
in a JAR file and the web application is deployed as a WAR file
rather than an unpacked directory. (markt)
+ Fix: 68546: Generate optimal size and types for JSP imports
maps, as suggested by John Engebretson. (remm)
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. (remm)
* Cluster
+ Fix: Avoid updating request count stats on async. (remm)
* WebSocket
+ Fix: Correct a regression in the fix for 66508 that could
cause an UpgradeProcessor leak in some circumstances. (markt)
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. (remm)
+ Fix: Ensure that WebSocket connection closure completes if the
connection is closed when the server side has used the proprietary
suspend/resume feature to suspend the connection. (markt)
* Web applications
Add: Add support for responses in JSON format from the examples
application RequestHeaderExample. (schultz)
* Other
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Fix: 57130: Allow digest.(sh|bat) to accept password from a
file or stdin. (csutherl/schultz)
+ Update: Update Checkstyle to 10.14.1. (markt)
+ Fix: Correct the remaining OSGi contract references in the
manifest files to refer to the Jakarta EE contract names rather than
the Java EE contract names. Based on pull request #685 provided by
Paul A. Nicolucci. (markt)
+ Update: Update Checkstyle to 10.13.0. (markt)
+ Update: Update JSign to 6.0. (markt)
+ Update: Update the packaged version of the Tomcat Migration
Tool for Jakarta EE to 1.0.7. (markt)
+ Update: Update Tomcat Native to 2.0.7. (markt)
+ Update: Add strings for debug level messages. (remm)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
- Regenerated patch: tomcat-jdt.patch
* Wed Mar 06 2024 Dan Čermák <dcermak@suse.com>
- Add missing Requires(post): util-linux to have runuser into post
* Mon Mar 04 2024 Fridrich Strba <fstrba@suse.com>
- Add %%systemd_ordering to packages with systemd unit files, so
that the order is the right one if those packages find themselves
in the same transaction with systemd
* Sat Feb 17 2024 Fridrich Strba <fstrba@suse.com>
- Link ecj.jar into the install instead of copying it
* Tue Feb 06 2024 Michele Bussolotto <michele.bussolotto@suse.com>
- rpm 4.19 requires dependencies on tomcat user and group (bsc#1219530)
* Fri Jan 26 2024 Michele Bussolotto <michele.bussolotto@suse.com>
- Fixed CVEs:
* CVE-2024-22029: run xsltproc as tomcat group (bsc#1219208)
* Wed Jan 17 2024 Michele Bussolotto <michele.bussolotto@suse.com>
- Update to Tomcat 10.1.18
* Fixed CVEs:
+ CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to
incorrect headers parsing (bsc#1217649)
* Catalina
+ Update: 68378: Align extension to MIME type mappings in the
global web.xml with those in httpd by adding
application/vnd.geogebra.slides for ggs, text/javascript for mjs
and audio/ogg for opus. (markt)
+ Fix: Background processes should not be run concurrently with
lifecycle operations of a container. (remm)
+ Fix: Correct unintended escaping of XML in some WebDAV
responses. The XML list of support locks when provided in
response to a PROPFIND request was incorrectly XML escaped.
(markt)
+ Fix: 68227: Ensure that AsyncListener.onComplete() is called
if AsyncListener.onError() calls AsyncContext.dispatch().
(markt)
+ Fix: 68228: Use a 408 status code if a read timeout occurs
during HTTP request processing. Includes a test case based on
code provided by adwsingh. (markt)
+ Fix: 67667: TLSCertificateReloadListener prints unreadable
rendering of X509Certificate#getNotAfter(). (michaelo)
+ Update: The status servlet included in the manager webapp
can now output statistics as JSON, using the JSON=true URL
parameter. (remm)
+ Update: Optionally allow ServiceBindingPropertySource to
trim a trailing newline from a file containing a
property-value. (schultz)
+ Fix: 67793: Ensure the original session timeout is restored
after FORM authentication if the user refreshes a page during
the FORM authentication process. Based on a suggestion by
Mircea Butmalai. (markt)
+ Update: 67926: PEMFile prints unidentifiable string
representation of ASN.1 OIDs. (michaelo)
+ Fix: 66875: Ensure that setting the request attribute
jakarta.servlet.error.exception is not sufficient to trigger
error handling for the current request and response. (markt)
+ Fix: 68054: Avoid some file canonicalization calls
introduced by the fix for 65433. (remm)
+ Fix: 68089: Improve performance of request attribute access
for ApplicationHttpRequest and ApplicationRequest. (markt)
+ Fix: Use a 400 status code to report an error due to a bad
request (e.g. an invalid trailer header) rather than a 500
status code. (markt)
+ Fix: Ensure that an IOException during the reading of the
request triggers always error handling, regardless of whether
the application swallows the exception. (markt)
* Coyote
+ Fix: Refactor the VirtualThreadExecutor so that it can be
used by the NIO2 connector which was using platform threads
even when configured to use virtual threads. (markt)
+ Fix: Correct a regression in the fix for 67675 that broke
TLS key file parsing for PKCS#8 format keys that do not specify
an explicit pseudo-random function and rely on the default.
This typically affects keys generated by OpenSSL 1.0.2.
(markt)
+ Fix: Allow multiple operations with the same name on
introspected mbeans, fixing a regression caused by the
introduction of a second addSslHostConfig method. (remm)
+ Fix: Relax the check that the HTTP Host header is consistent
with the host used in the request line, if any, to make the
check case insensitive since host names are case insensitive.
(markt)
+ Add: 68348: Add support for the partitioned attribute for
cookies. (markt)
+ Add: 66670: Add SSLHostConfig#certificateKeyPasswordFile and
SSLHostConfig#certificateKeystorePasswordFile. (michaelo)
+ Add: When calling
SSLHostConfigCertificate.setCertificateKeystore(ks),
automatically call setCertificateKeystoreType(ks.getType()).
(markt)
+ Fix: 67628: Clarify how the ciphers attribute of the
SSLHostConfig is used. (markt)
+ Fix: 67666: Ensure TLS connectors using PEM files either
work with the TLSCertificateReloadListener or, in the rare case
that they do not, log a warning on Connector start. (markt)
+ Fix: 67675: Support a wider range of KDF and ciphers for PEM
files than the combinations supported by the JVM by default.
Specifically, support the OpenSSL default of HmacSHA256 and
DES-EDE3-CBC. (markt)
+ Fix: 67927: Reloading TLS configuration can cause the
Connector to refuse new connections or the JVM to crash.
(markt)
+ Fix: 67934: If both Tomcat Native 1.2.x and 2.0.x are
available, prefer 1.2.x since it supports the APR/Native
connector whereas 2.0.x does not. (markt)
+ Fix: 67938: Correct handling of large TLS client hello
messages that were causing the TLS handshake to fail. (markt)
+ Fix: 68026: Convert selected MessageByte values to String
when first accessed to speed up subsequent accesses and reduce
garbage collection. (markt)
* Jasper
+ Code: 68119: Refactor the CompositeELResolver to improve
performance during type conversion operations. (markt)
+ Fix: 68068: Performance improvement for EL. Based on a
suggestion by John Engebretson. (markt)
* Web Applications
+ Fix: 68035: Additional fix to the Manager application to
enable the deployment of a web application located in a Host's
appBase where the web application is specified by a bare (no
path) WAR or directory name as shown in the documentation.
(markt)
+ Fix: Examples. Improve the error handling so snakes
associated with a user that drops from the network are removed
from the game. (markt)
+ Fix: 68035: Correct a regression in the fix for 56248 that
prevented deployment via the Manager of a WAR or directory that
was already present in the appBase or a context file that was
already present in the xmlBase. (markt)
* Other
+ Update: Update Checkstyle to 10.12.7. (markt)
+ Update: Update SpotBugs to 4.8.3. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji.
(markt)
+ Update: Update UnboundID to 6.0.11. (markt)
+ Update: Update Checkstyle to 10.12.5. (markt)
+ Update: Update SpotBugs to 4.8.2. (markt)
+ Update: Update Derby to 10.17.1. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji.
(markt)
+ Add: Improvements to Brazilian Portuguese translations by
John William Vicente. (markt)
+ Add: Improvements to Russian translations by usmazat and
remm. (markt)
+ Add: 67538: Make use of Ant's <javaversion /> task to enfore
the mininum Java build version. (michaelo)
+ Update: Update Checkstyle to 10.12.4. (markt)
+ Update: Update JaCoCo to 0.8.11. (markt)
+ Update: Update SpotBugs to 4.8.0. (markt)
+ Update: Update BND to 7.0.0. (markt)
+ Update: The minimum Java version required to build Tomcat
has been raised to Java 17. (markt)
+ Update: Update the OWB module to Apache OpenWebBeans 4.0.0.
(remm)
- Added patches:
* tomcat-10.1-build-with-java-11.patch
* Wed Jan 17 2024 Michele Bussolotto <michele.bussolotto@suse.com>
- change server.xml during %post instead of %posttrans
- add libxslt-tools requirement
* Tue Jan 16 2024 Michele Bussolotto <michele.bussolotto@suse.com>
- Fix server.xml permission (bsc#1217768, bsc#1217402)
- remove serverxmltool and use xsltproc
* Mon Nov 27 2023 Ricardo Mestre <ricardo.mestre@suse.com>
- replace prep setup and patches macro with autosetup
* Tue Nov 14 2023 Michele Bussolotto <michele.bussolotto@suse.com>
- Initial packaging of Tomcat 10.1.14
* Fri Oct 13 2023 Fridrich Strba <fstrba@suse.com>
- Update to Tomcat 9.0.82
* Catalina
+ Add: 65770: Provide a lifecycle listener that will
automatically reload TLS configurations a set time before the
certificate is due to expire. This is intended to be used with
third-party tools that regularly renew TLS certificates.
+ Fix: Fix handling of an error reading a context descriptor on
deployment.
+ Fix: Fix rewrite rule qsd (query string discard) being ignored
if qsa was also use, while it should instead take precedence.
+ Fix: 67472: Send fewer CORS-related headers when CORS is not
actually being engaged.
+ Add: Improve handling of failures within recycle() methods.
* Coyote
+ Fix: 67670: Fix regression with HTTP compression after code
refactoring.
+ Fix: 67198: Ensure that the AJP connector attribute
tomcatAuthorization takes precedence over the
tomcatAuthentication attribute when processing an auth_type
attribute received from a proxy server.
+ Fix: 67235: Fix a NullPointerException when an AsyncListener
handles an error with a dispatch rather than a complete.
+ Fix: When an error occurs during asynchronous processing,
ensure that the error handling process is only triggered once
per asynchronous cycle.
+ Fix: Fix logic issue trying to match no argument method in
IntropectionUtil.
+ Fix: Improve thread safety around readNotify and writeNotify
in the NIO2 endpoint.
+ Fix: Avoid rare thread safety issue accessing message digest
map.
+ Fix: Improve statistics collection for upgraded connections
under load.
+ Fix: Align validation of HTTP trailer fields with standard
fields.
+ Fix: Improvements to HTTP/2 overhead protection (bsc#1216182,
CVE-2023-44487)
* jdbc-pool
+ Fix: 67664: Correct a regression in the clean-up of
unnecessary use of fully qualified class names in 9.0.81
that broke the jdbc-pool.
* Jasper
+ Fix: 67080: Improve performance of EL expressions in JSPs that
use implicit objects
* Thu Sep 21 2023 Fridrich Strba <fstrba@suse.com>
- Update to Tomcat 9.0.80
* Catalina
+ Add RateLimitFilter which can be used to mitigate DoS and
Brute Force attacks
+ Move the management of the utility executor from the
init()/destroy() methods of components to the start()/stop()
methods.
+ Add org.apache.catalina.core.StandardVirtualThreadExecutor,
a virtual thread based executor that may be used with one or
more Connectors to process requests received by those
Connectors using virtual threads. This Executor requires a
minimum Java version of Java 21.
+ 66513: Add a per session Semaphore to the PersistentValve that
ensures that, within a single Tomcat instance, there is no
more than one concurrent request per session. Also expand the
debug logging to include whether a request bypasses the Valve
and the reason if a request fails to obtain the per session
Semaphore.
+ 66609: Ensure that the default servlet correctly escapes file
names in directory listings when using XML output.
+ 66618: Add a numeric last modified field to the XML directory
listings produced by the default servlet to enable sorting in
the XSLT.
+ 66621: Attempts to lock a collection with WebDAV may
incorrectly fail if a child collection has an expired lock.
+ 66622: Deprecate the xssProtectionEnabled setting from the
HttpHeaderSecurityFilter and change the default value to false
as support for the associated HTTP header has been removed
from all major browsers.
+ 59232: Add org.apache.catalina.core.ContextNamingInfoListener,
a listener which creates context naming information
environment entries.
+ 66665: Add
org.apache.catalina.core.PropertiesRoleMappingListener, a
listener which populates the context's role mapping from a
properties file.
+ Fix an edge case where intra-web application symlinks would be
followed if the web applications were deliberately crafted to
allow it even when allowLinking was set to false.
+ Add utility config file resource lookup on Context to allow
looking up resources from the webapp (prefixed with webapp:)
and make the resource lookup API more visible.
+ Fix potential database connection leaks in
DataSourceUserDatabase identified by Coverity Scan.
+ Make parsing of ExtendedAccessLogValve patterns more robust.
+ Fix failure trying to persist configuration for an internal
credential handler.
+ 66680: When serializing a session during the session
presistence process, do not log a warning that null Principals
are not serializable.
+ Catch NamingException in JNDIRealm#getPrincipal. It is used in
Java up to 17 to signal closed connections.
+ 66822: Use the same naming format in log messages for
Connector instances as the associated ProtocolHandler instance.
+ The parts count should also lower the actual maxParameterCount
used for parsing parameters if parts are parsed first.
+ If an application or library sets both a non-500 error code
and the javax.servlet.error.exception request attribute, use
the provided error code during error page processing rather
than assuming an error code of 500.
+ Update code comments and Tomcat output to use MiB for
1024 * 1024 bytes and KiB for 1024 bytes rather than
MB and kB.
+ Avoid protocol relative redirects in FORM authentication
(CVE-2023-41080, bsc#1214666).
* Coyote
+ Update the HTTP/2 implementation to use the prioritization
scheme defined in RFC 9218 rather than the one defined in
RFC 7540.
+ 66602: not sending WINDOW_UPDATE when dataLength is ZERO on
call SwallowedDataFramePayload.
+ 66627: Restore the documented behaviour of
MessageBytes.getType() that it returns the type of the
original content rather than reflecting the most recent
conversion.
+ 66635: Correct certificate logging on start-up so it
differentiates between keystore based keys/certificates and
PEM file based keys/certificates and logs the relevant
information for each.
+ Refactor blocking reads and writes for the NIO connector to
remove code paths that could allow a notification from the
Poller to be missed resuting in a timeout rather than the
expected read or write.
+ Refactor waiting for an HTTP/2 stream or connection window
update to handle spurious wake-ups during the wait.
+ Correct a regression introduced in 9.0.78 and use the correct
constant when constructing the default value for the
certificateKeystoreFile attribute of an
SSLHostConfigCertificate instance.
+ Refactor HTTP/2 implementation to reduce pinning when using
virtual threads.
+ Pass through ciphers referring to an OpenSSL profile, such as
PROFILE=SYSTEM instead of producing an error trying to parse
it.
+ 66841: Ensure that AsyncListener.onError() is called after an
error during asynchronous processing with HTTP/2.
+ 66842: When using asynchronous I/O (the default for NIO and
NIO2), include DATA frames when calculating the HTTP/2
overhead count to ensure that connections are not prematurely
terminated.
+ Correct a race condition that could cause spurious RST
messages to be sent after the response had been written to an
HTTP/2 stream.
* WebSocket
+ 66548: Expand the validation of the value of the
Sec-Websocket-Key header in the HTTP upgrade request that
initiates a WebSocket connection. The value is not decoded but
it is checked for the correct length and that only valid
characters from the base64 alphabet are used.
+ Improve handling of error conditions for the WebSocket server,
particularly during Tomcat shutdown.
+ Correct a regression in the fix for 66574 that meant the
WebSocket session could return false for onOpen() before the
onClose() event had been completed.
+ 66681: Fix a NullPointerException when flushing batched
messages with compression enabled using permessage-deflate.
* Web applications
+ Documentation. Expand the security guidance to cover the
embedded use case and add notes on the uses made of the
java.io.tmpdir system property.
+ 66662: Documentation. Fix a typo in the name of the algorithms
attribute in the configuration section for the Digest
authentication value.
+ Documentation. Update documentation to use MiB for
1024 * 1024 bytes and KiB for 1024 bytes rather than
MB and kB.
* jdbc-pool
+ Fix the releaseIdleCounter does not increment when testAllIdle
releases them.
+ Fix the ConnectionState state will be inconsistent with actual
state on the connection when an exception occurs while
writing.
* Other
+ Update to Commons Daemon 1.3.4.
+ Improvements to French translations.
+ Update Checkstyle to 10.12.0.
+ Update the packaged version of the Apache Tomcat Native
Library to 1.2.37 to pick up the Windows binaries built with
with OpenSSL 1.1.1u.
+ Include the Windows specific binary distributions in the files
uploaded to Maven Central.
+ Improvements to French translations.
+ Improvements to Japanese translations.
+ Update UnboundID to 6.0.9.
+ Update Checkstyle to 10.12.1.
+ Update BND to 6.4.1.
+ Update JSign to 5.0.
+ Correct properties for JSign dependency.
+ Align documentation for maxParameterCount to match hard-coded
defaults.
+ Update NSIS to 3.0.9.
+ Update Checkstyle to 10.12.2.
+ Improvements to French translations.
+ Improvements to Japanese translations.
+ 66829: Fix quoting so users can use the _RUNJAVA environment
variable as intended on Windows when the path to the Java
executable contains spaces.
+ Update Tomcat Native to 1.2.38 to pick up Windows binaries
built with OpenSSL 1.1.1v.
+ Improvements to Chinese translations.
+ Improvements to French translations.
+ Improvements to Japanese translations
- Removed patch:
* tomcat-9.0.75-CVE-2023-41080.patch
+ integrated in this version
* Thu Sep 21 2023 Michele Bussolotto <michele.bussolotto@suse.com>
- Fixed CVEs:
* CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666)
- Added patches:
* tomcat-9.0.75-CVE-2023-41080.patch
* Mon Sep 18 2023 Fridrich Strba <fstrba@suse.com>
- Modified patch:
* tomcat-9.0-osgi-build.patch
+ make it more robust to change in number of artifacts in bnd
+ do not enumerate jars, just take all jars from the aqute-bnd
directory into the classpath
* Tue Sep 12 2023 Fridrich Strba <fstrba@suse.com>
- Require(pre) shadow because groupadd is needed early
* Tue May 23 2023 Fridrich Strba <fstrba@suse.com>
- Update to Tomcat 9.0.75.
* See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.75_(markt)
* Fixes:
+ bsc#1211608, CVE-2023-28709
+ bsc#1208513, CVE-2023-24998 (previous incomplete fix)
- Remove patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch
* tomcat-9.0-CVE-2021-41079.patch
* tomcat-9.0-CVE-2022-23181.patch
* tomcat-9.0-NPE-JNDIRealm.patch
* tomcat-9.0-hardening_getResources.patch
* tomcat-9.0.43-CVE-2021-43980.patch
* tomcat-9.0.43-CVE-2022-42252.patch
* tomcat-9.0.43-CVE-2022-45143.patch
* tomcat-9.0.43-CVE-2023-24998.patch
* tomcat-9.0.43-CVE-2023-28708.patch
+ integrated in this version
* tomcat-9.0.43-java8compat.patch
+ problem with Java 8 compatibility solved in this version
- Modified patch:
* tomcat-9.0.31-secretRequired-default.patch
- > tomcat-9.0.75-secretRequired-default.patch
+ rediffed to changed context
* tomcat-9.0-javadoc.patch
+ drop integrated hunks
* tomcat-9.0-osgi-build.patch
+ fix to work with current version
- Added patch:
* tomcat-9.0-jdt.patch
+ fix build against our ecj
* Fri Apr 07 2023 Michele Bussolotto <michele.bussolotto@suse.com>
- Fixed CVEs:
* CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840)
- Added patches:
* tomcat-9.0.43-CVE-2022-45143.patch
* Thu Mar 23 2023 Michele Bussolotto <michele.bussolotto@suse.com>
- Fixed CVEs:
* CVE-2023-28708: tomcat: not including the secure attribute
causes information disclosure (bsc#1209622)
- Added patches:
* tomcat-9.0.43-CVE-2023-28708.patch
* Tue Feb 28 2023 Michele Bussolotto <michele.bussolotto@suse.com>
- Fixed CVEs:
* CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513)
- Added patches:
* tomcat-9.0.43-CVE-2023-24998.patch
* Fri Dec 23 2022 Michele Bussolotto <michele.bussolotto@suse.com>
- set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt
- use logrotate for catalina.out
* update tomcat-serverxml-tool and spec to configure server.xml
- Added patch:
* tomcat-9.0-logrotate_everything.patch
* tomcat-serverxml-tool.tar.gz
- Removed:
* tomcat-serverxml-tool-1.0.tar.gz
* Tue Nov 29 2022 Michele Bussolotto <michele.bussolotto@suse.com>
- Use catalina.out for logging (bsc#1205647)
- Added patches:
* tomcat-9.0-fix_catalina.patch
* Mon Nov 21 2022 Michele Bussolotto <michele.bussolotto@suse.com>
- Fixed CVEs:
* CVE-2022-42252: reject invalid content-length requests. (bsc#1204918)
- Added patches:
* tomcat-9.0.43-CVE-2022-42252.patch
* Thu Oct 20 2022 Michele Bussolotto <michele.bussolotto@suse.com>
- Fixed CVEs:
* CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868)
- Added patches:
* tomcat-9.0.43-CVE-2021-43980.patch
* Wed Jul 13 2022 Fridrich Strba <fstrba@suse.com>
- Do not hardcode /usr/libexec but use %%_libexecdir during the
build
* Fixes for platforms, where /usr/libexec and %%_libexecdir are
different
* Thu Jul 07 2022 Fridrich Strba <fstrba@suse.com>
- Fix bsc#1201081 by building with release=8 all files that can be
built this way. The one file remaining, build it with source=8 and
target=8
- Modified patch:
* tomcat-9.0.43-java8compat.patch
+ Do not cast ByteBuffer to Buffer to call the Java 8 compatible
methods. Build with release=8 instead
* Thu Apr 07 2022 Michele Bussolotto <michele.bussolotto@suse.com>
- Security hardening. Deprecate getResources() and always return null. (bsc#1198136)
- Added patch: tomcat-9.0-hardening_getResources.patch
* Wed Feb 23 2022 Fridrich Strba <fstrba@suse.com>
- Remove dependency on log4j/reload4j completely (bsc#1196137)
* Tue Feb 22 2022 Fridrich Strba <fstrba@suse.com>
- Do not build against the log4j12 packages, use the new reload4j
* Fri Jan 28 2022 Michele Bussolotto <michele.bussolotto@suse.com>
- Fixed CVEs:
* CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)
- Added patches:
* tomcat-9.0-CVE-2022-23181.patch
* Mon Jan 10 2022 olaf@aepfle.de
- remove instance units from post scripts, they can not be reloaded
* Fri Dec 10 2021 Michele Bussolotto <michele.bussolotto@suse.com>
- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569)
- Added patch:
* tomcat-9.0-NPE-JNDIRealm.patch
* Wed Nov 10 2021 Fridrich Strba <fstrba@suse.com>
- Modified patch:
* tomcat-9.0-osgi-build.patch
+ account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0
* Fri Oct 29 2021 Michele Bussolotto <michele.bussolotto@suse.com>
- Fixed CVEs:
* CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
* CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)
- Added patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch
* Thu Oct 28 2021 Michele Bussolotto <michele.bussolotto@suse.com>
- Fixed CVEs:
* CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)
- Added patches:
* tomcat-9.0-CVE-2021-41079.patch
* Mon Oct 18 2021 Marcel Witte <wittemar@googlemail.com>
- Update to Tomcat 9.0.43. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt)
- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch
- Rebased patch:
tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch
* Mon Oct 18 2021 Marcel Witte <wittemar@googlemail.com>
- Update to Tomcat 9.0.41. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)
* Mon Oct 18 2021 Marcel Witte <wittemar@googlemail.com>
- Update to Tomcat 9.0.40. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt)
- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2020-17527.patch
* tomcat-9.0-CVE-2021-24122.patch
* Mon Mar 22 2021 Abid Mehmood <amehmood@suse.com>
- Fixed CVEs:
* CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
* CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)
- Added patches:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch
* Wed Mar 17 2021 Abid Mehmood <amehmood@suse.com>
- Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947)
- Added patch:
* tomcat-9.0-CVE-2021-24122.patch
* Mon Mar 15 2021 Marcel Witte <wittemar@googlemail.com>
- Update to Tomcat 9.0.39. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt)
- Rebased patches:
* tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch
* Mon Mar 15 2021 Marcel Witte <wittemar@googlemail.com>
- Update to Tomcat 9.0.38. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt)
- Rebased patches:
* tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch
- Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now
* Mon Feb 22 2021 Marcel Witte <wittemar@googlemail.com>
- Update to Tomcat 9.0.37. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt)
- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)
- Rebased patches:
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch
/usr/share/tomcat/tomcat-webapps/ROOT /usr/share/tomcat/tomcat-webapps/ROOT/RELEASE-NOTES.txt /usr/share/tomcat/tomcat-webapps/ROOT/WEB-INF /usr/share/tomcat/tomcat-webapps/ROOT/WEB-INF/web.xml /usr/share/tomcat/tomcat-webapps/ROOT/asf-logo-wide.svg /usr/share/tomcat/tomcat-webapps/ROOT/bg-button.png /usr/share/tomcat/tomcat-webapps/ROOT/bg-middle.png /usr/share/tomcat/tomcat-webapps/ROOT/bg-nav.png /usr/share/tomcat/tomcat-webapps/ROOT/bg-upper.png /usr/share/tomcat/tomcat-webapps/ROOT/favicon.ico /usr/share/tomcat/tomcat-webapps/ROOT/index.jsp /usr/share/tomcat/tomcat-webapps/ROOT/tomcat.css /usr/share/tomcat/tomcat-webapps/ROOT/tomcat.svg /usr/share/tomcat/tomcat-webapps/examples /usr/share/tomcat/tomcat-webapps/examples/META-INF /usr/share/tomcat/tomcat-webapps/examples/META-INF/context.xml /usr/share/tomcat/tomcat-webapps/examples/WEB-INF /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/CookieExample.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/CookieExample.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/HelloWorldExample.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/HelloWorldExample.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings_cs.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings_de.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings_es.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings_fr.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings_ja.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings_ko.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings_pt.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings_pt_BR.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings_ru.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/LocalStrings_zh_CN.properties /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/RequestHeaderExample.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/RequestHeaderExample.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/RequestInfoExample.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/RequestInfoExample.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/RequestParamExample.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/RequestParamExample.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/ServletToJsp.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/ServletToJsp.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/SessionExample.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/SessionExample.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async0$1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async0.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async0.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async1$1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async1.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async2$1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async2.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async2.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async3.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Async3.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/AsyncStockContextListener.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/AsyncStockContextListener.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/AsyncStockServlet.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/AsyncStockServlet.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Stockticker$Stock.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Stockticker$TickListener.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Stockticker.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/async/Stockticker.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/cal /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/cal/Entries.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/cal/Entries.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/cal/Entry.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/cal/Entry.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/cal/JspCalendar.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/cal/JspCalendar.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/cal/TableBean.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/cal/TableBean.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/checkbox /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/checkbox/CheckTest.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/checkbox/CheckTest.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/colors /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/colors/ColorGameBean.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/colors/ColorGameBean.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/compressionFilters /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/compressionFilters/CompressionFilter.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/compressionFilters/CompressionFilter.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/compressionFilters/CompressionFilterTestServlet.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/compressionFilters/CompressionFilterTestServlet.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/compressionFilters/CompressionResponseStream.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/compressionFilters/CompressionResponseStream.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/compressionFilters/CompressionServletResponseWrapper.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/compressionFilters/CompressionServletResponseWrapper.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/dates /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/dates/JspCalendar.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/dates/JspCalendar.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/error /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/error/Smart.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/error/Smart.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples/ExampleTagBase.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples/ExampleTagBase.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples/FooTag.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples/FooTag.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples/FooTagExtraInfo.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples/FooTagExtraInfo.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples/LogTag.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples/LogTag.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples/ValuesTag.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/examples/ValuesTag.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/filters /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/filters/ExampleFilter.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/filters/ExampleFilter.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/http2 /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/http2/SimpleImagePush.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/http2/SimpleImagePush.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2 /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/BookBean.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/BookBean.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/FooBean.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/FooBean.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/ValuesBean.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/ValuesBean.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/el /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/el/Functions.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/el/Functions.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/EchoAttributesTag.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/EchoAttributesTag.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/FindBookSimpleTag.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/FindBookSimpleTag.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/HelloWorldSimpleTag.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/HelloWorldSimpleTag.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/RepeatSimpleTag.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/RepeatSimpleTag.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/ShuffleSimpleTag.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/ShuffleSimpleTag.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/TileSimpleTag.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/jsp2/examples/simpletag/TileSimpleTag.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/listeners /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/listeners/ContextListener.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/listeners/ContextListener.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/listeners/SessionListener.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/listeners/SessionListener.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/nonblocking /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/nonblocking/ByteCounter$CounterListener.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/nonblocking/NumberWriter$NumberWriterListener.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/nonblocking/NumberWriter.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/nonblocking/NumberWriter.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/num /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/num/NumberGuessBean.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/num/NumberGuessBean.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/sessions /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/sessions/DummyCart.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/sessions/DummyCart.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/trailers /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/trailers/ResponseTrailers$TrailerFieldSupplier.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/trailers/ResponseTrailers.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/trailers/ResponseTrailers.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/util /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/util/CookieFilter.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/util/CookieFilter.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/util/HTMLFilter.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/util/HTMLFilter.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/validators /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/validators/DebugValidator.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/validators/DebugValidator.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/ExamplesConfig.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/ExamplesConfig.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/chat /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/Client$1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/Client.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/Client.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawMessage$ParseException.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawMessage.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawMessage.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawboardContextListener.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawboardContextListener.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawboardEndpoint$1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawboardEndpoint$2.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawboardEndpoint$3$1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawboardEndpoint$3.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawboardEndpoint.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/DrawboardEndpoint.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/Room$1$1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/Room$1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/Room$2.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/Room$MessageType.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/Room$Player.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/Room.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/wsmessages /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/wsmessages/AbstractWebsocketMessage.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/wsmessages/AbstractWebsocketMessage.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/wsmessages/BinaryWebsocketMessage.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/wsmessages/BinaryWebsocketMessage.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/wsmessages/CloseWebsocketMessage.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/wsmessages/CloseWebsocketMessage.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/wsmessages/StringWebsocketMessage.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/drawboard/wsmessages/StringWebsocketMessage.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoAnnotation.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoAnnotation.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoAsyncAnnotation$CompletedFuture.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoAsyncAnnotation.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoAsyncAnnotation.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoEndpoint$EchoMessageHandlerBinary.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoEndpoint$EchoMessageHandlerText.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoEndpoint.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoEndpoint.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoStreamAnnotation.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/EchoStreamAnnotation.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/echo/servers.json /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/Direction.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/Direction.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/Location$1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/Location.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/Location.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/Snake.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/Snake.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer$1.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.class /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/jsp /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/jsp/403.jsp /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/jsp/403.jsp.html /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/jsp/debug-taglib.tld /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/jsp/example-taglib.tld /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/jsp/jsp2-example-taglib.tld /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/lib /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/lib/jstl.jar /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/lib/standard.jar /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/tags /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/tags/displayProducts.tag /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/tags/helloWorld.tag /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/tags/panel.tag /usr/share/tomcat/tomcat-webapps/examples/WEB-INF/web.xml /usr/share/tomcat/tomcat-webapps/examples/index.html /usr/share/tomcat/tomcat-webapps/examples/jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/async /usr/share/tomcat/tomcat-webapps/examples/jsp/async/async1.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/async/async1.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/async/async3.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/async/async3.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/async/index.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/async/index.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/cal /usr/share/tomcat/tomcat-webapps/examples/jsp/cal/Entries.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/cal/Entry.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/cal/JspCalendar.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/cal/TableBean.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/cal/cal1.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/cal/cal1.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/cal/cal2.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/cal/cal2.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/cal/calendar.html /usr/share/tomcat/tomcat-webapps/examples/jsp/cal/login.html /usr/share/tomcat/tomcat-webapps/examples/jsp/checkbox /usr/share/tomcat/tomcat-webapps/examples/jsp/checkbox/CheckTest.html /usr/share/tomcat/tomcat-webapps/examples/jsp/checkbox/check.html /usr/share/tomcat/tomcat-webapps/examples/jsp/checkbox/checkresult.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/checkbox/checkresult.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/checkbox/cresult.html /usr/share/tomcat/tomcat-webapps/examples/jsp/colors /usr/share/tomcat/tomcat-webapps/examples/jsp/colors/ColorGameBean.html /usr/share/tomcat/tomcat-webapps/examples/jsp/colors/clr.html /usr/share/tomcat/tomcat-webapps/examples/jsp/colors/colors.html /usr/share/tomcat/tomcat-webapps/examples/jsp/colors/colrs.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/colors/colrs.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/dates /usr/share/tomcat/tomcat-webapps/examples/jsp/dates/date.html /usr/share/tomcat/tomcat-webapps/examples/jsp/dates/date.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/dates/date.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/error /usr/share/tomcat/tomcat-webapps/examples/jsp/error/er.html /usr/share/tomcat/tomcat-webapps/examples/jsp/error/err.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/error/err.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/error/error.html /usr/share/tomcat/tomcat-webapps/examples/jsp/error/errorpge.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/error/errorpge.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/forward /usr/share/tomcat/tomcat-webapps/examples/jsp/forward/forward.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/forward/forward.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/forward/fwd.html /usr/share/tomcat/tomcat-webapps/examples/jsp/forward/one.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/forward/one.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/forward/two.html /usr/share/tomcat/tomcat-webapps/examples/jsp/images /usr/share/tomcat/tomcat-webapps/examples/jsp/images/code.gif /usr/share/tomcat/tomcat-webapps/examples/jsp/images/execute.gif /usr/share/tomcat/tomcat-webapps/examples/jsp/images/return.gif /usr/share/tomcat/tomcat-webapps/examples/jsp/include /usr/share/tomcat/tomcat-webapps/examples/jsp/include/foo.html /usr/share/tomcat/tomcat-webapps/examples/jsp/include/foo.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/include/foo.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/include/inc.html /usr/share/tomcat/tomcat-webapps/examples/jsp/include/include.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/include/include.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/index.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2 /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/Functions.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/ValuesBean.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/ValuesTag.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/basic-arithmetic.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/basic-arithmetic.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/basic-arithmetic.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/basic-comparisons.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/basic-comparisons.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/basic-comparisons.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/composite.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/composite.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/composite.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/functions.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/functions.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/functions.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/implicit-objects.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/implicit-objects.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/el/implicit-objects.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute/FooBean.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute/HelloWorldSimpleTag.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute/ShuffleSimpleTag.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute/TileSimpleTag.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute/jspattribute.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute/jspattribute.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute/jspattribute.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute/shuffle.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute/shuffle.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspattribute/shuffle.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspx /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspx/basic.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspx/basic.jspx /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspx/basic.jspx.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspx/svgexample.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspx/textRotate.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspx/textRotate.jpg /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspx/textRotate.jspx /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/jspx/textRotate.jspx.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/EchoAttributesTag.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/coda.jspf /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/coda.jspf.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/config.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/config.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/config.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/dynamicattrs.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/dynamicattrs.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/dynamicattrs.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/prelude.jspf /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/misc/prelude.jspf.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/BookBean.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/FindBookSimpleTag.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/Functions.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/HelloWorldSimpleTag.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/RepeatSimpleTag.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/book.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/book.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/book.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/hello.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/hello.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/hello.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/repeat.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/repeat.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/simpletag/repeat.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/displayProducts.tag.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/hello.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/hello.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/hello.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/helloWorld.tag.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/panel.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/panel.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/panel.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/panel.tag.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/products.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/products.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsp2/tagfiles/products.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsptoserv /usr/share/tomcat/tomcat-webapps/examples/jsp/jsptoserv/ServletToJsp.java.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsptoserv/hello.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsptoserv/hello.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsptoserv/jsptoservlet.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/jsptoserv/jsptoservlet.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/jsptoserv/jts.html /usr/share/tomcat/tomcat-webapps/examples/jsp/num /usr/share/tomcat/tomcat-webapps/examples/jsp/num/numguess.html /usr/share/tomcat/tomcat-webapps/examples/jsp/num/numguess.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/num/numguess.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/security /usr/share/tomcat/tomcat-webapps/examples/jsp/security/protected /usr/share/tomcat/tomcat-webapps/examples/jsp/security/protected/error.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/security/protected/error.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/security/protected/index.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/security/protected/index.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/security/protected/login.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/security/protected/login.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/sessions /usr/share/tomcat/tomcat-webapps/examples/jsp/sessions/DummyCart.html /usr/share/tomcat/tomcat-webapps/examples/jsp/sessions/carts.html /usr/share/tomcat/tomcat-webapps/examples/jsp/sessions/carts.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/sessions/carts.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/sessions/crt.html /usr/share/tomcat/tomcat-webapps/examples/jsp/simpletag /usr/share/tomcat/tomcat-webapps/examples/jsp/simpletag/foo.html /usr/share/tomcat/tomcat-webapps/examples/jsp/simpletag/foo.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/simpletag/foo.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/snp /usr/share/tomcat/tomcat-webapps/examples/jsp/snp/snoop.html /usr/share/tomcat/tomcat-webapps/examples/jsp/snp/snoop.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/snp/snoop.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/choose.html /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/choose.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/choose.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/foreach.html /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/foreach.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/foreach.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/howto.html /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/if.html /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/if.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/if.jsp.html /usr/share/tomcat/tomcat-webapps/examples/jsp/tagplugin/notes.html /usr/share/tomcat/tomcat-webapps/examples/jsp/xml /usr/share/tomcat/tomcat-webapps/examples/jsp/xml/xml.html /usr/share/tomcat/tomcat-webapps/examples/jsp/xml/xml.jsp /usr/share/tomcat/tomcat-webapps/examples/jsp/xml/xml.jsp.html /usr/share/tomcat/tomcat-webapps/examples/servlets /usr/share/tomcat/tomcat-webapps/examples/servlets/cookies.html /usr/share/tomcat/tomcat-webapps/examples/servlets/helloworld.html /usr/share/tomcat/tomcat-webapps/examples/servlets/images /usr/share/tomcat/tomcat-webapps/examples/servlets/images/code.gif /usr/share/tomcat/tomcat-webapps/examples/servlets/images/execute.gif /usr/share/tomcat/tomcat-webapps/examples/servlets/images/return.gif /usr/share/tomcat/tomcat-webapps/examples/servlets/index.html /usr/share/tomcat/tomcat-webapps/examples/servlets/nonblocking /usr/share/tomcat/tomcat-webapps/examples/servlets/nonblocking/bytecounter.html /usr/share/tomcat/tomcat-webapps/examples/servlets/reqheaders.html /usr/share/tomcat/tomcat-webapps/examples/servlets/reqinfo.html /usr/share/tomcat/tomcat-webapps/examples/servlets/reqparams.html /usr/share/tomcat/tomcat-webapps/examples/servlets/sessions.html /usr/share/tomcat/tomcat-webapps/examples/websocket /usr/share/tomcat/tomcat-webapps/examples/websocket/chat.xhtml /usr/share/tomcat/tomcat-webapps/examples/websocket/drawboard.xhtml /usr/share/tomcat/tomcat-webapps/examples/websocket/echo.xhtml /usr/share/tomcat/tomcat-webapps/examples/websocket/index.xhtml /usr/share/tomcat/tomcat-webapps/examples/websocket/snake.xhtml /usr/share/tomcat/tomcat-webapps/sample /usr/share/tomcat/tomcat-webapps/sample/META-INF /usr/share/tomcat/tomcat-webapps/sample/META-INF/MANIFEST.MF /usr/share/tomcat/tomcat-webapps/sample/WEB-INF /usr/share/tomcat/tomcat-webapps/sample/WEB-INF/classes /usr/share/tomcat/tomcat-webapps/sample/WEB-INF/classes/mypackage /usr/share/tomcat/tomcat-webapps/sample/WEB-INF/classes/mypackage/Hello.class /usr/share/tomcat/tomcat-webapps/sample/WEB-INF/web.xml /usr/share/tomcat/tomcat-webapps/sample/hello.jsp /usr/share/tomcat/tomcat-webapps/sample/images /usr/share/tomcat/tomcat-webapps/sample/images/tomcat.gif /usr/share/tomcat/tomcat-webapps/sample/index.html
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Jan 4 23:43:41 2025