mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-10-25 09:44:45 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			178 lines
		
	
	
	
		
			7 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
			
		
		
	
	
			178 lines
		
	
	
	
		
			7 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
| ================================================================================
 | |
|   Licensed to the Apache Software Foundation (ASF) under one or more
 | |
|   contributor license agreements.  See the NOTICE file distributed with
 | |
|   this work for additional information regarding copyright ownership.
 | |
|   The ASF licenses this file to You under the Apache License, Version 2.0
 | |
|   (the "License"); you may not use this file except in compliance with
 | |
|   the License.  You may obtain a copy of the License at
 | |
| 
 | |
|       http://www.apache.org/licenses/LICENSE-2.0
 | |
| 
 | |
|   Unless required by applicable law or agreed to in writing, software
 | |
|   distributed under the License is distributed on an "AS IS" BASIS,
 | |
|   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | |
|   See the License for the specific language governing permissions and
 | |
|   limitations under the License.
 | |
| ================================================================================
 | |
| 
 | |
| 
 | |
|                      Apache Tomcat Version 8.5.32
 | |
|                             Release Notes
 | |
| 
 | |
| 
 | |
| =========
 | |
| CONTENTS:
 | |
| =========
 | |
| 
 | |
| * Dependency Changes
 | |
| * API Stability
 | |
| * Bundled APIs
 | |
| * Web application reloading and static fields in shared libraries
 | |
| * Security manager URLs
 | |
| * Symlinking static resources
 | |
| * Viewing the Tomcat Change Log
 | |
| * Cryptographic software notice
 | |
| * When all else fails
 | |
| 
 | |
| 
 | |
| ===================
 | |
| Dependency Changes:
 | |
| ===================
 | |
| Tomcat 8.5 is designed to run on Java SE 7 and later.
 | |
| 
 | |
| 
 | |
| ==============
 | |
| API Stability:
 | |
| ==============
 | |
| 
 | |
| The public interfaces for the following classes are fixed and will not be
 | |
| changed at all during the remaining lifetime of the 8.x series:
 | |
| - All classes in the javax namespace
 | |
| 
 | |
| The public interfaces for the following classes may be added to in order to
 | |
| resolve bugs and/or add new features. No existing interface method will be
 | |
| removed or changed although it may be deprecated.
 | |
| - org.apache.catalina.* (excluding sub-packages)
 | |
| 
 | |
| Note: As Tomcat 8 matures, the above list will be added to. The list is not
 | |
|       considered complete at this time.
 | |
| 
 | |
| Note: A large number of deprecated methods, fields and configuration options
 | |
|       were removed in the transition from 8.0.x to 8.5.x. If any of those
 | |
|       removals triggers significant problems for the user community that the
 | |
|       deletion may be reverted in a later point release.
 | |
| 
 | |
| The remaining classes are considered part of the Tomcat internals and may change
 | |
| without notice between point releases.
 | |
| 
 | |
| 
 | |
| =============
 | |
| Bundled APIs:
 | |
| =============
 | |
| A standard installation of Tomcat 8.5 makes all of the following APIs available
 | |
| for use by web applications (by placing them in "lib"):
 | |
| * annotations-api.jar (Annotations package)
 | |
| * catalina.jar (Tomcat Catalina implementation)
 | |
| * catalina-ant.jar (Tomcat Catalina Ant tasks)
 | |
| * catalina-ha.jar (High availability package)
 | |
| * catalina-storeconfig.jar (Generation of XML configuration from current state)
 | |
| * catalina-tribes.jar (Group communication)
 | |
| * ecj-4.6.3.jar (Eclipse JDT Java compiler)
 | |
| * el-api.jar (EL 3.0 API)
 | |
| * jasper.jar (Jasper 2 Compiler and Runtime)
 | |
| * jasper-el.jar (Jasper 2 EL implementation)
 | |
| * jsp-api.jar (JSP 2.3 API)
 | |
| * servlet-api.jar (Servlet 3.1 API)
 | |
| * tomcat-api.jar (Interfaces shared by Catalina and Jasper)
 | |
| * tomcat-coyote.jar (Tomcat connectors and utility classes)
 | |
| * tomcat-dbcp.jar (package renamed database connection pool based on Commons DBCP)
 | |
| * tomcat-jdbc.jar (Tomcat's database connection pooling solution)
 | |
| * tomcat-jni.jar (Interface to the native component of the APR/native connector)
 | |
| * tomcat-util.jar (Various utilities)
 | |
| * tomcat-websocket.jar (WebSocket 1.1 implementation)
 | |
| * websocket-api.jar (WebSocket 1.1 API)
 | |
| 
 | |
| You can make additional APIs available to all of your web applications by
 | |
| putting unpacked classes into a "classes" directory (not created by default),
 | |
| or by placing them in JAR files in the "lib" directory.
 | |
| 
 | |
| To override the XML parser implementation or interfaces, use the appropriate
 | |
| feature for your JVM. For Java <= 8 use the endorsed standards override
 | |
| feature. The default configuration defines JARs located in "endorsed" as endorsed.
 | |
| For Java 9+ use the upgradeable modules feature.
 | |
| 
 | |
| 
 | |
| ================================================================
 | |
| Web application reloading and static fields in shared libraries:
 | |
| ================================================================
 | |
| Some shared libraries (many are part of the JDK) keep references to objects
 | |
| instantiated by the web application. To avoid class loading related problems
 | |
| (ClassCastExceptions, messages indicating that the classloader
 | |
| is stopped, etc.), the shared libraries state should be reinitialized.
 | |
| 
 | |
| Something which might help is to avoid putting classes which would be
 | |
| referenced by a shared static field in the web application classloader,
 | |
| and putting them in the shared classloader instead (JARs should be put in the
 | |
| "lib" folder, and classes should be put in the "classes" folder).
 | |
| 
 | |
| 
 | |
| ======================
 | |
| Security manager URLs:
 | |
| ======================
 | |
| In order to grant security permissions to JARs located inside the
 | |
| web application repository, use URLs of of the following format
 | |
| in your policy file:
 | |
| 
 | |
| file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar
 | |
| 
 | |
| 
 | |
| ============================
 | |
| Symlinking static resources:
 | |
| ============================
 | |
| By default, Unix symlinks will not work when used in a web application to link
 | |
| resources located outside the web application root directory.
 | |
| 
 | |
| This behavior is optional, and the "allowLinking" flag may be used to disable
 | |
| the check.
 | |
| 
 | |
| 
 | |
| ==============================
 | |
| Viewing the Tomcat Change Log:
 | |
| ==============================
 | |
| The full change log is available from http://tomcat.apache.org and is also
 | |
| included in the documentation web application.
 | |
| 
 | |
| 
 | |
| =============================
 | |
| Cryptographic software notice
 | |
| =============================
 | |
| This distribution includes cryptographic software.  The country in
 | |
| which you currently reside may have restrictions on the import,
 | |
| possession, use, and/or re-export to another country, of
 | |
| encryption software.  BEFORE using any encryption software, please
 | |
| check your country's laws, regulations and policies concerning the
 | |
| import, possession, or use, and re-export of encryption software, to
 | |
| see if this is permitted.  See <http://www.wassenaar.org/> for more
 | |
| information.
 | |
| 
 | |
| The U.S. Government Department of Commerce, Bureau of Industry and
 | |
| Security (BIS), has classified this software as Export Commodity
 | |
| Control Number (ECCN) 5D002.C.1, which includes information security
 | |
| software using or performing cryptographic functions with asymmetric
 | |
| algorithms.  The form and manner of this Apache Software Foundation
 | |
| distribution makes it eligible for export under the License Exception
 | |
| ENC Technology Software Unrestricted (TSU) exception (see the BIS
 | |
| Export Administration Regulations, Section 740.13) for both object
 | |
| code and source code.
 | |
| 
 | |
| The following provides more details on the included cryptographic
 | |
| software:
 | |
|   - Tomcat includes code designed to work with JSSE
 | |
|   - Tomcat includes code designed to work with OpenSSL
 | |
| 
 | |
| 
 | |
| ====================
 | |
| When all else fails:
 | |
| ====================
 | |
| See the FAQ
 | |
| http://tomcat.apache.org/faq/
 | 
