================================================================================
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
================================================================================

$Id$

                         =================================
                         Apache Tomcat 6.0 Patch Proposals
                         =================================


RELEASE SHOWSTOPPERS:


PATCHES ACCEPTED TO BACKPORT:
  [ start all new proposals below, under PATCHES PROPOSED. ]

PATCHES PROPOSED TO BACKPORT:
  [ New proposals should be added at the end of the list ]

* Backport cleanup of semantics of thisAccessedTime and
  lastAccessedTime for sessions:
  - preparational whitespace changes
    http://svn.apache.org/viewvc?rev=711695&view=rev
  - Give thisAccessedTime and lastAccessedTime for sessions
    a clear semantics:
    http://svn.apache.org/viewvc?rev=711711&view=rev
    - thisAccessedTime will be updated at the beginning and
      at the end of session use
    - lastAccessedTime will only be updated at the end of
      session use
    This means:
    - lastAccessedTime is the last access time of a session
      disregarding any request still being processed on.
      So this is good to use even from within a request
      to detect when its own session has been used last before.
    - thisAccessedTime already gets updated when a new request
      disregarding any request still being processed on.
      So this is better for any idleness check or information.
    - thisAccessedTime >= lastAccessedTime always
  - Port from StandardSession to DeltaSession
    http://svn.apache.org/viewvc?rev=711714&view=rev
  - Expose thisAccessedTime via the session interface
    and ManagerBase, so we can use it from outside the session.
    http://svn.apache.org/viewvc?rev=711716&view=rev
  - Make the classes checking session idleness use thisAccessedTime.
    http://svn.apache.org/viewvc?rev=711720&view=rev
    This is not for invalidation, only for displaying
    idle times and making persistance decisions.
  +1: rjung
   0: billbarker: generally agree with remm that this is too big of a change for the stable branch
                 but could agree to some of it if it was split into parts
   0: markt: Agree with Bill - smaller parts would be better
  -1: remm: no for TC 6.0
  -1: funkman : api change in Session.java for .x.x release


* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47893
  Use StringBuilder instead of StringBuffer
  -0: markt for all SBuilder->SBuffer patches. Code cleanup is fine in trunk but
            no need to backport it
  -0: funkman
  -1: fhanik Is there a real benefit, other than clouding the revision history? ;)
      I'd consider 6.0.x to be in maintenance mode not clean up/refactor mode.

  The patches, as well as patches for individual files inside them, are
  independent of each other. Vote for as many as you want.
  There are 51 of them.
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_ant.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_authenticator.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_connector.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_core.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_deploy.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_ha.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_loader.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_manager.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_manager_host.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_mbeans.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_realm.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_servlets.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_session.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_ssi.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_startup.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_tribes.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_tribes_group.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_tribes_group_int.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_tribes_io.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_tribes_membership.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_tribes_tipis.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_tribes_transport.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_tribes_util.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_users.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_util.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_c_valves.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_coyote.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_el_parser.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_el_util.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_jasper.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_jasper_compiler.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_jasper_compiler_JspUtil.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_jasper_runtime.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_jasper_security.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_jasper_tagplugins.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_jasper_tagplugins_Import.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_jk.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_juli.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_naming.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_t_buildutil.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_t_util.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_t_util_buf.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_t_util_digester.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_t_util_fileupload.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_t_util_http.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_t_util_mapper.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_t_util_modeler.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_t_util_net.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-02_StringBuilder_o_a_t_util_threads.patch
  +1: kkolinko
  -1:
  http://people.apache.org/~kkolinko/patches/2009-11-03_StringBuilder_o_a_c_valves_AccessLogValve.patch
  +1: kkolinko
  -1:

* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47609
  Implement fail-safe EOL conversion for source distributions
  Based on a patch provided by sebb
  http://svn.apache.org/viewvc?rev=883125&view=rev
  +1: markt, jim
  -1: 
  -0: kkolinko:
    1) The following additional patches are needed, because the list did not
    include the files without extension
       http://svn.apache.org/viewvc?rev=891529&view=rev
       http://svn.apache.org/viewvc?rev=891533&view=rev

    I see that sebb's attachment in Comment 1 of the issue mentions
    a lot more of extensionless files in TC 5.5. Need to check that.

    2) I do not like such patterns as *.amd64, *.ia64. There is no
    guarantee that those are not binary, as those extensions do not
    specify file types. We would better use full names
    of those files, e.g. **/Makefile.amd64.  Actually those *.amd64
    files are in connectors/jk/native of TC 5.5.28. Do we still ship
    them after repository reorganization?  Also, native sources included
    in TC 6.0.20 release to not have any *.amd64 files.

* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47774
  Ensure web application class loader is used when calling session listeners
  http://svn.apache.org/viewvc?rev=890530&view=rev
  http://svn.apache.org/viewvc?rev=892193&view=rev
  +1: markt
  -1: 
   0: kkolinko:
       Re approach:
         Request.isRequestedSessionIdValid() serves as implementation for
         HttpServletRequest.isRequestedSessionIdValid().
         I think that ClassLoader should already be set when calling this
         method.

         I mean, the problem is elsewhere. Supposedly in CoyoteAdapter.
         parseSessionCookiesId(), but may be earlier in the call chain.

         I won't oppose the patch. I have to think a bit more about it.

* Remove unneeded line from the method that normalizes decodedURI.
  http://svn.apache.org/viewvc?rev=892812&view=rev
  +1: kkolinko, markt, rjung, jim
  -1:

* Log threads that are started but not stopped by web applications
  http://svn.apache.org/viewvc?view=revision&revision=885241
  http://svn.apache.org/viewvc?view=revision&revision=885260
  +1: markt, jim
  -1: 

* More memory leak protection: ThreadLocals, RMI references, optionally stopping
  threads.
  http://svn.apache.org/viewvc?view=revision&revision=885901
  http://svn.apache.org/viewvc?view=revision&revision=892843
  +1: markt, jim
  -1: 
  rjung: I added the second commit after Mark proposed and votes. It is
         a comment typo change only. Will need more time to vote on
         the whole proposal though.