                              Apache Tomcat 3.3.1
                              ===================
                                 Release Notes
                                 =============

$Id: RELEASE-NOTES-3.3.1.txt,v 1.49 2002/03/26 15:25:30 larryi Exp $


This document describes the changes that have been made since the
release of Tomcat 3.3 Final.

=========
Bug Fixes
=========

The release in which the fix appears is indicated in brackets.

Feature Additions:

Bug No.  Description

[b1]     Restored prefix attribute to InvokerInterceptor.  It was available in
         Tomcat 3.2.x.

[b1]     Added SingleThreadModel pooling to ServletHandler.  The default is to
         use pooling.

[b1]     Added optional checking (configured on SessionId module) to ensure
         that the SSL session IDs match for each request within a Tomcat
         session.  This check is disabled by default.

[b1]     Added org.apache.tomcat.util.net.URL class from Tomcat 4.0 so
         response.encodeURL() can work under SSL without JSSE.  This can occur
         if you have Apache forwarding SSL requests to a Tomcat that doesn't
         have JSSE installed.

[b1]     Fixed logic for response.encodeURL() so that it will work correctly 
         if the input URL includes an anchor tag.

[b1]     Improved the handling of invalid web.xml files.  Now you get the same
         error messages every time you parse the file.

[b1]     Moved the setting of the default "*.jsp" mapping so that it is now 
         possible to entirely disable support for jsp files.

[b1]     Fixed problem with jsp_precompile parameter to JSP files.

[b1]     Context properties and ContextManager properties can now be set with
         <Property ... /> elements, i.e: 
             <Property name="propname" value="thevalue" />
         For backwards compatibility, the ContextManager "lower-case-p"
         <property ... /> version supported by Tomcat 3.3. is still supported.

[b1]     Added variable substitution handling to ContextXmlReader, allowing
         variable substitution to be used in <Context ...></Context>
         declarations.

[b1]     Added support for PureTLS as an SSL option.  Also, any attribute
         used to create the socket factory, such as "rootfile" (or
         "keystoreType" for JSSE), is now settable on the Http10Connector
         element in server.xml.

[b1]     The configuration files generated by ApacheConfig, IISConfig and
         NSConfig were improved for the case when the forwardAll attribute
         is false. Primarily, a servlet mapping like "/foo/*" now generates
         a mod_jk mapping for "/foo" as well as "/foo/*" to better match
         the servlet spec.

[b1]     The default log handler was updated to specify autoFlush=true for
         the PrintWriter so the output doesn't just go to a buffer.  Since
         this logger is replaced a new logger set by the LogSetter module,
         its reduction in efficiency won't affect normal operation.

[b1]     ServerXmlReader now logs a warning if the modules.xml file isn't
         found.

[b1]     The internal test script, test-tomcat.xml, has been made more
         configurable and the Admin app internal test page, test.jsp, has
         been updated to make use of this.  With appropriate input settings,
         the tests can be run against Tomcat standalone, Apache, IIS, and
         Netscape (v4.1) without any failures.

[b1]     Japanese resource strings were added and StaticInterceptor and
         ErrorHandler modules were updated to take advantage of them.  In
         addition, useAcceptLanguage and useCharset attributes were added
         to the StaticInterceptor module to allow configuration of how
         the locale and character set encoding of the directory listings
         are derived.

[b1]     Added a socketCloseDelay attribute to Http10Interceptor.  The
         default is -1, which disables the delay.  If set > 0, a
         Thread.sleep(<delay>) is executed prior to reading and discarding
         unread input and closing the socket.  This is intended to
         help diagnose problems resulting from unread input that
         arrives during the closing of the socket.

[b1]     Make the App-classloader configurable to allow using the 1.1
         loader even when running under Java2.  This should allow for better
         jar reloading at the cost of not enforcing sealing etc.  

[b1]     The IISConf module was updated to support an isapiRedirector
         attribute which specifies the name of the redirector plugin DLL.
         It also now writes a "properties" file the can be used for
         configuration of the redirector instead of registry settings.

[b1]     The isapi_redirect.dll was enhanced to support a uri_select
         configuration setting that controls which form of URL is forwarded
         to Tomcat.  The normalized/decoded URL used by Tomcat 3.3 is
         still the default.  The original URL or re-encoded normalized/decoded
         URL may be forwarded instead.  This was done to provide better
         support for isapi_redirect.dll's use with web servers other than
         Tomcat 3.3, such as Tomcat 3.2.x.

[b1]     Added a useWebAppCL attribute to JspInterceptor.  When true,
         Java compilation using "sun.tools.javac.Main" will run in the
         web application's classloader.  When false (the default), Java
         compilation using "sun.tools.javac.Main" runs in the container
         classloader.  Using a value of true may help on certain HP-UX
         systems.  In all other cases, useWebAppCL should be false.
         Currently webWebAppCL="true" can not be used when running under a
         security manager, otherwise security exceptions will prevent
         JSPs from compiling.

[b1]     Added "reloadable" attribute to AutoWebApp module.  If true,
         reloading will be enabled in all added contexts.  If false, reloading
         will be disabled.  The default is true.

[b1]     Added "defaultRedirectStatus" attribute to ErrorHandler module. It
         may be set to "301" or "302".  The default is "301".  It determines
         the status code set by the "redirect" handler if a status code has
         not already been set.  This primarily affects the status code used
         when the StaticInterceptor module redirects a "directory" URL that
         doesn't end with a '/' and redirects to welcome files.

[b1]     Added shutdown support using Ajp13 and updated StopTomcat task
         to support automatic or explicit use of Ajp12 or Ajp13 protocol to
         shutdown Tomcat.  This includes use of an optional "secret" password
         with either protocol.

[rc1]    Added hostChar, hostDotChar, and pathSlashChar attributes to
         AutoWebApp module.  These make configurable the special characters
         used in the directory name to delimit a virtual host name and act
         as substitution characters.  Also, fixed behavior so that hostChar
         isn't included in the context path name.

[rc1]    Startup error output has been improved.  Messages will be shown if
         modules.xml or server.xml isn't present.  Also, the port number is
         now shown when JVM_Bind exceptions occur.

[F]      Ajp12Connector and Ajp13Connector now accepts ContextMananger
         properties called ajpid12 and ajpid13, respectively.  This property
         overrides the ajpidFile attribute of these modules, allowing the
         ajpid file to be specified via command line arguments.  For
         consistency, the same arguments are also accepted by the StopTomcat
         task to specify the file and protocol to use for shutdown.

[F]      The Ajp13Connector now accepts shutdownEnable in addition to
         shutDownEnable at attributes that control if shutdown is enabled
         via the Ajp13 protocol.  shutdownEnable was added since it uses
         a more intuitive uppercase/lowercase spelling.
         
[F]      The PasswordPrompter add-on was refactored to use introspection
         and accept customizable prompt specifications.  It can now set
         additional passwords, such as the keystore password added to
         Http10Connector and the "secret" for Ajp12Connector and
         Ajp13Connector modules.  It can set other types of attributes
         as well.

[F]      Refactored the PasswordPrompter add-on module to be configurable
         and to be able to perform prompting for context local modules.
         Added a "readme" file to document its use.

[F]      The facade classes in org.apache.tomcat.facade are now declared
         as public classes.  This allows their methods to be called
         using introspection from a web application.


Server:

Bug No.  Description

[b1]     Fixed problem with JSP page names that match a Windows DOS device
         name, such as aux.jsp.  Instead of potentially hanging the thread
         that services the request, these requests now return "404 Not Found".

[b1]     DecodeInterceptor was updated to not convert '+' to space in the
         path portion of the request URL.  RFC2396 allows '+' in the path
         of a URL.

[b1]     Modified IntrospectionUtils.getClassPath() to add "classes"
         directory to the list prior to jars.

[b1]     Fixed problem in AccessInterceptor where the beginning characters
         of the login or error page match the context path.  Tomcat could
         mistakenly think that the context path had been incorrectly included
         in the login or error page setting.  It can still make this mistake
         if the page is under a sub-directory with the same name as the
         context path.
         
[b1]     The missing jdbcRealm.getCredentialsSQLException property string was
         added.

[b1]     Fixed bug with useJspServlet option in JspInterceptor.  If set to true
         untrusted web applications couldn't run the JspServlet because
         jasper.jar and tools.jar weren't accessible.

[b1]     Fixed problem with jsp_precompile parameter to JSP files.

[b1]     Eliminated some hard coded '\n' line separators used by Jasper in the
         translated Java file.

[b1]     Fixed the position of the ;jsessionid when Tomcat generates a 401 
         response.  Now it is before the query string instead of after.

[b1]     Do not return a body with 304 responses (forbidden by HTTP/1.x and
         confusing to NS < 6.x).

[b1]     HttpServletRequestFacade now resets the reader when recycled.
         Previously, calling getReader() on a recycled facade on which
         getReader() was called, you would get the old reader rather than
         a new reader for the current request.

[F]      Fixed a bug in TrustedLoader with respect to reloading trusted
         modules when more than one is present.

[F]      Modified PoolTcpConnector checkSocketFactory() method to set the
         module's socketFactory when obtaining an SSL socket factory,
         instead of using a local variable.  This allows the PasswordPrompter
         add-on to set SSL socket attributes, such as the keystore and
         certificate passwords.

[F]      A couple of "off by 1" bugs were fixed in the CharChunk and
         ByteChunk utility classes.

1657     JSPs with tag names that contain '-' or '.' will now compile without
[b1]     an "Invalid expression" error

4382     tomcat.sh script no longer deletes the ajp12.id file which could
[b1]     cause a problem shutting down if Tomcat was accidentally started
         twice.

4418     Ported Tomcat 3.2.x fix for race condition in ServerSocketFactory.
[b1]

4436     Reduce log output from DecodeInterceptor if debug level is zero.  This
[b1]     avoids having a log entry for each request.

4564     Fix bug in Http10Interceptor where getRemoteAddr() returns 127.0.0.1
[b1]     instead of correct address.

4599     ThreadPool was updated to not reset the maxThreads, maxSpareThreads
[b1]     and minSpareThreads values in its start() method.

4923     Default permissions were added in PolicyInterceptor to allow direct
[b1]     read access to the webapp docBase and work directories.  This is
         in addition to the permissions allowing access to the contents of
         these directories.  These new permissions allows "exists()" to be
         executed on those directories without a security exception when
         running under a security manager.

4955     Fixed bug in the parsing of the query string to 
[b1]     RequestDispatcher.include/forward wasn't handling the case where only
         the parameter name was specified.

4948     Fix DependClassLoader to be a Java2 ClassLoader when running under
[b1]     a Java2 JVM.  

5005     If requested JSP file doesn't exist, avoid creating work directories
[b1]     and version file.

5191     Fix parsing of JSP comments with extra '-' characters.
[b1]

5497     Ignore the If-Modified-Since header when including a static page.
[b1]

5724     Supress the check for WEB-INF in the "Default Servlet" (aka 
[b1]     StaticInterceptor).  The check was redundant, and was causing
         Spec problems.

5983     Fix the flushing of unread POST data on the HTTP connector.  On the
[b1]     reported bug, it was mostly a nuisance.  In other cases (see 6143)
         it was causing major problems.  To avoid DOS attacks, the number
         of flush attempts is configurable, with a default of 20.

5994     Fix seconds calculation problem in DateTool
[b1]

6234     Recycle the Writer in the ResponseFacade if it is the error state when
[b1]     the facade is recycled.

6348     Fix problem with getNamedDispatcher() when used with a JSP mapped
[b1]     in the web.xml.

6515	 Block setting of Date-Headers from within an include.
[rc1]

6518     Fix an edge condition where in some cases a JSP file beginning with
[rc1]    a number wouldn't get mangled correctly.

6604     Fix a problem when using the AccessLog without a "Default Context" 
[rc1]    defined.  

6887	 Fix a problem locating an error-page when using virtual hosts.
[F]


Jasper:

Bug No.  Description

[F]      Fixed incorrect use of '\' in the servlet mappings written by JspC on
         Windows systems.


Configuration:

Bug No.  Description

[b1]     Updated JSSEImplemention to support a separate keystorePass
         attribute as the keystore password.  It will default to the keypass
         attribute if not set.

[F]      The conf/jk/wrapper.properties was improved.  The improvements
         include putting quotes around the java command portion of the
         wrapper.cmd_line property.  Also a wrapper.jvm.options property
         was added to simplify specification of JVM arguments.

[F]      PoolTcpConnector was modified to allow the PasswordPrompter add-on
         module to successfully set connection attributes for secure
         connections.

[F]      conf/jk/wrapper.properties was updated to work with a spaces in the
         JDK path and a wrapper.jvm.options property was added to make
	 it easier to add options.

[F]      conf/jk/uriworkermap.properties and conf/jk/obj.conf example files
         were updated to be more current.

4313     Bug in property substitution for server.xml and apps.xml files was
[b1]     fixed.

4826     Fixed AutoWebApp so the dir attribute can be an absolute path on
[b1]     Windows systems.

5365	 Fixed the JasperMangler to handle Java reserved words correctly.
[b1]

5390	 Fixed the behavior of LoadOnStartup servlets when the servlet is
[b1]	 actually a JSP page.

5958     ApacheConfig, IISConfig, and NSConfig were updated so mappings that
[b1]     end with "/*" will write a mapping with and without the ending "/*".

6004     Updated Http10Connector to accept any attribute.  The attributes
[b1]     without predefined setters will be included with the predefined
         ones that are made available when the secure socket factory is
         created.

6137     Fix the admin webapp to be more careful when using the remove-context
[b1]	 feature.  Also, the boxes were mis-labeled.

6341	 Fix the "guess home" logic so that it can work on Mac OS
[rc1]

6717	 Fix a problem where the Http10 Connector would fail to parse the 
[rc1]	 HTTP headers if the headers are extremely big.


Connectors:

Bug No.  Description

[b1]     A bug was fixed in isapi_redirect.dll where the query string would be
         lost if the URI was shortened during normalization of the URI.  The
         presence of escaped characters or character sequences such as "/../"
         would cause this to happen.

[b1]     A bug was fixed in isapi_redirect.dll where it would mistake an
         encoded '?' in the URI path as the query string delimitor.

5769     A -n option has been added to jk_nt_service.exe so that the service
[rc1]    display name can be different from the service name should it contain
         characters not valid for the service name.

6579	 Make certain that we don't dump more output than is available when 
[rc1]	 debugging Ajp13.


Documentation:

Bug No.  Description

[b1]     Tomcat-on-NetWare-HowTo.html updated to fix errors related to new
         functionality in Tomcat 3.3.

[b1]     tomcat-ug.html updated with additional classloader information and
         details on the variable substitution available in Context
         declarations.

[b1]     serverxml.html was updated to document features added to
         Ajp13Connector, AutoWebApp, ErrorHandler, Http10Connector, IISConfig,
         JspInteceptor, LoaderInterceptor11, SessionId, and StaticInterceptor.         
         A note was added to Ajp12Connector to document the requirement for
         maxThreads to be 2 or more if it is to be used to shutdown Tomcat.
         Section on variable substitution was updated.

[b1]     tomcat-iis-howto.html updated to make it clearer that the "Filter Dlls"
         key is used only on Win98.  It was also updated to document the use
         of a "properties" file instead of the registry and the new "uri_select"
         parameter.

[b1]     JDBCRealm-howto.html updated to name the correct class and its jar
         location for digested passwords.

[b1]     tomcat-ssl-howto.html was updated to document how to use PureTLS.

[b1]     The faq document was updated to indicate that segmentation faults
         while Tomcat is running is a JVM problem and not a Tomcat bug.

[rc1]    Updated server.xml to document features added to AutoWebApp.

[rc1]    Updated tomcat-ssl-howto.html to fix incorrect case for "clientauth"
         attribute.

[F]      serverxml.html and tomcat-ug.html were updated to document the
         new ajp12id and ajp13id startup and shutdown arguments.