I'm pleased to announce the availability of the Beta 2 release of the
next generation of the Tomcat servlet container, at:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0-b2/
Tomcat 4.0 beta 2 has many new features, including:
* Tomcat 4.0 can now run web applications out of an unpacked
directory or directly from a WAR file.
* Web applications are now run under the control of a Java
SecurityManager that can support fine-grained control over each
web-app's access to system resources.
* You can now specify a <DefaultContext> element in the server
configuration file (server.xml) that defines default configuration
information for contexts that are automatically configured.
* An example Filter implementation that supports on-the-fly GZIP
compression for clients that support it.
* A servlet that implements all of the NCSA documented
functionality for server side includes (*.shtml) except for the
"exec" capability.
* Standard resource factories for JavaMail related resources
accessible via a JNDI InitialContext, compatible with J2EE
Specification requirements.
* Reflects the most up-to-date changes in the Servlet 2.3 and
JSP 1.2 APIs that have been approved by the JSR-053 expert
group, and will appear in the next published version of the
corresponding specifications.
In addition, the following major bug fixes are included:
* Fixes for two reported security vulnerabilities (a "cross site
scripting vulnerability" plus a "URL decoding vulnerability")
* The JSP servlet (Jasper) that compiles and executes JSP pages
now uses its own classloader its associated XML parser, which
avoids potential conflicts with parsers included with a web
application.
* Bug fix updates for directory listings, the WebDAV support,
binding to a single IP address (if requested), incorrectly
named access log files, URL decoding improvements, form-based
authentication, HTTP/1.1 chunking, isUserInRole(), JSP page
parsing problems, and many other patches.
See the Tomcat 4.0 Beta 2 Release Notes (RELEASE-NOTES-4.0-B2.txt)
that are included in the top-level directory of the release for more
detailed information.
Craig McClanahan
