Changelog 是一种用于跟踪软件项目更改历史的重要文档，它记录了每一次版本更新的主要变化

Changelog 在软件项目中的作用和内容

1. Changelog 的定义及其意义

Changelog 是一种文档工具，用于记录软件或项目中的每一次变更。它提供了一种结构化的方式来跟踪每个版本的新特性、改进以及 Bug 修复等内容。通过这种方式，Changelog 不仅促进了团队成员之间的协作与沟通，还帮助用户理解软件的发展历程。

2. Changelog 的主要组成部分

一份完整的 Changelog 应该包含以下几个方面：

• 新增功能（Features/New Features）: 描述在当前版本中新引入的功能。
• 优化改进（Improvements/Optimizations）: 列举对已有功能所做的增强或性能提升。
• Bug 修复（Fixes/Bug Fixes）: 记录已解决的问题列表。
• 破坏性更改（Breaking Changes）: 明确指出哪些改动可能会打破向后兼容性。
• 其他变动（Miscellaneous/Other Changes）: 可选部分，用来提及不归属于以上类别的较小调整。

3. Changelog 的格式标准

虽然没有强制性的统一模板，但是社区普遍接受的一种惯例叫做 Keep a Changelog 格式，基于语义化版本控制(SemVer)，其基本形式如下所示：

# Changelog
All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [1.0.1] - YYYY-MM-DD
### Fixed
- Resolved issue where application crashes upon startup.
  
### Changed
- Updated dependency versions for security reasons.

## [1.0.0] - YYYY-MM-DD
### Added
- Introduced feature X which allows Y functionality.

### Removed
- Deprecated module Z has been removed entirely from codebase.

每条目都应清晰标明所属类别，并附带简洁描述以便读者迅速把握要点。

4. 自动化生成 Changelog 的优势

考虑到手动维护 Changelog 所带来的繁重劳动量及潜在失误风险，采用脚本程序实现自动化显得尤为重要。借助 Git 提交日志信息能够高效提取所需数据并按预设样式排列组合成正式版面，从而达到节约人力成本的目的同时提高准确性与一致性水平。

示例代码片段展示如何自动生成简单的 Changelog

以下是一个简易 bash 脚本例子演示怎样依据 git 日志创建初始形态的 change log 文档:

#!/bin/bash

echo "# Changelog" > CHANGELOG.md
git tag | sort -Vr >> temp_tags.txt

while read p; do 
    echo "" >> CHANGELOG.md;
    echo "## [$p]" $(date +%Y-%m-%d) >> CHANGELOG.md ;
    echo "" >> CHANGELOG.md;

    git log $prev_tag..$p --pretty=format:"- %s (%an)" \
        | grep -E 'feat|fix' >> CHANGELOG.md ;

    prev_tag=$p;
done <temp_tags.txt

rm temp_tags.txt

此脚本会读取所有的标签(tag), 对他们进行排序, 然后遍历这些标签之间差异的日志消息(filter out only relevant types like feat & fix as per best practices), 最终写入到名为 CHANGELOG.md 文件当中去形成初步框架。

Changelog 是一种用于跟踪软件项目更改历史的重要文档，它记录了每一次版本更新的主要变化，如添加的新特性、修复的问题以及可能导致向后兼容性问题的变更。当你使用 npm update 时，changelog 工具可以帮助你看到模块的具体更新情况。

自动化生成 Changelog 可以通过结合 Git（版本控制系统）和 Bash 脚本实现，因为Git的历史记录包含了每次提交的详细信息，如作者、日期、提交消息。这些信息被自动化工具解析并转化为Changelog文件，简化了维护工作，避免了人为疏忽，并保证了格式的一致性。

具体步骤可能包括设置脚本来定期运行，扫描最近的Git提交，分析提交消息中的关键词或标签，然后按照预定义的模板生成新的或更新Changelog条目。这样每次发布时都能自动完成Changelog的更新，节省时间和提高准确性。
Tomcat Home
The Apache Software Foundation
Apache Tomcat 8
Version 8.5.54, Apr 3 2020
Links

Docs Home
FAQ
User Comments

User Guide

1) Introduction
2) Setup
3) First webapp
4) Deployer
5) Manager
6) Host Manager
7) Realms and AAA
8) Security Manager
9) JNDI Resources
10) JDBC DataSources
11) Classloading
12) JSPs
13) SSL/TLS
14) SSI
15) CGI
16) Proxy Support
17) MBeans Descriptors
18) Default Servlet
19) Clustering
20) Load Balancer
21) Connectors
22) Monitoring and Management
23) Logging
24) APR/Native
25) Virtual Hosting
26) Advanced IO
27) Additional Components
28) Mavenized
29) Security Considerations
30) Windows Service
31) Windows Authentication
32) Tomcat's JDBC Pool
33) WebSocket
34) Rewrite

Reference

Release Notes
Configuration
Tomcat Javadocs
Servlet 4.0 Javadocs
JSP 2.3 Javadocs
EL 3.0 Javadocs
WebSocket 1.1 Javadocs
JASPIC 1.1 Javadocs
Common Annotations 1.2 Javadocs
JK 1.2 Documentation

Apache Tomcat Development

Building
Changelog
Status
Developers
Architecture
Functional Specs.
Tribes

Changelog
Tomcat 8.5.54 (markt)
Catalina

Fix: Ensure all URL patterns provided via web.xml are %nn decoded consistently using the encoding of the web.xml file where specified and UTF-8 where no explicit encoding is specified. (markt)
Update: Allow a comma separated list of class names for the org.apache.tomcat.util.digester.PROPERTY_SOURCE system property. (remm)
Fix: 64149: Avoid NPE when using the access log valve without a pattern. (remm)
Fix: 64226: Reset timezone after parsing a date since the date format is reused. Test case submitted by Gary Thomas. (remm)
Fix: 64247: Using a wildcard for jarsToSkip should not override a possibly present jarsToScan. Based on code submitted by Iridias. (remm)
Fix: 64265: Fix ETag comparison performed by the default servlet. The default servlet always uses weak comparison. (markt)
Fix: Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann. (markt)

Coyote

Add: When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC7230. (markt)
Fix: 64240: Ensure that HTTP/0.9 requests that contain additional data on the request line after the URI are treated consistently. Such requests will now always be treated as HTTP/1.1. (markt)
Add: Expose the HTTP/2 connection ID and stream ID to applications via the request attributes org.apache.coyote.connectionID and org.apache.coyote.streamID respectively. (markt)
Add: Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences. (markt)
Add: Expose the associated HttpServletRequest to the CookieProcessor when generating a cookie header so the header can be tailored based on the properties of the request, such as the user agent, if required. Based on a patch by Lazar Kirchev. (markt)

Jasper

Add: Add support for specifying Java 14 (with the value 14) and Java 15 (with the value 15) as the compiler source and/or compiler target for JSP compilation. If used with an ECJ version that does not support these values, a warning will be logged and the latest supported version will used. (markt)

Cluster

Code: Refactor the creation of DeltaRequest objects to make it simpler to use custom implementations. Based on a pull request provided by Thomas Stock. (markt)

Web applications

Fix: Correct the documentation web application to remove references to the org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH system property changing how the sequence %5c is interpretted in a URI. (markt)

Other

Add: Improve the quality and expand the coverage of the French translations provided with Apache Tomcat. Contribution provided by Tom Bens. (remm)
Add: Expand the coverage of the Chinese translations provided with Apache Tomcat. Contribution provided by Lee Yazhou. (markt)
Fix: 64270: Set the documented default umask of 0027 when using jsvc via daemon.sh and allow the umask used to be configured via the UMASK environment variable as it is when using catalina.sh. (markt)
Fix: Depreacted the LOGGING_CONFIG environment variable and replace it with the CATALINA_LOGGING_CONFIG environment variable to avoid clashes with other components that use LOGGING_CONFIG. (markt)

2020-03-16 Tomcat 8.5.53 (markt)
Coyote

Fix: 64210: Correct a regression in the improvements to HTTP header validation that caused requests to be incorrectly treated as invalid if a CRLF sequence was split between TCP packets. Improve validation of request lines, including for HTTP/0.9 requests. (markt)

Other

Fix: 64206: Correct a regression introduced in 8.5.51 that meant that the HTTP port specified when using the Windows Installer was ignored and 8080 was always used. (markt)

not released Tomcat 8.5.52 (markt)
Catalina

Fix: Store config compatibility with HostWebXmlCacheCleaner listener. (remm)
Fix: Modify the RewriteValve to use ServletRequest.getServerName() to populate the HTTP_HOST variable rather than extracting it from the Host header as this allows HTTP/2 to be supported. (markt)
Code: Remove PushBuilder from the deprecated Servlet 4 Preview API. Users still depending on this feature should ideally upgrade to Tomcat 9.0.x. If upgrade is not possible, application code should cast to the internal Tomcat implementation classes. (markt)
Fix: Switch Tomcat embedded to loading MIME type mappings from a property file generated from the default web.xml so the MIME type mappings are consistent regardless of how Tomcat is started. (markt)
Fix: Missing store config attributes for Resources elements. (remm)
Fix: 64153: Ensure that the parent for the web application class loader is set consistently. (markt)
Fix: 64166: Ensure that the names returned by HttpServletResponse.getHeaderNames() are unique. (markt)
Code: Rename org.apache.tomcat.util.digester.Digester$EnvironmentPropertySource to org.apache.tomcat.util.digester.EnvironmentPropertySource. The old class is still available but deprecated. Patch provided by Bernd Bohmann. (markt)
Add: Add new attribute persistAuthentication to both StandardManager and PersistentManager to support authentication persistence. Patch provided by Carsten Klein. (markt)
Fix: 64184: Avoid repeated log messages if a MemoryUserDatabase is configured but the specified configuration file is missing. (markt)
Add: 64189: Expose the web application version String as a ServletContext attribute named org.apache.catalina.webappVersion. (markt)

Coyote

Fix: When the NIO or APR/native connectors were configured with useAsyncIO="true" and a zero length read or write was performed, the read/write would time out rather than return immediately. (markt)
Fix: 64141: If using a CA certificate, remove a default value for the truststore file when not using a JSSE configuration. (remm)
Fix: Improve robustness of OpenSSLEngine shutdown. Based on code submitted by Manuel Dominguez Sarmiento. (remm)
Fix: Add the TLS request attributes used by IIS to the attributes that an AJP Connector will always accept. (markt)
Fix: A zero length AJP secret will now behave as if it has not been specified. (remm)
Fix: 64188: If an error occurs while committing or flushing the response when using a multiplexing protocol like HTTP/2 that requires the channel to be closed but not the connection, just close the channel and allow the other channels using the connection to continue. Based on a suggestion from Alejandro Anadon. (markt)
Fix: Correct the semantics of getEnableSessionCreation and setEnableSessionCreation for OpenSSLEngine. Pull request provided by Alexander Scheel. (markt)
Fix: Allow async requests to complete cleanly when the Connector is paused before complete() is called on a container thread. (markt)

Jasper

Code: Parameterize JSP version and API class names in localization messages to allow simpler re-use between major versions. (markt)
Fix: Ensure that TLD files listed in the jsp-config section of web.xml that are registered in the uriTldResourcePathMap with the URI specified in web.xml are also registered with the URI in the TLD file if it is different. Patch provided by Markus Lottmann. (markt)

Web applications

Add: Expand the documentation for the address attribute of the AJP Connector and document that the AJP Connector also supports the ipv6v6only attribute with the APR/Native implementation. (markt)

Other

Add: Expand the coverage of the French translations provided with Apache Tomcat. (remm)
Add: Expand the coverage of the Chinese translations provided with Apache Tomcat. Contribution provided by BoltzmannWxd. (markt)
Add: Expand the coverage of the Korean translations provided with Apache Tomcat. Contributions provided by B. Cansmile Cha. (markt)
Add: 64190: Add support for specifying milliseconds (using S, SS or SSS) in the timestamp used by JULI's OneLineFormatter. (markt)

2020-02-11 Tomcat 8.5.51 (markt)
Catalina

Code: Remove part of the deprecated Servlet 4 Preview API. Users still depending on this feature should ideally upgrade to Tomcat 9.0.x. If upgrade is not possible, application code should cast to the internal Tomcat implementation classes. (markt)
Update: Do not store username and password as session notes during authentication if they are not needed. (kkolinko)
Fix: Avoid useless environment restore when not using GSSCredential in JNDIRealm. (remm)
Fix: 58577: Respect the argument-count when searching for MBean operations to invoke via the JMXProxyServlet. (schultz)
Add: 62755: Add ability to opt out of adding the default web.xml config when embedding Tomcat and adding a context via addWebapp(). Call setAddDefaultWebXmlToWebapp(false) to prevent the automatic config. (isapir/markt)
Update: 63691: Skip all jar and directory scanning when the wildcard pattern "*" or "*.jar" is set or added to tomcat.util.scan.StandardJarScanFilter.jarsToSkip. (isapir)
Fix: 64005: Correct a regression in the static resource caching changes introduced in 8.5.28. Avoid a NullPointerException when working with the URL provided for the root of a packed WAR. (markt)
Fix: 64008: Clarify/expand the Javadoc for the Tomcat#addWebapp() and related methods. (markt)
Code: Deprecate the JmxRemoteLifecycleListener as the features it provides are now available in the remote JMX capability included with the JRE. This listener will be removed in Tomcat 10 and may be removed from Tomcat 8.5.x some time after 2020-12-31. (markt)
Fix: 64011: JNDIRealm no longer authenticates to LDAP. (michaelo)
Fix: 64021: Ensure that container provided SCIs are always loaded before application provided SCIs. Note that where both the container and the application provide the same SCI, it is the application provided SCI that will be used. (markt)
Fix: SCI definitions from JARs unpacked into WEB-INF/classes are now handled consistently and will always be found irrespective of whether the web application defines a JAR ordering or not. (markt)
Fix: 64023: Skip null-valued session attributes when deserializing sessions. (schultz)
Fix: Do not throw a NullPointerException when an MBean or operation cannot be found by the JMXProxyServlet. (schultz)
Update: 64067: Allow more than one parameter when defining RewriteMaps. (fschumacher)
Fix: 64074: InputStreams for directories obtained from resource URLs now return a directory listing consistent with the behaviour of FileURLConnection. In addition to restoring the behaviour that was lost as a result of the introduction of CachedResourceURLConnection, it expands the feature to include packedWARs and to take account of resource JARs. (markt)
Update: Refactor recycle facade system property into a new connector attribute named discardFacades. (remm)
Fix: 64089: Add ${...} property replacement support to XML external entity definitions. (markt)
Code: Deprecate MappingData.contextPath as it is unused. (markt)
Fix: Fix a problem that meant that remote host, address and port information could be missing in the access log for an HTTP/2 request where the connection was closed unexpectedly. (markt)

Coyote

Fix: Ensure that Servlet Asynchronous processing timeouts fire when requests are made using HTTP/2. (markt)
Fix: Fix the corruption of the TLS configuration when using the deprecated TLS attributes on the Connector if the configuration has already been set via the new SSLHostConfig and SSLHostConfigCertificate elements. (markt)
Fix: 63966: Switch the message shown when using HTTP to connect to an HTTPS port from ISO-8859-1 to UTF-8. (markt)
Add: Add support for RFC 5915 formatted, unencrypted EC key files when using a JSSE based TLS connector. (markt)
Add: When reporting / logging invalid HTTP headers encode any non-printing characters using the 0xNN form. (markt)
Fix: Correct a regression introduced in 8.5.48 that meant invalid tokens in the Transfer-Encoding header were ignored rather than treated as an error. (markt)
Fix: Rename the HTTP Connector attribute rejectIllegalHeaderName to rejectIllegalHeader and expand the underlying implementation to include header values as well as names. (markt)
Update: Disable (comment out in server.xml) the AJP/1.3 connector by default. (markt)
Update: Change the default bind address for the AJP/1.3 connector to be the loopback address. (markt)
Add: Rename the requiredSecret attribute of the AJP/1.3 Connector to secret and add a new attribute secretRequired that defaults to true. When secretRequired is true the AJP/1.3 Connector will not start unless the secret attribute is configured to a non-null, non-zero length String. (markt)
Add: Add a new attribute, allowedRequestAttributesPattern to the AJP/1.3 Connector. Requests with unrecognised attributes will be blocked with a 403. (markt)

Jasper

Fix: Update the performance optimisation for using expressions in tags that depend on uninitialised tag attributes with implied scope to make the performance optimisation aware of the new public class (java.lang.Record) added in Java 14. (markt)
Fix: 64097: Replace the faulty custom services lookup used for ExpressionFactory implementations with ServiceLoader. (markt)
Add: Add a META-INF/services entry to jasper-el.jar so that the Expression Language implementation can be discovered via the services API. (markt)

Cluster

Fix: 64043: Ensure that session ID changes are replicated during form-authentication. (kfujino)

Web applications

Fix: 64000: In the examples web application, where a Servlet example includes i18n support, the Locale used should be based on the request locale and not the server locale. (markt)
Add: Add additional information on securing AJP/1.3 Connectors. (markt)

Other

Fix: 63995: Ensure statements are closed when a pooled JDBC connection is passivated in Tomcat's fork of Commons DBCP2. (markt)

2019-12-12 Tomcat 8.5.50 (markt)
Catalina

Add: Improvements to CsrfPreventionFilter: additional logging, allow the CSRF nonce request parameter name to be customized. (schultz)
Add: 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and friends. (michaelo)
Fix: 63964: Correct a regression in the static resource caching changes introduced in 8.5.48. URLs constructed from URLs obtained from the cache could not be used to access resources. (markt)
Fix: 63968: Fix ClassCastException in the Expires filter which was a regression in the fix for 63909. (markt)
Fix: 63970: Correct a regression in the static resource caching changes introduced in 8.5.48. Connections to URLs obtained for JAR resources could not be cast to JarURLConnection. (markt)
Add: 63937: Add a new attribute to the standard Authenticator implementations, allowCorsPreflight, that allows the Authenticators to be configured to allow CORS preflight requests to bypass authentication as required by the CORS specification. (markt)
Fix: 63939: Correct the same origin check in the CORS filter. An origin with an explicit default port is now considered to be the same as an origin without a default port and origins are now compared in a case-sensitive manner as required by the CORS speci