Changelog

JBoss Web 3.0.0.CR1 (remm)

General

	Servlet 3.0 API. (remm)
	Fix CVE-2009-3555, man-in-the-middle attack in TLS protocol. (markt)
	Commons Pool 1.5.2. (markt)

Catalina

	Replace TomcatCookie class with the new Cookie API. (remm)
	Cookie tracking and Servlet 3.0 cookie configuration. (markt, remm)
	ServletRegistration and FilterRegistration implementation. (remm)
	XML validation fix. (markt)
	46866: Use nanoTime rather that a weaker init for the Random fallback. (remm)
	45332: Encoding fix for tomcat-users file. (markt)
	Move InstanceManager and PeriodicEventListener to org.apache.tomcat. (markt)
	46982: Use DST offset not current offset in the access log valve. (markt)
	Various WebDAV test suite failures. (markt)
	46933: Simplify StringManager using Java 5 features. Based on a patch by Jens Kapitza. (markt)
	46961: Prefer Class.forName for Java 6 compatibility with array fake types. (markt)
	42579: Handle both relative and absolute search results in JNDI realm. Patch provided by Brandon DuRette. (markt)
	46967: Secure random security manager fix. Based on a patch provided by Kirk Wolf. (markt)
	46562: In SSI, close the reader when done. (markt)
	AsyncContext implementation, internally built on top of the event API. (remm)
	Multipart implementation. (remm)
	New JarRepository component to handle better management of JarFiles following the Servlet 3.0 update. (remm)
	47050: Remove unnecessary filtering in StandardHostValve. (markt)
	46925: Improve search for nested roles in JNDIRealm by replacing recursive search with iterative search. Patch provided by Stefan Zoerner. (rjung)
	Close stream after error in the classloader. (pero)
	47046: JMX unregistration. (markt)
	Remove ServerFactory. (markt)
	47299: Expose Container.fireContainerEvent, which became public long ago. (remm)
	Three bugs related to session activity with the persistent manager. (kkolinko, markt)
	47343: Fix redeploy resources order. (markt)
	Add support for chunked POSTs. (markt)
	MIME types cleanup. (kkolinko)
	JDBC driver cleanup fix, using a hack to define the cleaner component in the webapp classloader. (markt)
	39231: Call logout on the JAAS login context whenever possible. (markt)
	37984: Strip {MD5} as well as {SHA} from digested passwords. (markt)
	All other Servlet 3.0 features. (remm)
	41059: Reduce one possible source of errors if using ENABLE_CLEAR_REFERENCES=true. Patch by Curt Arnold. (markt)
	Register filters with JMX. (markt)
	47705: Fix divide by zero in the manager sessions command. (funkman)
	JBAS-7159: Better usability for Context level usage of RewriteValve. (remm)
	Reset strings for query string and host name in RewriteValve when rewriting. (remm)
	JBWEB-148: Add additional null checks for unmapped contexts. (remm)
	48049: Fix NamingContext.destroySubcontext. (markt)
	47718: Resource leak when using the random stream, submitted by George Sexton. (markt)
	47537: Return an error page if forward fails during FORM auth. (markt)
	Change session id on successful auth, disabled by default. (markt)

Coyote

	Fix incomplete write logic in APR. (jfclere)
	Remove useless instanceof in the HTTP protocol. (markt)
	Add support for non IO based events in all AJP and HTTP connectors. (remm)
	Fix handling of timeout values <= 0 with the poller refactoring. (remm)
	JBAS-6442: The character encoder should tolerate unmappable characters. (jfclere)
	Add flag to set Expires for cookie expiration on IE. (markt)
	47225: Fix bad length when redirecting in the mapper. (markt)
	Cookie separators and quoting compliance fixes. (markt, kkolinko)
	46950: Fix SSL renegociation problems. (jfclere)

Jasper

	46915: JSTL issues resolving resource bundle keys. (markt)
	46909: The ';' should really only be used if there is a following parameter. (markt)
	37929: Fix session access to an invalidated session. (markt)
	Removed some casts in ELResolverImpl. Patch suggested by kkolinko. (markt)
	47318: Process include preludes and codas when processing directives and whole pages. (markt)
	38797: Fix getProperty code to what it used to be in Tomcat 5.5.12. (markt)
	41661: JspConfig.init() needs a minimal amount of thread safety. (markt)
	47413: First part of a composite expression "${a}${b}" was not coerced to String. (kkolinko)
	41824: Need to use canonical rather than binary form when writing code. (markt)
	42390: Correct JSP compilation error with nested tagfile tags with variables with "AT_BEGIN" scope. Patch provided by Konstantin Kolinko. (markt)
	Avoid possible NPE handling JSP exceptions. (markt)

JBoss Web 2.1.3.GA (remm)

General

Catalina

	NPE in various realms. (markt)
	46875: ISE on session access in Comet valve. (remm)

Coyote

	Remove useless instanceof in the HTTP protocol. (markt)
	JBAS-6814: Fix looping when parsing bad end chunk, caused by the non blocking changes. (remm)

Jasper

	EL resolver improvements when using a security manager. (markt)
	41606: Fix jspInit called twice. (markt)

JBoss Web 2.1.2.GA (remm)

General

NSIS 2.43. (remm)

Catalina

	38553: A lack of certs is normal if the user doesn't have a trusted cert. Return 401, not 400 in this case. (markt)
	46606: Max depth limit configurable in WebDAV Servlet. (markt)
	38570: Fix checking of appBase against docBase. (markt)
	39013: Fix appBase test when deleting resources. (markt)
	Status code for redirect rule in rewrite valve. (jfclere)

Coyote

	HTTP/1.0 handling differed from the old org.apache.jk connector. (remm)
	Optimize date format for v0 cookies. (markt)

Jasper

	46564: More case insensitive comparison of encodings. (markt)
	Validator code cleanup. (markt)
	38197: Take account of jsp:attribute elements when naming tag pools. (markt)

JBoss Web 2.1.2.CR1 (remm)

General

NSIS 2.41. (remm)

Catalina

	46011: Make Principal accessible (if set) via Subject.getSubject(AccessController.getContext()) when processing filters. Based on a patch provided by tsveg1. (markt)
	42707: Adding host aliases should be dynamic. (markt)
	JNDI realm feature additions. (rjung)
	42747: Harmonize handling of context.xml between war and exploded folder. (markt)
	42673: In SSI, correctly handle includes with multi-level contexts. Patch provided by Peter Jodeleit. (markt)
	If throwing an exception for a non serializable attribute, mention the attribute name in the exception. (mturk)
	Create configBase also when dealing with directory deployment. (markt)
	Pass attribute changes to the executor to allow dynamic configuration. (markt)
	42077: In javax.el iterators, don't return null elements. Based on a patch by Mathias Broekelmann. (markt)
	Possible NPE on shutdown of ClusterListener. (remm)
	InstanceManager security manager fixes. (markt)
	Add a log formatter which logs on one line. (markt)
	JBWEB-129: Support substitution for cookies and env flags in RewriteRule, and map the env flag to request attributes. (remm)
	Support multiple env flags in RewriteRule. (remm)
	Support all cookie flags in RewriteRule. (remm)
	Remove useless normalization when getting a request dispatcher through a request, and refactor normalization to use the implementation in RequestUtil. (remm, markt)
	Filter not found URI in default servlet. (remm)
	46304: Cache event methods when security is enabled. (markt)
	46261: Handling for / in context path. (markt)
	Filter out negative ports on shutdown, so no connection attempt at all. (remm)
	23066: Rare NPE when loading a class. Submitted by Konstantin Kolinko. (markt)

Coyote

	JSSE configuration for SSL sessions. (markt)
	Preload fast date format in HTTP connector. (remm)

Jasper

	EL security manager fixes. (markt)
	36923: If EL is disabled, handle as template text. (markt)
	46462: Compatibility with ASF projects which use JSP. (markt)
	46381: Coerce EL to String rather than Object when concatenating. (markt)
	37515: Add options for 1.6 and 1.7 source and target to JDT compiler. (markt)
	46471: Use jar url and tag file path to uniquely ID a tag file to prevent naming clashes. (markt)

JBoss Web 2.1.1.GA (remm)

General

	NSIS 2.40. (remm)
	JBoss Native 2.0.6. (remm)
	Eclipse JDT 3.4.1. (remm)

Catalina

	45785: Add a check in the loader in addition to the fix for JBAS-4965. (markt)
	45823: Log missing request headers as - not null. Based on a patch by Per Landberg. (markt)
	45441: Correctly map filters for FORWARD and INCLUDE. (remm)
	45419: Set Accept-Ranges for static resources served by DefaultServlet. (markt)
	Bayeux support using a BayeuxServlet written as an event driven servlet. (remm, fhanik)
	LockOutRealm to lock out users after a number of failed authentication attempts. (markt)
	Fix SSI HTML replacement bug. (markt)
	Tighten up the max size for content caching (which is often useless due to sendfile). (markt, remm)
	Sync date format usage in SSI. (markt)
	45906: Another ETag improvement. Patch provided by Chris Hubick. (remm)
	CGI servlet generics cleanup. (markt)
	Better nested context handling. (markt)
	The default annotation name should be based on the class in which the annotation was found. (markt)
	46075: Don't create ByteArrayOutputStream at maximum possible size. (markt)
	46096: Support annotation processing whilst running under a security manager. (markt)
	46085: Date handling in sessions should use int offsets, and longs can get corrupted. (remm)
	46105: Set query string URI encoding when replaying request. (markt)
	Only reset the buffer and usage of IS or writer when forwarding to a custom error page. (markt, remm)
	Remove verbose attribute value logging during session passivation. (remm)
	Specific error message for webapps that fail to start. (fhanik)

Coyote

	Package renamed JSON library. (remm)
	IntrospectionUtils.replaceProperties should return the original String if no substitutions are needed. (remm)
	45026: AJP should not use an empty reason phrase, due to httpd 2 having a problem with that at the moment. (rjung)
	Allow AJP to read large body packets, up to the configured packet size. (remm)
	Remove date tool class, since it has sync issues. (markt, remm)
	Add AJP support for certificate chains. (billbarker)
	Null out socket in java.io HTTP connector. (fhanik)
	Handling for invalid AJP messages. (remm)
	New maxThreads default to 200, up from 40. (remm, fhanik)
	46077: Add configuration for deferAccept flag. (remm)
	Add maxThreads warning. (markt)
	Cleanup some type oddities in MimeHeaders. (remm)
	Refactor generation of the READ event which follows a BEGIN into the HTTP protocol handler. (remm)
	JBWEB-124, JBWEB-125: APR instability fixes involving asynchronous resume() calls. (remm)
	Fix timeout processing in many cases. (remm)

Jasper

	45427: Correct parsing of quoted stings in EL. (markt)
	Optimize EL parser lookahead. (markt)
	Fix bad EL exception cast. (rjung)
	45451: Testing for this threw up all sorts of other failures around use of \${...} These should all now be fixed. The two pass parsing means we can do away with the previous 'replace with unused unicode character' trick. (markt)
	Remove unused code in ELSupport. (markt)
	Ascii parsing bug. (markt)
	Fix regression in Big* types handling. Patch provided by Nils Eckert. (markt)
	46047: Include jar in path for dependencies if they are in a JAR. Patch provided by Cédric Mailleux. (markt)

Others

JBWEB-122: Fix exception when using SSL and HTTP variables. (jfclere)

JBoss Web 2.1.1.CR7 (remm)

Catalina

	JBAS-5917: Fix error handling starting one of the core components, and harmonize lifecycle checks of StandardPipeline with the other components. (remm)
	45628: JARs without dependencies should always be fulfilled. (markt)
	45735: More consistent getETag. (remm)
	Better logging of security exceptions reading logging configuration. (rjung)
	Add a special CombinedRealm which can aggregate authentication from multiple realms. (markt)

Coyote

Fix a rare problem identifying AJP body packets that should be dropped. (jfclere)

Jasper

	Sync with EL parser from Tomcat, to fix a number of complex expressions. (remm)
	45691: Fix possible duplicates variable names. (markt)
	45666: Fir infinite loop on include. (markt)
	Rebuild EL parser with JavaCC 4.1. (remm)

JBoss Web 2.1.1.CR6 (remm)

General

NSIS 2.39. (remm)

Catalina

	45453: Sync getPrincipal in JDBCRealm. (markt)
	JBWEB-107: Servlet 3.0 style session cookie configuration. (remm)
	New embedded API (startup.Tomcat class). (remm)
	45576: Add DIGEST support to the JAAS Realm. (markt)
	45585: Allow Tomcat to start if using $CATALINA_BASE but not JULI. Patch based on a suggestion by Ian Ward Comfort. (markt)
	The JAAS Realm did not assign roles to authenticated users. (markt)
	41407: Add support for CLIENT-CERT to the JASS Realm. (markt)
	NPE on shutdown when an error occurs starting connectors. (remm)

Coyote

	Consider that a normal request is Comet (it is possible to get a resume before officially going into Comet mode). (remm)
	Add configuration checks for java.io SSL. (markt)

Jasper

JBWEB-108: Experimental support for JCI. (remm)

JBoss Web 2.1.1.CR5 (remm)

General

	45332: Don't assume UTF-8 and use the correct encoding when generating tomcat-users.xml from the Windows installer. (markt)
	NSIS 2.38. (remm)
	JBoss Native 2.0.4. (remm)
	Commons Collections 3.2.1. (remm)
	Eclipse JDT 3.4. (remm)

Catalina

	JBAS-4965: Ignore exploded JARs in extension validator to avoid classcast. (remm)
	45285: Look for annotations up the class hierarchy. (markt)
	Concurrency issues on ClusterListener.status with multiple engines. (jfclere)
	42678: Only ignore docBase it it really is a subdir of appBase. (markt)
	42722: Fix possible NPE in CGI. (markt)
	org.jboss.web should be loaded as container classes. (remm)
	42727: Handle request lines that are exact multiples of 4096 in length. Patch provided by Will Pugh. (markt)
	Instance manager checks were not done properly. (remm)
	Prevent various possible character encoding hacks. (remm)
	JBWEB-16: Add new catalina.work system property to use as the optional base for work folders. (remm)

Jasper

	42565: EL ternary expression without space before colon now works. Patch provided by Lucas Galfaso. (markt)
	JBWEB-98: Remove mandatory usage of URLClassLoader for better integration with AS. (remm)
	JBWEB-110: Remove the per request logging of everything in JSP Servlet, which caused i18n issues. (remm)
	Add a system property to disable injection for tags. (remm)

Native

Remove system.out. (jfclere)

JBoss Web 2.1.1.CR4 (remm)

General

	Update to NSIS 2.37. (remm)
	Update to JDT 3.3.3. (remm)

Catalina

	ClusterListener will automatically generate a JVMRoute in most cases. (remm)
	Register ClusterListener in JMX. (remm)
	Improve fault recovery of ClusterListener. (remm)
	Add JMX callbacks to refresh configuration, enable and disable all contexts. (remm)
	Add all CONFIG parameters to the cluster listener as fields. (remm)
	43683: If the context is reloaded, the classloader will have changed so need to reset it. (markt)
	45101: Format dates for header value from DirContextURLConnection using HTTP format. Patch provided by Chris Hubick. (markt)
	Avoid overriding existing system properties. (remm)
	Add security to ClusterListener using SSL and possible client certificate usage. (remm)
	Add HTTP/1.0 keep-alive to ClusterListener. (remm)
	Add a new valve that works-around the broken MS WedDAV client. (markt)
	Fix XSS in the host manager. (markt)
	Add discovery of httpd servers to ClusterListener. (remm)
	Possible NPE when logging on shutdown. (fhanik)
	45195: NPE when calling getAttribute(null). (markt)
	43683: There was a short period where the context didn't appear in the mapper that resulted in some more 404s. (markt)
	Allow to start several JBossWEB on one machine with multiple IP. (jfclere)
	JBAS-5645: Fix FORM issues with body. (jfclere)
	Better information if native library fails to load. (jfclere)
	JBAS-5636: In DELAY_CONNECTOR_STARTUP mode, also let the embedding server control stopping the connectors. (remm)
	JBAS-5671: Check the right child is passed when removing it. (remm)
	Extract the query string before normalization when getting a request dispatcher. (remm)
	Update the Comet API names to org.jboss.servlet.http. (remm)

Coyote

	43094: Allow specification of keystore providers. Based on a patch by Bruno Harbulot. (markt)
	After completing an asynchronous sendfile, the socket should be placed in the main poller rather than assigned to a worker (where it would block). (remm)
	Close the connection if there's an attempt to pipeline requests when using Comet or an asynchronous sendfile is needed. (remm)
	42750: Make parsing of request line more tolerant of multiple SP and/or HT. (markt)
	45272: IE is not fully compliant, and the redone cookies could cause issues with quoted paths. (fhanik)
	Do not use custom messages in headers by default. (markt)

Jasper

	44994: Correct BNF grammar so ${0 lt a ? 1 lt a ? "many": "one": "none"} works. (markt)
	Add an additional layer of protection in case app fails to protect against an XSS. Copied filter code to jasper module so no new dependency is created. (markt)
	43285: Make forced coercion of null and "" to zero optional. Patch by Nils Eckert. (markt)
	45015: Raise an error if attributes are not correctly quoted, with an option to disable. (markt)

JBoss Web 2.1.1.CR3 (remm)

General

44988: Use new Java 5 syntax for debugger options. Patch provided by Cedrik Lime. (markt)

Catalina

	42934: Trigger contextInitialized() before sessionDidActivate(). (markt)
	Initial ClusterListener implementation for mod_cluster support. (remm)

Coyote

	44968: Provide more information when keystore load fails. (markt)
	JBCTS-794: Case insensitivity bug enumerating parameter names. (remm)

Jasper

	44986: Case insensitive comparison of charsets. (markt)
	42943: Make sure the nested element is inside a <jsp:text> element. (markt)

JBoss Web 2.1.1.CR2 (remm)

General

	Add Maven target to the dist script. (remm)
	43578: Tomcat doesn't start if installation path contains a space. Patch submitted by Ray Sauers. (markt)

Catalina

	43142: Directory xxx.war is not always a war. (markt)
	JBCTS-778: Fix updating charsWritten. (remm)
	43343: Correctly handle the case where a request arrives for a session we are in the middle of persisting. (markt)
	43150: Improve URL conversion so that some more special chars can be used in the installation path. (markt)
	43117: Setting an empty workDir can delete all of CATALINA_HOME. Patch provided by Takayuki Kaneko. (markt)
	43079 and 43080: Move odd url-pattern warning to StandardContext so a) we catch all patterns and b) it isn't logged to the wrong webapp. Based on a patch by John Kew. (markt)
	44021: Add support to manger and deployer for wars and dirs that use # to denote multi-level contexts. (markt)

Coyote

	JBCTS-779: Exception types for invalid charset (should return the java.io exception rather than the java.nio one). (remm)
	43191: No way to turn off compression for some mime-types. Based on a patch by Len Popp. (markt)
	43094: Support keystoreTypes that don't need a file. Based on a patch by Bruno Harbulot. (markt)

Jasper

JBCTS-776: NPE regression in EL type handling. (remm)

JBoss Web 2.1.1.CR1 (remm)

General

	Update to more polished CSS, submitted by James Cobb. (remm)
	Remove tomcat-native.tar.gz from the distribution (JBoss Native should be used instead). (remm)
	44562: HEAD requests cannot use includes. Patch provided by David Jencks. (markt)

Catalina

	Add 3 system properties to StandardHost to allow hardcoding safe default values for the auto deployer when JBoss Web is embedded inside AS. (remm)
	Add Comet EOF event when the end of the stream is reached without an error. (remm)
	Remove hackish code to get the System environment in the CGI Servlet. (markt)
	44529: No roles (deny all) trumps no auth-constraint (allow all). (markt)
	44673: Fix ServletInputStream still readable when closed. (markt)
	44611: Implement DirContextURLConnection.getHeaderFields(), fix case sensitivity problem and return null for header values which don't exist. (markt)
	44646: Fix tracking problems in the Comet utility valve (which provides notification for certain events such as session expiration and server shutdown). (markt)
	Better handling of lack of permission for context specific logging, and add permission for reading the JDK logging.properties. (markt)
	44391: Correct handling of escaped values in SSI processing. (markt)
	44392: HTML entities now handled correctly in SSI processing. (markt)
	Add system properties for JBoss default allowing not starting the context in init, and set the configClass field. (remm)
	43683: Need to identify new wrapper for queued request after reload. (remm)
	29936: In some circumstances, Tomcat would use the parser from a webapp to parse web.xml and possibly context.xml files. (markt)
	43470: Fix cut and paste errors in NamingResources, submitted by Lucas Galfaso. (markt)
	43425: Annotations not spec compliant. Submitted by Dain Sundstrom. (markt)
	43366: Provide backwards compatibility for sessions command. (markt)

Coyote

	JBWEB-105: The code that processes parameters from chars[] is incorrect. (jfclere)
	Better fix for cookie path quoting scenario. (markt)
	Possible NPE on shutdown if Comet is used. (remm)
	Improve accuracy of typical timeout values. (remm)
	Comet state recycling. (remm)
	Add support for specifying defaults for properties (format is ${property:default}). (remm)
	44494: Fix incorrect reads with multibyte charsets by moving the byte to char converter to the NIO character decoders. (remm)
	For consistency, refactor character output using the NIO character decoders. (remm)
	Move the parameters backend to the probably more efficient MultiMap from Hashtable, and remove the nesting capabilities inherited from Tomcat 3. (remm)
	Repackage MimeHeaders and Parameters using inner classes, and remove all obsolete collections. (remm)
	maxSavePostSize set to 0 for HTTP connectors should disable buffering done before SSL handshake. (remm)
	Add reverse connection method (from the Java server to the proxy), which could suppsedly provide better security, and could also improve quality of service. (remm)

Jasper

	42693: Port Tomcat fix for bugzilla 42693. (jfclere).
	44428: NPE in function mapper. (markt)
	Make number types handling more flexible in EL. (markt)
	43656: coerceToType() modified some values, and additional numeric type fixes. Patch provided by Nils Eckert. (markt)
	31257: Quote endorsed dirs if they contain a space. (markt)
	43617: Correctly handle quotes in attribute values for tag(x) files. (remm)
	44877: Prevent collisions in tag pool names. (markt)

JBoss Web 2.1.0 (remm)

General

	Swicth to JBoss logging from Apache Commons Logging. Standalone JBoss Web uses a special purpose version defaulting to use java.util.logging. (remm)
	Fix licensing problems with two xsd files. (remm)
	Update to NSIS 2.35, and allow building it using Wine. (remm)
	Update to commons-pool version 1.4, native version 1.1.12 and update the download location for the commons libraries. (markt)

Catalina

	43588: hard coded 127.0.0.1 for localhost. It requires localhost to be defined correctly in the machine. (jfclere)
	Prevent cookie logic to escape quotes where the value is already a quoted-string. (jfclere)
	Fix version handling in cookies. (jfclere)
	Remove Tomcat standalone session clustering. (remm)
	Add a system property to delay startup of connectors for JBoss, which also could be useful in similar embedding scenarios. (remm)
	Add context listener configuration. (remm)
	Expanded and revised Tomcat 6.0 Comet API as org.jboss.web.comet API. (remm)
	Remove user database functionality, which didn't see any development besides the original memory based backend introduced in Tomcat 4.1. Also remove associated roles management features. (remm)
	Add rewrite valve and PHP servlet from JBoss Web 2.0. (remm)
	Use the system property for the session cookie name. (jfclere)
	Move waiting time for requests to complete to the connector pause. (remm)
	Update session cookie handling (path always set to /) and id generation (check host's webapps for a matching id). (remm)
	More extensible SSO. (remm)
	Fix a bug that causes CGI Servlet to fail when it is included. (markt)
	Fix invoking CometEvent.close during begin. (remm)
	Improve error codes returned when no host or no context is matched. (remm)
	43706: WebDAV copy/move now returns 201 on success. Based on a patch by Panagiotis Astithas. (markt)
	43887: Make error messages much more helpful when illegal Servlet names are used. Based on a patch provided by Mike Baranczak. (markt)
	Improve the webDAV Servlet Javadocs to make clear that the WebDAV Servlet can not be used as the default servlet. (markt)
	43687 Remove conditional headers on Form Auth replay, since the UA (esp. FireFox) isn't expecting it.
	43594: Use setenv from CATALINA_BASE (if set) in preference to the one in CATALINA_HOME. Patch provided by Shaddy Baddah. (markt)
	43957: Service.bat doesn't configure logging correctly. Patch provided by Richard Fearn. (markt)
	Fix IOException handling when parsing post parameters. (remm)
	Fix possible race condtion when a webapp classloader has external class repositories defined. (remm)
	43236: When resetting the response, also reset the flags associated with using a writer or an output stream to allow the user to change character set after the reset. (markt)
	43241: Make ServletContext.getResourceAsStream() conform to the specification. Patch provided by John Kew. (markt)
	44084: JASSRealm was broken for application provided Principals. Patch provided by Noah Levitt. (markt)
	43914: URLs in location headers should be encoded. Patch provided by Ivan Todoroski. (markt)
	Add org.apache.catalina.loader.WebappClassLoader.SYSTEM_CL_DELEGATION boolean system property to avoid systematic system CL delegation if needed. (remm)
	Set correct StandardManager.sessionCounter after reload/restart. (pero)
	44268: Log a warning when a duplicate listener is ignored. (markt)
	Ignore not found readme and xslt in DefaultServlet. (remm)
	Fix possible NPE processing session expires. (fhanik)
	Avoid verbose exception with empty URLs. (markt)
	ExtendedAccessLogValve cs-uri not print empty querystring (pero)
	44389: Memory leak caused by non static innerclass of ApplicationContext. (remm)

Coyote

	Remove HTTP NIO connector. (remm)
	Remove legacy org.apache.jk AJP connector and utility components, replaced by the org.apache.coyote.ajp connector. (remm)
	Additional cookie fixes. (jfclere)
	43622: Don't overwrite the min compression size set by the compression attribute with the default. (markt)
	No need to swallow input if there is an error. (remm)
	43868: MBean methods getInvoke() and getSetter() were broken. (markt)
	44223: Add support for remaining truststore system property. (markt)
	Simplify response reset. (remm)
	44558: Include address in bind exception message. (markt)

Jasper

	Remove log field for XML handlers. (remm)
	43702: Inner class files have unnecessarily long names. (markt)
	43757: Rather than use string matching to work out the line in the JSP with the error, use the SMAP info and the knowledge that for a scriptlet there is a one to one line mapping. (markt)
	43285: Missing EL Coercion causes argument type mismatch. Patch provided by Bernhard Huemer. (funkman/jim)
	43909: Make sure locale maps to wrapped ELContext. Patch provided by Tuomas Kiviaho. (markt)
	43944: Fix a missing resource exception. (markt)
	43758: Fix NPE with empty scripting elements. (markt)
	43743: Correctly handle nest tag files packaged in a jar. (markt)
	Finish removing of some URL CL hardcoding. If parent CL is not a URL CL, the Ant classpath cannot be generated, and security setup might be incomplete. (remm)
	44408: Remove useless synchronization. (remm)
	43925: Optimize allocation style for bodies (this removes the no-GC mode, however), submitted by Brian Remmington. (remm)
	43741: Improve handling of tags inside JARs. (markt)

Webapps

	43611: Provide an error message if user tries to upload a war for a context defined in server.xml rather than failing silently. (markt)
	44088: Fix expire session button in manager. (markt)
	43468: Fix possible NPE when listing contexts in the Manager application. (markt)
	43515: Fix bug in Manager application that may have caused problems when listing contexts. Patch provided by Lucas Galfaso. (markt)
	Fix ManagerServlet.exipreSession throws Exceptions as iterate longer session lists at production servers. (pero)

Tomcat 6.0.15 (remm)

General

	Use Eclipse JDT 3.3.1. (pero)
	Try to guess java path in Unix scripts. (jfclere)

Catalina

	30949: Improve previous fix. Ensure requests are re-cycled on cross-context includes and forwards when an exception occurs in the target page. (markt)
	42944: Correctly handle servlet mappings that use a '+' character as part of the url pattern. (markt)
	42951: Don't use CATALINA_OPTS when stopping Tomcat. This allows options for starting and stopping to be set on JAVA_OPTS and options for starting only to be set on CATALINA_OPTS. Without this fix, some startup options (eg the port for remote JMX) would cause stop to fail. Based on a fix suggested by Michael Vorburger. Port of r454193 (36976) from Tomcat 5.5.x. (markt,rjung)
	Validation of attributes and elements used in server.xml. (remm)
	43175: Fix typos in servlet XSD files. Patch provided by Takayuki Kaneko. (markt)
	43216: Set correct StandardSession#accessCount as StandardSession.ACTIVITY_CHECK is true. Patch provided by Takayuki Kaneko (pero)
	Made session createTime accessible for all SessionManager via JMX (pero)
	43129: Support logging of all response header values at AccessLogValve (ex. add %{Set-Cookie}o to your pattern). (pero)
	Support logging of all response header values at ExtendedAccessLogValve (ex. add x-O(Set-Cookie) to your pattern). (pero)
	Support logging of current thread name at AccessLogValve (ex. add %I to your pattern). Usefull to compare access logging entry later with a stacktraces. (pero)
	Improve large-file support (more then 4 Gb) at all AccessLogValves, backport from 5.5.25. (pero)
	Optimized JDBCAccessLogValve combined pattern request attribute access. (pero)
	o.a.juli.ClassLoaderLogManager handle more then one system property replacement at file logging.properties. (pero)
	43338: Support '*' servlet-name mapping at filter-mapping. Patch provided by Keiichi Fujino. (pero)
	41797: CNFE/NPE thrown from function mapper when externalizing Patch by Tuomas Kiviaho- tuomas.kiviahos at ikis fi (funkman)
	Call stopAwait in StandardServer.stop if port == -1. (pero)
	43487: Fix request processing stats. (fhanik)
	Fix CVE-2007-5461, an important information disclosure vulnerability in the WebDAV Servlet. Based on a patch by Marc Schoenefeld. (markt)
	Call stopAwait in StandardServer.stop if port == -1. (pero)
	43668: Fix problem on a Forward when the outer most wrapper isn't a HttpServletRequest/ResponseWrapper. (billbarker)

Coyote

	In the APR connector, start accepting connections after fully starting the connector, to prevent possible exceptions due to non initialized fields. (remm)
	Fixes to B2C conversion. (billbarker)
	Cookie parser refactoring, submitted by John Kew. (remm)
	Make cookie escaping / unescaping consistent. (markt)
	43479: Memory leak cleaning up sendfile connections, submitted by Chris Elving. (remm)
	42925: Add maintain for sendfile. (remm)
	Properly close sockets for java.io AJP connector. (jfclere)

Jasper

37326: No error reported when an included page does not exist. (markt)

Webapps

	Fix WebDAV Servlet so it works correctly with MS clients. (markt)
	Fix CVE-2007-5461, an important information disclosure vulnerability in the WebDAV Servlet. (markt)
	42979: Update sample.war to include recent security fixes in the source code. (markt)
	Minor connector doc fix. (jfclere)

Tomcat 6.0.14 (remm)

General

Correct j.u.l log levels in JULI docs. (rjung)

Catalina

	Handle special case of ROOT when re-loading webapp after ROOT.xml has been modified. In some circumstances the reloaded ROOT webapp had no associated resources. (markt)
	Remove invalid attribute "encoding" of MBean MemoryUserDatabase, which lead to errors in the manager webapp JMXProxy output. (rjung)
	33774 Retry JNDI authentiction on ServiceUnavailableException as at least one provider throws this after an idle connection has been closed. (markt)
	39875: Fix BPE in RealmBase.init(). Port of yoavs's fix from Tomcat 5. (markt)
	41722: Make the role-link element optional (as required by the spec) when using a security-role-ref element. (markt)
	42361: Handle multi-part forms when saving requests during FORM authentication process. Patch provided by Peter Runge. (markt)
	42401: Update RUNNING.txt with better JRE/JDK information. (markt)
	42444: prevent NPE for AccessLogValve Patch provided by Nils Hammar (funkman)
	42449: JNDIRealm does not catch NullPointerException for Sun's LDAP provider (See bug for details) (funkman)
	42497: Ensure ETag header is present in a 304 response. Patch provided by Len Popp. (markt)
	Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host Manager. Reported by Daiki Fukumori. (markt)
	42547: Fix NPE when a ResourceLink in context.xml tries to override an env-entry in web.xml. (markt)
	Avoid some casting in ErrorReportValve (remm)
	Fix persistence API annotation, submitted by Bill Burke (remm)
	In Comet mode, if bytes are not read, send an error event (otherwise, fields referring to the connection could remain) (remm)
	Fix Comet when running Tomcat with the security manager (remm)

Jasper

	39425 Add additional system property permission to catalina.policy for pre-compiled JSPs. (markt)
	42438 Duplicate temporary variables were created when jsp:attribute was used in conjunction with custom tags. Patch provided by Brian Lenz. (markt)
	42643 Prevent creation of duplicate JSP function mapper variables. (markt)

Coyote

	Separate sequence increment from getter in ThreadPool to avoid misleading increments during monitoring via JMX. (rjung)
	Add back missing socketBuffer attribute in the java.io HTTP connector (remm)

Webapps

	Don't write error on System.out, use log() instead. (rjung)
	39813: Correct handling of new line characters in JMX attributes. Patch provided by R Bramley. Ported from tc5.5.x r415029. (markt,rjung)
	42459: Fix Tomcat Web Application Manager table error. (rjung)
	Fix XSS security vulnerabilities (CVE-2007-2449) in the examples. Reported by Toshiharu Sugiyama. (markt)

Tomcat 6.0.13 (remm)

Catalina

	More accurate available() method. (remm)
	Add recycle check in the event object, since it is a facade like the others. (remm)
	When processing a read event, enforce that the servlet consumes all available bytes. (remm)
	Add a flag in ContainerBase which could be used in embedded scenarios to avoid a double start of contexts (this problem generally occurs when adding contexts to a started host). (remm)
	42309: Ability to create a connector using a custom protocol specification for embedded. (fhanik)
	Add SSL engine flag to AprLifecycleListener. (fhanik)
	Improve event processing, so that an END event is generated when encountering EOF, and an ERROR is always generated on client disconnects. (remm)
	Add declarations for the new XSD files. (remm)

Coyote

	Add heartbeatBackgroundEnabled flag to SimpleTcpCluster. Enable this flag don't forget to disable the channel heartbeat thread (pero)
	Possible memory leak when using comet, caused by adding the socket to the poller before cleaning up the connection tracking structure. (remm)
	42308: nextRequest recycles the request, which caused issues with statistics. (remm)
	Fix non recycled comet flag in the APR connector. (remm)

Cluster

	Add heartbeatBackgroundEnabled flag to SimpleTcpCluster. Enable this flag don't forget to disable the channel heartbeat thread (pero)
	Method name cleanup. (fhanik)

Webapps

Some examples webapp fixes. Submitted by Frank McCown. (remm)

Tomcat 6.0.12 (remm)

General

License source headers. Submitted by Niall Pemberton. (remm)

Catalina

	42039 Log a stack trace if a servlet throws an UnavailableException. Patch provided by Kawasima Kazuh. (markt)
	41990 Add some additional mime-type mappings. (markt)
	41655 Fix message translations. Japanese translations provided by Suzuki Yuichiro. (markt)
	Add enabled attribute to AccessLogValve (pero)
	42085: Avoid adding handlers for the root logger twice when they are explicitly specified. (remm)
	Reduce thread local manipulation in the request dispatcher. Submitted by Arvind Srinivasan. (remm)
	Avoid keeping references to loggers tied to the webapp classloaders after a reload in a couple more places. (remm)
	42202: Fix container parsing of TLDs in webapps when Tomcat is installed in a URL encodable path. (remm)

Coyote

	42119 Fix return value for request.getCharacterEncoding() when Content-Type headers contain parameters other than charset. Patch by Leigh L Klotz Jr. (markt)
	Move away from using a thread local processor for the APR and java.io connectors, as this does not work well when using an executor. (remm)
	Remove Comet timeout hack in the APR connector. Comet connections will now use the regular timeout or the keepalive timeout if specified. (remm)

Webapps

	42025: Update valve documentation to refer to correct regular expression implementation. (markt)
	Fix various paths in the manager webapps (remm)
	Session viewer and editor for the HTML manager. Submitted by Cédrik Lime. (remm)
	Session handling tools for the manager. Submitted by Rainer Jung. (remm)

Jasper

	41869 TagData.getAttribute() should return TagData.REQUEST_TIME_VALUE when the attribute value is an EL expression. (markt)
	42071 Fix IllegalStateException on multiple requests to an unavailable JSP. Patch provided by Kawasima Kazuh. (markt)
	After a JSP throws an UnavailableException allow it to be accessed once the unavailable period has expired. (markt)

Cluster

Add toString method to better logging session replication message at tribes MESSAGES (pero)

Tomcat 6.0.11 (remm)

General

Update DBCP to 1.2.2, pool to 1.3, JDT to 3.2.2 and remove collections build dependency (pero, remm)

Catalina

	Don't log pattern subtoken at ExtendedAccesLogValve (pero)
	Add some missing JMX attributes for new AccessLogValve (pero)
	41786 Incorrect reference to catalina_home in catalina.sh/bat Patch provided by Mike Hanafey (fhanik)
	41703 SingleSignOnMessage invalid setter, patch provided by Nils Hammar (fhanik)
	41682 ClassCastException when logging is turned on (fhanik)
	41530 Don't log error messages when connector is stopped (fhanik)
	41166 Invalid handling when using replicated context (fhanik)
	Added SENDFILE support for the NIO connector. (fhanik)
	Added support for shared thread pools by adding in the <Executor> element as a nested element to the <Service> element. (fhanik)
	41666 Correct handling of boundary conditions for If-Unmodified-Since and If-Modified-Since headers. Patch provided by Suzuki Yuichiro. (markt)
	41739 Correct handling of servlets with a load-on-startup value of zero. These are now the first servlets to be started. (markt)
	41747 Correct example ant script for deploy task. (markt)
	41752 Correct error message on exception in MemoryRealm. (markt)
	39883 Add documentation warning about using antiResourceLocking on a webapp outside the Host's appBase. (yoavs)
	40150 Ensure user and roll classnames are validated on startup. Patch by Tom. (yoavs)
	Refactor extend access log valve using the optimized access log valve. Submitted by Takayuki Kaneko. (remm)
	Possible deadlock in classloading when defining packages. (remm)
	Remove excessive syncing from listener support. (remm)
	Web services support. The actual factory implementations are implemented in the extras. Submitted by Fabien Carrion. (remm)
	Add logging to display APR capabilities on the platform. (remm)
	Expose executors in JMX. (remm)
	CRLF inside a URL pattern is always invalid. (remm)
	Tweak startup time display. (remm)
	Adjustments to handling exceptions with Comet. (remm)
	If the event is closed asynchronously, generate an end event for cleanup on the next event. (remm)
	Cleanup hello webapp from the docs and fix a XSS issue in the JSP. (remm)
	Examples webapp cleanup. Submitted by Takayuki Kaneko and Markus Schönhaber. (remm)
	41289: Create configBase, since it is no longer created elsewhere. Submitted by Shiva Kumar H R. (remm)

Coyote

	Fixed NIO memory leak caused by the NioChannel cache not working properly.
	Added flag to enable/disable the usage of the pollers selector instead of a Selector pool when the serviet is reading/writing from the input/output streams The flag is -Dorg.apache.tomcat.util.net.NioSelectorShared=true
	Requests with multiple content-length headers are now rejected. (markt)
	41675 Add a couple of DEBUG-level logging statements to Http11Processors when sending error responses. Patch by Ralf Hauser. (yoavs)
	Reuse digester used by the modeler. (remm)
	When the platform does not support deferred accept, put accepted sockets in the poller. (remm)
	Fix problem with blocking reads for keepalive when using an executor (the number of busy threads is always 0). (remm)
	The poller now has good performance, so remove firstReadTimeout. (remm)
	42119 Fix return value for request.getCharacterEncoding() when Content-Type headers contain parameters other than charset. Patch by Leigh L Klotz Jr. (markt)

Webapps

	Fix previous update to servlet 2.5 xsd to use correct declaration. (markt)
	Update host configuration document for new behaviour for directories in appBase. (markt)
	39540 Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)

Jasper

	41227 Add a bit of DEBUG-level logging to JspC so users know which file is being compiled. (yoavs)
	Remove some dead utility code, and refactor stream capture as part of the Ant compiler. (remm)
	Support the trim directive of JSP 2.1 as an equivalent of Jasper's own parameter. (remm)
	41790: Close file stream used to read the Java source. (remm)
	Fix reporting of errors which do not correspond to a portion of the JSP source. (remm)
	Remove try/catch usage for annotation processing in classic tags. The usage of the log method might have been questionable as well. (remm)
	Cleanup of the message that is displayed for compilation errors. (remm)
	Skip BOM when reading a JSP file. (remm)

Tomcat 6.0.10 (remm)

Catalina

	Unify usage of security manager flag, submitted by Arvind Srinivasan. (remm)
	Fix formatting of CGI variable SCRIPT_NAME. (markt)
	41521: Support * for servlet-name, submitted by Paul McMahan. (remm)
	Cache getServletContext value, submitted by Arvind Srinivasan. (remm)
	Add options for handling special URL characters in paths, and disallow '\' and encoded '/' due to possible differences in behavior between Tomcat and a front end webserver. (remm)
	Fix bad comparison for FORM processing, submitted by Anil Saldhana. (remm)
	41608 Make log levels consistent when Servlet.service() throws an exception. (markt)

Coyote

Reduce usage of MessageBytes.getLength(), submitted by Arvind Srinivasan. (remm)

Jasper

	41558: Don't call synced method on every request, submitted by Arvind Srinivasan. (remm)
	Switch to a thread local page context pool. (remm)

Tomcat 6.0.9 (remm)

General

	Use 2.5 xsd in Tomcat webapps. (markt)
	Compression filter improvements, submitted by Eric Hedström. (markt)

Catalina

	Properly return connector names. (remm)
	Remove logging of the XML validation flag. (remm)
	Correct error messages for context.xml. (markt)
	41217: Set secure flag correctly on SSO cookie, submitted by Chris Halstead. (markt)
	40524: request.getAuthType() now returns CLIENT_CERT rather than CLIENT-CERT. (markt)
	40526: Return support for JPDA_OPTS to catalina.bat and add a new option JPDA_SUSPEND, submitted by by Kurt Roy. (markt)
	41265: In embedded, remove the code that resets checkInterval values of zero to 300. (markt)

Coyote

	37869: Fix getting client certificate, submitted by Christophe Pierret. (remm)
	40960: Throw a timeout exception when getting a timeout rather than a generic IOE, submitted by Christophe Pierret. (remm)

Jasper

	EL validation fixes for attributes. (remm)
	41327: Show full URI for a 404. (markt)
	JspException now uses getCause() as the result for getRootCause(). (markt)

Cluster

41466: When using the NioChannel and SecureNioChannel its important to use the channels buffers. (fhanik)

Tomcat 6.0.8 (remm)

Catalina

	Make provided instances of RequestDispatcher thread safe. (markt)
	Optional development oriented loader implementation. (funkman)
	Optimized access log valve, submitted by Takayuki Kaneko. (remm)
	Fix error messages when parsing context.xml that incorrectly referred to web.xml. (markt)
	41217: Set secure attribute on SSO cookie when cookie is created during a secure request. Patch provided by Chris Halstead. (markt)
	40524: HttpServletRequest.getAuthType() now returns CLIENT_CERT rather than CLIENT-CERT for certificate authentication as per the spec. Note that web.xml continues to use CLIENT-CERT to specify the certificate authentication should be used. (markt)
	41401: Add support for JPDA_OPTS to catalina.bat and add a JPDA_SUSPEND environment variable to both startup scripts. Patch provided by Kurt Roy. (markt)

Coyote

Use the tomcat-native-1.1.10 as recommended version. OpenSSL detection on some platforms was broken 1.1.8 will continue to work, although on some platforms there can be JVM crash if IPV6 is enabled and platform doesn't support IPV4 mapped addresses on IPV6 sockets.

Jasper

	When displaying JSP source after an exception, handle included files. (markt)
	Display the JSP source when a compilation error occurs and display the correct line number rather than start of a scriptlet block. (markt)
	Fix NPE when processing dynamic attributes. (remm)
	More accurate EL usage validation. (remm)
	Fix regression for implicit taglib and page data version numbers. (remm)
	41265: Allow JspServlet checkInterval init parameter to be explicitly set to the stated default value of zero by removing the code that resets it to 300 if explicitly specified as zero. (markt)
	41327: Show full URI for a 404. Patch provided by Vijay. (markt)

Webapps

	Add a virtual hosting how-to contributed by Hassan Schroeder. (markt)
	Update all webapps to use the servlet 2.5 xsd. (markt)
	39572: Improvements to CompressionFilter example provided by Eric Hedström. (markt)

Tomcat 6.0.7 (remm)

General

Fix installer's bitmap (mturk)

Catalina

Refactor logging of errors which may occur when reading a post body (remm)

Coyote

37869: Also use the SSL_INFO_CLIENT_CERT field if the chain is empty, submitted by Grzegorz Grzybek (remm)

Tomcat 6.0.6 (remm)

General

Fix tagging which did not include 6.0.5's changelog (remm)

Tomcat 6.0.5 (remm)

Catalina

	40585: Fix parameterised constructor for o.a.juli.FileHandler so parameters have an effect. (markt)
	Escape invalid characters from request.getLocale. (markt, remm)
	Update required version for native to 1.1.8. (remm)
	Do not log broken pipe errors which can occur when flushing the content of an error page. (remm)

Coyote

Fix firstReadTimeout behavior for the AJP connector. (remm)

Jasper

41057: Make jsp:plugin output XHTML compliant. (markt)

Cluster

	Cluster interface cleanup. (fhanik)
	Refactoring to allow usage of executors. (fhanik)

Tomcat 6.0.4 (remm)

General

	Update to NSIS 2.22 (remm)
	Fix regression in 6.0.3 with Windows wrapper (mturk)

Tomcat 6.0.3 (remm)

General

Catalina

	37509: Do not remove whitespace from the end of values defined in logging.properties files. (markt)
	38198: Add reference to Context documentation from Host documentation that explains how Context name is obtained from the Context filename. (markt)
	40844 Missing syncs in JDBCRealm. (markt)
	40901: Encode directory listing output. Based on a patch provided by Chris Halstead. (markt)
	40929: Correct JavaDoc for StandardClassLoader. (markt)
	41008: Allow POST to be used for indexed queries with CGI Servlet. Patch provided by Chris Halstead. (markt)
	Fix usage of print on the servlet output stream if the processor never used a writer (fhanik)
	Fix logic of sameSameObjects used to determine correct wrapping of request and response objects (fhanik)
	Update TLD scan lists, and disable caching for now (remm)
	Add system property to WebappClassLoader to allow disabling setting references to null when stopping it (remm)
	Add clustered SSO code, submitted by Fabien Carrion (remm)

Coyote

	40860: Log exceptions and other problems during parameter processing. (markt)
	Enable JMX for trust store attributes for SSL connector. (markt)
	Port memory usage reduction changes to the java.io HTTP connector. (remm)
	MessageBytes.setString(null) will remove the String value. (remm)
	41057: Caching large strings is not useful and takes too much memory, so don't cache these (remm)
	Add keepAliveTimeout attribute to most connectors (mturk, remm)

Jasper

	Relax EL type validation for litterals. (remm)
	Update some version numbers to 2.1. (funkman, remm)
	Add xsds for JSP 2.1 (remm)
	41106: Update validation checks for EL to also include legacy 1.2 tags (remm)

Webapps

40677: Update SSL documentation to indicate that PKCS11 keystores may be used. (markt)

Tomcat 6.0.2 (remm)

General

	Various tweaks to distribution (remm, funkman)
	Update Tomcat native to 1.1.7 (mturk)
	Update to JDT 3.2.1 (remm)

Catalina

Fix EJB annotation interface (remm)

Coyote

Fix passing of the keystore password for the NIO connector (fhanik)

Tomcat 6.0.1 (remm)

General

37439, 40823: Documentation cleanup (markt)

Catalina

	Refactor exception processing using Throwable.getCause to improve exception chaining (remm)
	Remove dead code involving the Logger (funkman)
	37458: Fix some exceptions which could happen during classloading (markt)
	40817: Fix CGI path (markt)
	34956: Add the possibility to enforce usage of request and response wrapper objects (markt)

Jasper

Many fixes for JSP 2.1 compliance, invloving tag files handling, deferred expressions validation, bom encoding support (remm)

Coyote

	Many HTTP NIO connector fixes and refactorings (fhanik)
	HTTP NIO connector performance improvements (fhanik)
	Add packetSize option for the classic AJP connector (jfclere)
	Implement explicit flushing in AJP (mturk)

Tomcat 6.0.0 (remm)

Catalina

	SSLEngine attribute added to the AprLifecycleListener(fhanik)
	Add API for Comet IO handling (remm, fhanik)
	Servlet 2.5 support (remm)

Jasper

	JSP 2.1 support (jhook, remm)
	Unifed EL 2.1 support (jhook)

Coyote

	SSLEnabled attribute required for SSL to be turned on, on all HTTP connectors (fhanik)
	Memory usage reduction for the HTTP connectors, except java.io (remm)
	Modeler update to use dynamic mbeans rather than model mbeans, which consume more resources (costin)

Cluster

New cluster configuration and new documentation (fhanik)

Webapps