Dwarf HTTP Server: Changes

Dwarf HTTP Server 1.3.3

Changes

Content

Version 1.3.3
Version 1.3.2
Version 1.3.1
Version 1.3.0
Version 1.2.3
Version 1.2.2
Version 1.2.1
Version 1.2.0
Version 1.1
Version 1.0.1
Version 1.0
Version 1.0rc6

Version 1.3.3

Bug Fixes

vulnerability caused due to a validation error of the filename extension in URL
displaying of user's URL in an error message without sanitisation

Version 1.3.2

(misnumbered version)

Version 1.3.1

API Changes

new setUserPrincipalClass(Class) method in Application for setting the class of user principal objects returned by login modules

Bug Fixes

FileServlet did send unnecessary charset parameter in the ContentType response header
getUserPrincipal() method of HTTP request did not return the principal object if a third-party JAAS login module was used

Version 1.3.0

Other Changes

preliminary support for the non-blocking HTTP server

Version 1.2.3

Bug Fixes

internal bug in reading requests with the chunked transfer encoding type
class-loading process in web applications did not work properly when the code used Thread.getContextClassLoader()

Version 1.2.2

Other Changes

Jasper JSP implementation updated to match the most recent Apache Tomcat distribution

Version 1.2.1

Bug Fixes

minor bug in RAMSessionManager when logging message due to a rejected session

Version 1.2.0

Bug Fixes

custom error pages now works also for exceptions wrapped by javax.servlet.ServletException instances
mimeTypes, charsets, encodings and errorCodes attributes of the HTTPParameters class could not be set properly to other than the default values
Content-Type header of a non-text HTTP response was always set with the useless "charset" parameter
automatic deploying of WAR files did not work for archives with no "META-INF/" subdirectory
WebDAVServlet did not initialized properly the superclass, therefore some of the inherited FileServlet features did not work

Other Changes

added missing processing of <error-page> elements in the web application deployment descriptor
the special LOG_HTTP logging level has been removed; use the new LOG_XFER level instead
WebDAVServlet ported from JDOM to standard JAXP/DOM

Version 1.1

New Features

option for following symbolic links on Unix platforms
WebDAV support (level 1) via the WebDAVServlet class

Bug Fixes

fixed minor bug in FileServlet when an URL pointing to a directory did not contain the trailing slash
getInputStream() of HTTP request now returns an empty input stream instead of the previous null value; it does not even throw the IllegalStateException if the entity body has been read already by the parameter-parsing process

API Changes

ServletWrapper extends the GenericServer class now, therefore it can contain another useful services
added two new methods to HTTPUtils for URL escaping/unescaping
W3CExtendedLogFormat renamed to ExtendedLogFormat
DefaultLogFormat renamed to DwarfLogFormat
removed DefaultServlet, ResourceServlet and InfoServlet

Other Changes

sample applications use port 8080 instead of the default 80 to prevent possible conflicts with the existing web servers
sample applications must be run by the run.* scripts with the URL of the main configuration file as the argument
sample configuration files are no longer copied to the conf/ directory; it is now left empty for the end-user's custom files
all parameters in the HTTPParameters class have reasonable defaults; the class is added to the HTTPServer automatically if it is not done explicitly
added a simple session-stealing detection to the RAMSessionManager
large entity bodies of the POST requests can be stored on disk for saving the memory resources
files obtained from the "multipart/form-data" requests are stored in temporary disk files instead of the memory buffers
ExtendedLogFormat logs also the remote user name and the "Host" request header by default
rewrited synchronization of the Session implementation
default servlet is mapped to the standard "/" pattern instead of the previous "default" pattern
several attributes of the WebApplication can be set also via the initial context parameters
FileServlet can use icons for generating the HTML directory listings
removed path caching from the Application

Version 1.0.1

New Features

new directory listing feature built-in to the FileServlet
added simple Host aliasing by specifying a list of hostnames in the hostId attribute
added CGI/1.1 support via the CGIServlet
new deployDir attribute of the Host can be used to setup atomatic deploying of web applications and WAR files
WAR filename instead of a directory can be specified in the rootDir attribute of the WebApplication class. This enables serving the application files directly from a WAR file via the JARFileServlet.

Bug Fixes

request parameters were not parsed correctly for a non-default character encodings
setting of the ContentType header for HTTP response objects ignored actual locale settings
some server-generated messages used content-type "text/plain" instead of "text/html"

API Changes

HTTPUtils static methods urlDecode and urlEncode accepts character encoding parameter

Other Changes

server now works with JDK/JRE 1.4
Jasper package updated according to Tomcat 3.3.1
the *** wildcard character sequence can be used in security constraints defined via the deployment descriptor to mach any remote user, either authenticated or unauthenticated
defaultEncoding parameter now specifies the MIME charset instead of previous Java encoding
FileServlet handles included files according to the character encoding of the current response object
removed the allowedMethods HTTP parameter

Version 1.0

New Features

it is possible to change the class for representing security role principals in a web application via the rolePrincipalClass attribute
sending of the "Server:" response header can be configured via the sendServerInfo HTTP parameter
HTTPPathPermission accepts wildcard "*" character for the actions argument
custom HTTP response error phrases can be set via the errorCodes HTTP parameter
server can be instructed to accept additional HTTP methods via the allowedMethods HTTP parameter
it is possible to set the maximum time to wait for incoming request data via the requestTimeout HTTP parameter
Jasper log messages can be controlled via the special JSPLogger logging service
support for the web application directory format as defined by the Servlet API 2.2 Specification is implemented by new WebApplication class
it is possible to specify more than one servlet mapping pattern for the particular servlet instance by providing a list of comma-separated patterns instead of a single pattern

Bug Fixes

improved compliance with the HTTP/1.1 specification
sending HTTP error message in the case of a RequestException could fail
parsing of query string without parameter values caused an exception
session cookie path was not set properly, which could cause an invalid cookie identification
session tracking via URL rewriting did not work for the persistent connections
HTTPPathPermission did not work correctly for the DELETE method
invalidating a session manually did not remove it from the session store
parsing of cookies without a value caused an exception

API Changes

new Application.getRealmName() method returns the realm name used in the HTTP authentication
new Application.isUserInRole(Request, String) method checks whether a remote user is in the given security role
new Application.setSSLRequired(boolean) method can be used to force the application to accept the secure requests only
new Application.setRuntimeServletPath(String) method for changing the default runtime servlet path prefix. This prefix is used to identify servlets which will be loaded automatically by the servlet container.
removed caching feature from the Host class
renamed some attributes of the Application: documentRootDir to rootDir, implicitServletMappings to implicitMappings
removed DefaultHost and VirtualHost classes, the functionality has been merged to the single Host class

Version 1.0rc6

This was the first public available version.

Return to the main page.