Comodo Internet Security

What's new in this version:

Catalina:
- Code: Expand coverage of unit tests for JNDIRealm using the UnboundID LDAP SDK for Java
- Fix: 65224: Ensure the correct escaping of attribute values and search filters in the JNDIRealm
- Fix: 65235: Add missing attributes to the MBean descriptor file for the RemoteIpValve
- Fix: 65244: HandlesTypes should include classes that use the specified annotation types on fields or methods
- Fix: 65251: Correct a regression introduced in 8.5.64 that meant that the auto-deployment process may attempt a second, concurrent deployment of a web application that is being deployed by the Manager resulting in one of the deployments failing and errors being reported

Coyote:
- Fix: Ensure that all HTTP requests that contain an invalid character in the protocol component of the request line are rejected with a 400 response rather than some requests being rejected with a 505 response
- Fix: When generating the error message for an HTTP request with an invalid request line, ensure that all the available data is included in the error message
- Fix: 65272: Restore the optional HTTP feature that allows LF to be treated as a line terminator for the request line and/or HTTP headers lines as well as the standard CRLF. This behaviour was previously removed as a side-effect of the fix for CVE-2020-1935

Jasper:
- Code: Review code used to generate Java source from JSPs and tags and remove code found to be unnecessary
- Update: <servlet> entries in web.xml that include a <jsp-file> element and a negative <load-no-startup> element that is not the default value of -1 will no longer be loaded at start-up. This makes it possible to define a <jsp-file> that will not be loaded at start-up
- Fix: Allow the JSP configuration option useInstanceManagerForTags to be used with Tags that are implemented as inner classes

WebSocket:
- Code: Refactor the way Tomcat passes path parameters to POJO end points to simplify the code
- Fix: 65262: Refactor the creation of WebSocket end point, decoder and encoder instances to be more IoC friendly. Instances are now created via the InstanceManager where possible

Web applications:
- Fix: 65235: Correct name of changeLocalName in the documentation for the RemoteIpValve
- Fix: 65265: Avoid getting the boot classpath when it is not available in the Manager diagnostics

Other:
- Update: Update the packaged version of the Tomcat Native Library to 1.2.28

- Fix: Move SystemPropertySource to be a regular class to allow more precise configuration if needed. The system property source will still always be enabled
- Add: Improvements to Chinese translations. Provided by bytesgo
- Add: Improvements to French translations
- Add: Improvements to Korean translations