|
| 1 | +================================================================================ |
| 2 | + Licensed to the Apache Software Foundation (ASF) under one or more |
| 3 | + contributor license agreements. See the NOTICE file distributed with |
| 4 | + this work for additional information regarding copyright ownership. |
| 5 | + The ASF licenses this file to You under the Apache License, Version 2.0 |
| 6 | + (the "License"); you may not use this file except in compliance with |
| 7 | + the License. You may obtain a copy of the License at |
| 8 | + |
| 9 | + http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | + |
| 11 | + Unless required by applicable law or agreed to in writing, software |
| 12 | + distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | + See the License for the specific language governing permissions and |
| 15 | + limitations under the License. |
| 16 | +================================================================================ |
| 17 | + |
| 18 | + |
| 19 | + Apache Tomcat Version 7.0.92 |
| 20 | + Release Notes |
| 21 | + |
| 22 | + |
| 23 | +========= |
| 24 | +CONTENTS: |
| 25 | +========= |
| 26 | + |
| 27 | +* Dependency Changes |
| 28 | +* API Stability |
| 29 | +* JNI Based Applications |
| 30 | +* Bundled APIs |
| 31 | +* Web application reloading and static fields in shared libraries |
| 32 | +* Tomcat on Linux |
| 33 | +* Enabling SSI and CGI Support |
| 34 | +* Security manager URLs |
| 35 | +* Symlinking static resources |
| 36 | +* Viewing the Tomcat Change Log |
| 37 | +* Cryptographic software notice |
| 38 | +* When all else fails |
| 39 | + |
| 40 | + |
| 41 | +=================== |
| 42 | +Dependency Changes: |
| 43 | +=================== |
| 44 | +Tomcat 7.0 is designed to run on Java SE 6 and later. |
| 45 | + |
| 46 | +In addition, Tomcat 7.0 uses the Eclipse JDT Java compiler for |
| 47 | +compiling JSP pages. This means you no longer need to have the complete |
| 48 | +Java Development Kit (JDK) to run Tomcat, but a Java Runtime Environment |
| 49 | +(JRE) is sufficient. The Eclipse JDT Java compiler is bundled with the |
| 50 | +binary Tomcat distributions. Tomcat can also be configured to use the |
| 51 | +compiler from the JDK to compile JSPs, or any other Java compiler supported |
| 52 | +by Apache Ant. |
| 53 | + |
| 54 | + |
| 55 | +============== |
| 56 | +API Stability: |
| 57 | +============== |
| 58 | +The public interfaces for the following classes are fixed and will not be |
| 59 | +changed at all during the remaining lifetime of the 7.x series: |
| 60 | +- javax/**/* |
| 61 | + |
| 62 | +The public interfaces for the following classes may be added to in order to |
| 63 | +resolve bugs and/or add new features. No existing interface will be removed or |
| 64 | +changed although it may be deprecated. |
| 65 | +- org/apache/catalina/* |
| 66 | +- org/apache/catalina/comet/* |
| 67 | + |
| 68 | +Note: As Tomcat 7 matures, the above list will be added to. The list is not |
| 69 | + considered complete at this time. |
| 70 | + |
| 71 | +The remaining classes are considered part of the Tomcat internals and may change |
| 72 | +without notice between point releases. |
| 73 | + |
| 74 | + |
| 75 | +======================= |
| 76 | +JNI Based Applications: |
| 77 | +======================= |
| 78 | +Applications that require native libraries must ensure that the libraries have |
| 79 | +been loaded prior to use. Typically, this is done with a call like: |
| 80 | + |
| 81 | + static { |
| 82 | + System.loadLibrary("path-to-library-file"); |
| 83 | + } |
| 84 | + |
| 85 | +in some class. However, the application must also ensure that the library is |
| 86 | +not loaded more than once. If the above code were placed in a class inside |
| 87 | +the web application (i.e. under /WEB-INF/classes or /WEB-INF/lib), and the |
| 88 | +application were reloaded, the loadLibrary() call would be attempted a second |
| 89 | +time. |
| 90 | + |
| 91 | +To avoid this problem, place classes that load native libraries outside of the |
| 92 | +web application, and ensure that the loadLibrary() call is executed only once |
| 93 | +during the lifetime of a particular JVM. |
| 94 | + |
| 95 | + |
| 96 | +============= |
| 97 | +Bundled APIs: |
| 98 | +============= |
| 99 | +A standard installation of Tomcat 7.0 makes all of the following APIs available |
| 100 | +for use by web applications (by placing them in "lib"): |
| 101 | +* annotations-api.jar (Common Annotations 1.1 package) |
| 102 | +* catalina.jar (Tomcat Catalina implementation) |
| 103 | +* catalina-ant.jar (Tomcat Catalina Ant tasks) |
| 104 | +* catalina-ha.jar (High availability package) |
| 105 | +* catalina-tribes.jar (Group communication) |
| 106 | +* ecj-4.4.2.jar (Eclipse JDT Java compiler) |
| 107 | +* el-api.jar (EL 2.2 API) |
| 108 | +* jasper.jar (Jasper 2 Compiler and Runtime) |
| 109 | +* jasper-el.jar (Jasper 2 EL implementation) |
| 110 | +* jsp-api.jar (JSP 2.2 API) |
| 111 | +* servlet-api.jar (Servlet 3.0 API) |
| 112 | +* tomcat7-websocket.jar (WebSocket 1.1 implementation) |
| 113 | +* tomcat-api.jar (Interfaces shared by Catalina and Jasper) |
| 114 | +* tomcat-coyote.jar (Tomcat connectors and utility classes) |
| 115 | +* tomcat-dbcp.jar (package renamed database connection pool based on Commons DBCP 1.x) |
| 116 | +* tomcat-jdbc.jar (Tomcat's database connection pooling solution) |
| 117 | +* tomcat-util.jar (Various utilities) |
| 118 | +* websocket-api.jar (WebSocket 1.1 API) |
| 119 | + |
| 120 | +You can make additional APIs available to all of your web applications by |
| 121 | +putting unpacked classes into a "classes" directory (not created by default), |
| 122 | +or by placing them in JAR files in the "lib" directory. |
| 123 | + |
| 124 | +To override the XML parser implementation or interfaces, use the Endorsed |
| 125 | +Standards Override mechanism of the JVM. The default configuration defines |
| 126 | +JARs located in "$CATALINA_HOME/endorsed" as endorsed. This mechanism is |
| 127 | +no longer supported with Java 9. |
| 128 | + |
| 129 | +When running on Java 6, the Common Annotations 1.0 implementation provided |
| 130 | +by the JRE will be used. To use the Common Annotations 1.1 provided by |
| 131 | +Tomcat, use the Endorsed Standards Override mechanism of the JVM. The |
| 132 | +default configuration defines JARs located in "$CATALINA_HOME/endorsed" as |
| 133 | +endorsed. |
| 134 | + |
| 135 | + |
| 136 | +================================================================ |
| 137 | +Web application reloading and static fields in shared libraries: |
| 138 | +================================================================ |
| 139 | +Some shared libraries (many are part of the JDK) keep references to objects |
| 140 | +instantiated by the web application. To avoid class loading related problems |
| 141 | +(ClassCastExceptions, messages indicating that the classloader |
| 142 | +is stopped, etc.), the shared libraries state should be reinitialized. |
| 143 | + |
| 144 | +Something which might help is to avoid putting classes which would be |
| 145 | +referenced by a shared static field in the web application classloader, |
| 146 | +and putting them in the shared classloader instead (JARs should be put in the |
| 147 | +"lib" folder, and classes should be put in the "classes" folder). |
| 148 | + |
| 149 | + |
| 150 | +================ |
| 151 | +Tomcat on Linux: |
| 152 | +================ |
| 153 | +GLIBC 2.2 / Linux 2.4 users should define an environment variable: |
| 154 | +export LD_ASSUME_KERNEL=2.2.5 |
| 155 | + |
| 156 | +Redhat Linux 9.0 users should use the following setting to avoid |
| 157 | +stability problems: |
| 158 | +export LD_ASSUME_KERNEL=2.4.1 |
| 159 | + |
| 160 | +There are some Linux bugs reported against the NIO sendfile behavior, make sure you |
| 161 | +have a JDK that is up to date, or disable sendfile behavior in the Connector.<br/> |
| 162 | +6427312: (fc) FileChannel.transferTo() throws IOException "system call interrupted"<br/> |
| 163 | +5103988: (fc) FileChannel.transferTo should return -1 for EAGAIN instead throws IOException<br/> |
| 164 | +6253145: (fc) FileChannel.transferTo on Linux fails when going beyond 2GB boundary<br/> |
| 165 | +6470086: (fc) FileChannel.transferTo(2147483647, 1, channel) cause "Value too large" exception<br/> |
| 166 | + |
| 167 | + |
| 168 | +============================= |
| 169 | +Enabling SSI and CGI Support: |
| 170 | +============================= |
| 171 | +Because of the security risks associated with CGI and SSI available |
| 172 | +to web applications, these features are disabled by default. |
| 173 | + |
| 174 | +To enable and configure CGI support, please see the cgi-howto.html page. |
| 175 | + |
| 176 | +To enable and configue SSI support, please see the ssi-howto.html page. |
| 177 | + |
| 178 | + |
| 179 | +====================== |
| 180 | +Security manager URLs: |
| 181 | +====================== |
| 182 | +In order to grant security permissions to JARs located inside the |
| 183 | +web application repository, use URLs of of the following format |
| 184 | +in your policy file: |
| 185 | + |
| 186 | +file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar |
| 187 | + |
| 188 | + |
| 189 | +============================ |
| 190 | +Symlinking static resources: |
| 191 | +============================ |
| 192 | +By default, Unix symlinks will not work when used in a web application to link |
| 193 | +resources located outside the web application root directory. |
| 194 | + |
| 195 | +This behavior is optional, and the "allowLinking" flag may be used to disable |
| 196 | +the check. |
| 197 | + |
| 198 | + |
| 199 | +============================== |
| 200 | +Viewing the Tomcat Change Log: |
| 201 | +============================== |
| 202 | +See changelog.html in this directory. |
| 203 | + |
| 204 | + |
| 205 | +============================= |
| 206 | +Cryptographic software notice |
| 207 | +============================= |
| 208 | +This distribution includes cryptographic software. The country in |
| 209 | +which you currently reside may have restrictions on the import, |
| 210 | +possession, use, and/or re-export to another country, of |
| 211 | +encryption software. BEFORE using any encryption software, please |
| 212 | +check your country's laws, regulations and policies concerning the |
| 213 | +import, possession, or use, and re-export of encryption software, to |
| 214 | +see if this is permitted. See <http://www.wassenaar.org/> for more |
| 215 | +information. |
| 216 | + |
| 217 | +The U.S. Government Department of Commerce, Bureau of Industry and |
| 218 | +Security (BIS), has classified this software as Export Commodity |
| 219 | +Control Number (ECCN) 5D002.C.1, which includes information security |
| 220 | +software using or performing cryptographic functions with asymmetric |
| 221 | +algorithms. The form and manner of this Apache Software Foundation |
| 222 | +distribution makes it eligible for export under the License Exception |
| 223 | +ENC Technology Software Unrestricted (TSU) exception (see the BIS |
| 224 | +Export Administration Regulations, Section 740.13) for both object |
| 225 | +code and source code. |
| 226 | + |
| 227 | +The following provides more details on the included cryptographic |
| 228 | +software: |
| 229 | + - Tomcat includes code designed to work with JSSE |
| 230 | + - Tomcat includes code designed to work with OpenSSL |
| 231 | + |
| 232 | + |
| 233 | +==================== |
| 234 | +When all else fails: |
| 235 | +==================== |
| 236 | +See the FAQ |
| 237 | +https://tomcat.apache.org/faq/ |
0 commit comments