60469: Refactor RealmBase for better code re-use
when implementing Realms that use a custom Principal.
(markt)
60490: Various formatting and layout improvements for the
ErrorReportValve. Patch provided by Michael Osipov. (markt)
60596: Improve performance of DefaultServlet when sendfile
feature is disabled on connector. (kkolinko)
Make it easier for sub-classes of Tomcat to modify the
default web.xml settings by over-riding
getDefaultWebXmlListener(). Patch provided by Aaron
Anderson. (markt)
Reduce the contention in the default InstanceManager
implementation when multiple threads are managing objects and need to
reference the annotation cache. (markt)
60674: Remove final marker from
CorsFilter to enable sub-classing. (markt)
60683: Security manager failure causing NPEs when doing IO
on some JVMs. (coty)
60688: Update the internal fork of Apache Commons BCEL to
r1782855 to add early access Java 9 support to the annotation scanning
code. (markt)
60694: Prevent NPE during authentication when no JASPIC
AuthConfigFactory is available. (markt)
60697: When HTTP TRACE requests are disabled on the
Connector, ensure that the HTTP OPTIONS response from custom servlets
does not include TRACE in the returned Allow header. (markt)
60718: Improve error handling for asynchronous processing and
correct a number of cases where the requestDestroyed()
event was not being fired and an entry wasn't being made in the access
logs. (markt)
60720: Replace "WWW-Authenticate" literal with static final
AUTH_HEADER_NAME in SpnegoAuthenticator. Patch provided by Michael
Osipov. (violetagg)
The default JASPIC AuthConfigFactory now correctly notifies
registered RegistrationListeners when a new
AuthConfigProvider is registered. (markt)
Improve the performance of AuthenticatorBase when there is
no JASPIC configuration available. (violetagg)
When HTTP TRACE requests are disabled on the Connector, ensure that the
HTTP OPTIONS response from custom the WebDAV servlet does not include
TRACE in the returned Allow header. (markt)
60722: Take account of the
dispatchersUseEncodedPaths setting on the current
Context when generating paths for dispatches triggered
by AsyncContext.dispatch(). (markt)
60728: Make the separator Tomcat uses in the Tomcat specific
war:file:... URL protocol customizable via a system
property. The separator is equivalent to the use of the !
character in jar:file:... URLs. The default separator of
* remains unchanged. (markt)
Update the org.apache.catalina.servlet4preview package that
can be used to gain early access to Servlet 4.0 features to align with
the latest proposals f
60469: Refactor 
60596: Improve performance of DefaultServlet when sendfile
feature is disabled on connector. (kkolinko)
Make it easier for sub-classes of