DiskDigger 歷史舊版本 Page6

更新時間：2023-05-27
更新細節：

更新時間：2023-05-20
更新細節：

What's new in this version:

- Many improvements to the JSON access log valve
- Deprecate support for the HTTP Connector settings rejectIllegalHeader and allowHostHeaderMismatch and reject HTTP headers without names
- Add a RateLimitFilter which can be used to mitigate DoS and Brute Force attacks

更新時間：2023-05-10
更新細節：

What's new in this version:

- Many improvements to the json access log valve
- Deprecate support for the HTTP Connector settings rejectIllegalHeader and allowHostHeaderMismatch

更新時間：2023-05-03
更新細節：

What's new in this version:

- Undo & Redo changes in the Edit Timeline view

更新時間：2023-04-26
更新細節：

What's new in this version:

- Reduce the default value of maxParameterCount from 10,000 to 1,000.
- Correct a regression in the fix for bug 66442 that meant that streams without a response body did not decrement the active stream count when completing leading to ERR_HTTP2_SERVER_REFUSED_STREAM for some connections.
- Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used.
- Implement RFC 9239; note the MIME types for Javascript has changed to text/javascript

更新時間：2023-04-26
更新細節：

What's new in this version:

Catalina:
- Fix: 65995: Implement RFC 9239 and use text/javascript as the media type for JavaScript rather than application/javascript
- Add: Add an access log valve that uses a json format. Based on pull request #539 provided by Thomas Meyer
- Add: Harden the FORM authentication process against DoS attacks by using a reduced session timeout if the FORM authentication process creates a session. The duration of this timeout is configured by the authenticationSessionTimeout attribute of the FORM authenticator
- Fix: 66527: Correct the Javadoc for the Tomcat.addWebapp() methods that incorrectly stated that the docBase parameter could be a relative path
- Fix: 66524 Correct eviction ordering in WebResource cache to by LRU as intended
- Update: Use server.xml to reduce the default value of maxParameterCount from 10,000 to 1,000. If not configured in server.xml, the default remains 10,000
- Add: Update Digest authentication support to align with RFC 7616. This adds a new configuration attribute, algorithms, to the DigestAuthenticator with a default of SHA-256,MD5
- Update: Add support code for custom user attributes in RealmBase. Based on code from #473 by Carsten Klein
- Fix: Expand the set of HTTP request headers considered sensitive that should be skipped when generating a response to a TRACE request. This aligns with 11.0.x
- Fix: 66541: Improve handling for cached resources for resources that use custom URL schemes. The scheme specific equals() and hashcode() algorithms, if present, will now be used for URLs for these resources. This addresses a potential performance issue with some OSGi custom URL schemes that can trigger potentially slow DNS lookups in some configurations. Based on a patch provided by Tom Whitmore
- Fix: When using a custom session manager deployed as part of the web application, avoid ClassNotFoundExceptions when validating session IDs extracted from requests
- Fix: 66543: Give StandardContext#fireRequestDestroyEvent its own log message
- Fix: 66554: Initialize Random during server initialization to avoid possible JVM thread creation in the webapp context on some platforms
- Update: Make the server utility executor available to webapps using a Servlet context attribute named org.apache.tomcat.util.threads.ScheduledThreadPoolExecutor

Coyote:
- Fix: JSON filter should support specific escaping for common special characters as defined in RFC 8259. Based on code submitted by Thomas Meyer
- Fix: 66511: Fix GzipOutputFilter (used for compressed HTTP responses) when used with direct buffers. Patch suggested by Arjen Poutsma
- Fix: 66512: Align AJP handling of invalid HTTP response headers (they are now removed from the response) with HTTP
- Fix: 66530: Correct a regression in the fix for bug 66442 that meant that streams without a response body did not decrement the active stream count when completing leading to ERR_HTTP2_SERVER_REFUSED_STREAM for some connections
- Code: Refactor synchronization blocks locking on SocketWrapper to use ReentrantLock to support users wishing to experiment with project Loom

Jasper:
- Fix: 66536: Fix parsing of tag files that meant that tag directives could be ignored for some tag files

Cluster:
- Fix: 66535: Redefine the maxValidTime attribute of FarmWarDeployer to be the maximum time allowed between receiving parts of a transferred file before the transfer is cancelled and the associated resources cleaned-up. A new warning message will be logged if the file transfer is cancelled

WebSocket:
- Fix: 66508: When using WebSocket with NIO2, avoid waiting for a timeout before sending the close frame if an I/O error occurs during a write

Other:
- Add: Improvements to French translations
- Add: Improvements to Japanese translations. Contributed by Shirayuking and tak7iji
- Add: Improvements to Chinese translations. Contributed by totoo
- Code: Refactor code using MD5Encoder to use HexUtils.toHexString()
- Fix: 66507: Fix a bug that $JAVA_OPTS is not passed to the jvm in catalina.sh when calling version. Patch suggested by Eric Hamilton
- Update: Update the internal fork of Commons DBCP to f131286 (2023-03-08, 2.10.0-SNAPSHOT). This corrects a regression introduced in 9.0.71
- Fix: Improve the error messages if JRE_HOME or JAVA_HOME are not set correctly. On windows, align the handling of JRE_HOME and JAVA_HOME for the start-up scripts and the service install script
- Update: Update UnboundID to 6.0.8
- Update: Update Checkstyle to 10.9.3
- Update: Update Jacoco to 0.8.9

更新時間：2023-04-25
更新細節：

What's new in this version:

- Show rounded corners on your dependency links
- Multiple bug fixes and improvements

更新時間：2023-04-07
更新細節：

What's new in this version:

- Show rounded corners on your dependency links
- Multiple bug fixes and improvements

更新時間：2023-03-27
更新細節：

What's new in this version:

- Show rounded corners on your dependency links
- Multiple bug fixes and improvements

更新時間：2023-03-16
更新細節：

What's new in this version:

- Show rounded corners on your dependency links
- Multiple bug fixes and improvements