The new stable release of Tomcat 6.0.24 represents six months of open source software development. Version 6.0.24 includes a small number of new features, plus a large amount of important bug fixes and enhancements. This release is an incremental bug fix release, but the number of fixes included in this release is high.
Numerous Important Bug Fixes
Here is a summary of just the fixes that are included in Tomcat 6.0.24, an impressive list:
- Aggressive webapp / JDK memory leak handling. This is a major set of fixes.
- Better HTTPS security. This includes a workaround for the HTTPS vulnerability CVE-2009-3555.
- Major updates and bug fixes to Tomcat’s database connection pooling code. This includes performance fixes, exception fixes, and more.
- Improved Servlet session edge condition handling.
- Improved support for JMX via a new
JmxRemoteLifecycleListenerand additional JMX-related bug fixes.
- Fixed an obscure bug that caused the use of the vi editor to erase webapps. Yes, you read that right. Look here and here for more information.
- Fixed quite a few thread safety bugs. This prevents bad behavior in high scalability situations.
- Many clustering bug fixes and improvements (a true distributed community effort).
- Upgraded and improved Tomcat’s Windows installer. Now fully supports 64-bit Windows installations, and the installer software has been upgraded.
- Many additional bug fixes, including scalability and performance fixes.
Anyone who uses Tomcat 6 in production should upgrade to version 6.0.24 to get these important bug fixes.
As part of some new development that is currently ongoing for Tomcat 7, a few helpful feature additions were also added to Tomcat 6. These were added to Tomcat 6 as Listeners and a Valve, which are both modular components that are currently supported in the same ways on both Tomcats 6 and 7. For that reason it was easy to simply add them to Tomcat 6’s code after they were implemented for Tomcat 7, without disturbing or modifying any of Tomcat 6’s other code.
JmxRemoteLifecycleListener was added in Tomcat 6 and 7 that allows opening a JMX Remote server port over RMI where the server port is a fixed port number. Normally, the port number is random, which doesn’t work well in production because firewalls must be pre-configured to allow TCP connections just to specified ports. But because the RMI server chooses its port number at the time you’re trying to connect a JMX client (such as
jconsole), you cannot prepare your firewall to allow connections to that random port number. It is already too late once you find out what port number was chosen! This
JmxRemoteLifecycleListener solves that problem and allows us to use
jconsole with a fixed RMI server port number. This fix helps anyone who would like to inspect and manipulate Tomcat’s MBeans components using tools like
jconsole while Tomcat stays running, including in production environments.
JreMemoryLeakPreventionListener was added in Tomcat 6 and 7. This Listener and other code changes to Tomcat prevent numerous different types of memory leaks from occurring, including memory leaks caused by the JDK. This Listener was not written for fixing any memory leaks in Tomcat itself (those are fixed right away, individually, once they’re found), but instead it fixes memory leaks caused by your webapp’s use of JDK core features. Note that your Tomcat installation may suffer from
OutOfMemoryError and PermGen space problems without these fixes, even if you do not have
Context reloading enabled. These fixes repair a surprisingly large list of memory leaks that should make any Tomcat 6 user want to upgrade.
To start the memory leak prevention code, make sure you have the following lines in your
<!-- Prevent memory leaks due to use of particular java/javax <a href="http://www.mulesoft.com/platform/api" target="_blank" rel="" title="Anypoint Platform for APIs" >APIs</a>-->
RemoteIpValve is implemented in Tomcat 6 and 7 to ensure that the original HTTP client’s real IP address is available via
servletRequest.getRemoteAddr(), even when the request was proxied from Apache httpd or a hardware load balancer. For more information about this feature, see the conversation about it and the initial code submission at https://issues.apache.org/bugzilla/show_bug.cgi?id=47330.
Overall, this is a whopper of a bug fix release and includes some nice new additional features. And since MuleSoft Tcat Server 6 supports the official ASF release binaries, you do not need to wait before taking advantage of this great new release of Tomcat.