Mark Thomas

Yes, please raise an issue. I suspect we'll separate them out into two new settings with the old setting being used as a default and removed for 10.1.x onwards.

Valves can be installed via a WAR. You can specify an application specific Valve in a META-INF/context.xml file included in the WAR. I share the concern that adding a getRequest()...

I would be against exposing container internals via the Servlet API as it undermines portability. What information, specifically, do you need to access and how (read, write)? I think I'd...

The sync block won't be reached: https://github.com/openjdk/jdk/blob/jdk-11%2B28/src/java.base/share/classes/java/util/jar/JarFile.java#L382 The case hasn't been made that this change is necessary nor has any evidence been provided of a genuine performance improvement.

Can you expand on why this is an issue? The web application doesn't start either way and - generally - I think I'd prefer to see the scale of the...

Writing an HTTP proxy is non-trivial. I am going to need a LOT of convincing that the proxy Valve is both safe and compliant with the relevant RFCs.

This feels more like a custom ErrorReportValve rather than something that would ship with Tomcat. I do agree with Chris that a lot (all?) of this functionality could be achieved...

This would be per web application but if you put the following in web.xml ``` /WEB-INF/default-error-handler.jsp ``` you should get close to what you need. That page can forward elsewhere...

I'm curious why applications think they need to set the connection header. I'd expect the container to handle this. Further, applications that want to set this header can/should use `ServletRequest.getProtocol()`...

That would also allow some clean up in the current code that sets the header and has to take account of any value that may have been set by the...