================================================================================ Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ================================================================================ $Id$ ================================= Apache Tomcat 6.0 Patch Proposals ================================= RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT: [ start all new proposals below, under PATCHES PROPOSED. ] PATCHES PROPOSED TO BACKPORT: [ New proposals should be added at the end of the list ] * Backport cleanup of semantics of thisAccessedTime and lastAccessedTime for sessions: - preparational whitespace changes http://svn.apache.org/viewvc?rev=711695&view=rev - Give thisAccessedTime and lastAccessedTime for sessions a clear semantics: http://svn.apache.org/viewvc?rev=711711&view=rev - thisAccessedTime will be updated at the beginning and at the end of session use - lastAccessedTime will only be updated at the end of session use This means: - lastAccessedTime is the last access time of a session disregarding any request still being processed on. So this is good to use even from within a request to detect when its own session has been used last before. - thisAccessedTime already gets updated when a new request disregarding any request still being processed on. So this is better for any idleness check or information. - thisAccessedTime >= lastAccessedTime always - Port from StandardSession to DeltaSession http://svn.apache.org/viewvc?rev=711714&view=rev - Expose thisAccessedTime via the session interface and ManagerBase, so we can use it from outside the session. http://svn.apache.org/viewvc?rev=711716&view=rev - Make the classes checking session idleness use thisAccessedTime. http://svn.apache.org/viewvc?rev=711720&view=rev This is not for invalidation, only for displaying idle times and making persistance decisions. +1: rjung 0: billbarker: generally agree with remm that this is too big of a change for the stable branch but could agree to some of it if it was split into parts 0: markt: Agree with Bill - smaller parts would be better -1: remm: no for TC 6.0 -1: funkman : api change in Session.java for .x.x release * Fix the maven stuff for the maven repo. Before it does't find tomcat-juli.jar and the remoteRepository seems broken . http://people.apache.org/~jfclere/patches/maven.patch +1: jfclere -1: fhanik - easier to pass in the root path (lib/bin) to the macro instead of hacking around it if we remove the SCP auto feature, then there should be something to replace it with (http://ant.apache.org/manual/OptionalTasks/scp.html) * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48050 NamingContext.createSubcontext method returns Context with wrong name Based on a suggestion by gingyang.xu http://svn.apache.org/viewvc?rev=905722&view=rev +1: markt, fhanik -1: kkolinko: The name should be the full name, not just the last component of it. NamingContext.isWritable() will be broken otherwise. * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48660 Vary should add to Vary header rather than over-write it http://svn.apache.org/viewvc?rev=907544&view=rev +1: markt, jfclere, fhanik -1: kkolinko: Note, that having multiple Vary headers is not compliant with RFC 2616 4.2 Message Headers says: > Multiple message-header fields with the same field-name MAY be present > in a message if and only if the entire field-value for that header > field is defined as a comma-separated list [i.e., #(values)]. 14.44 Vary says: > Vary = "Vary" ":" ( "*" | 1#field-name ) thus the condition described in 4.2 is not met. Also if we are going to concatenate values here, "*" value will require special processing. http://tools.ietf.org/html/rfc2616 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48371 Take account of comments when working out where to insert generated web.xml http://people.apache.org/~markt/patches/2010-02-13-bug48371.patch +1: markt, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48545 Truststores don't have to have passwords Based on a patch by 'smmwpf54' http://svn.apache.org/viewvc?view=revision&revision=910266 +1: markt -1: jfclere: Doc says it should use keystorePass (http://tomcat.apache.org/tomcat-6.0-doc/config/http.html). so that would break existing configurations. * Workaround https://issues.apache.org/bugzilla/show_bug.cgi?id=48498 Avoid ArrayIndexOutOfBoundsException triggered by Java 6/7 XML parser bug http://svn.apache.org/viewvc?rev=910370&view=rev +1: markt, rjung -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48589 Make JNDIRealm easier to extend Based on a patch by Candid Dauth http://svn.apache.org/viewvc?rev=910485&view=rev +1: markt -1: kkolinko: mark User constructor as protected, replace ArrayList argument with a List, and maybe address sebb's comments to r910485 on dev@