Apache Tomcat 8.5.4 发布了,本次发布增强了HTTP/2连接,Tomcat Native更新到1.2.8。主要改进如下:
57705: Add debug logging for requests denied by the remote host and remote address valves and filters. Based on a patch by Graham Leggett. (markt)
Correct a regression in the fix for 58588 that removed the entire
org.apache.juli
package from the embedded JARs rendering them unusable. (markt)59399: Add a new option to the Realm implementations that ship with Tomcat that allows the HTTP status code used for HTTP -> HTTPS redirects to be controlled per Realm. (markt)
Change the default of the
sessionCookiePathUsesTrailingSlash
attribute of theContext
element tofalse
since the problems caused when a Servlet is mapped to/*
are more significant than the security risk of not enabling this option by default. (markt)Follow-up to 59655. Improve the documentation for configuring permitted cookie names. Patch provided by Kyohei Nakamura. (markt)
Do not attempt to start web resources during a web application's initialisation phase since the web application is not fully configured at that point and the web resources may not be correctly configured. (markt)
59708: Modify the LockOutRealm logic. Valid authentication attempts during the lock out period will no longer reset the lock out timer to zero. (markt)
Improve error handling around user code prior to calling
InstanceManager.destroy()
to ensure that the method is executed. (markt)
了解更多改进信息,可查看完整改进记录。
引用来自“鸣泽晨”的评论
刚试过,在eclipse 4.4.2上用不了引用来自“cherrypp”的评论
是不是某些jar 包需要升级下?引用来自“鸣泽晨”的评论
不清楚,没时间检查,换8.0.36版本了。我是搞完这些才看到这篇文章的引用来自“Tuesday”的评论
版本号好乱, 8.0.36, 9.0.0