Spring Framework has a META-INF/web-fragment.xml file in their spring-web-4.3.*.jar library. In the version 4.3.23 that was released on March 31st they changed the value of xsi:schemaLocation in that file: - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee https://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd" The schema URL was changed from "http:" to "https:". The problem is that if Tomcat or web application are configured so that the web.xml and web-fragment.xml files are validated, the web application fails to start. Steps to reproduce with ROOT application on a clean Tomcat 9.0.17 install: 1. Add the following line to conf/catalina.properties: org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true 2. Create directory webapps/ROOT/WEB-INF/lib and place the following jar file there: spring-web-4.3.23.RELEASE.jar The library can be downloaded from the following page: https://search.maven.org/artifact/org.springframework/spring-web/4.3.23.RELEASE/jar 3. Start Tomcat. 4. ACTUAL: The ROOT web application fails to start, and the following error is printed into catalina.2019-04-**.log: 03-Apr-2019 **:**:**.234 SEVERE [main] org.apache.tomcat.util.digester.Digester.warning Parse warning at line [5] column [41] 03-Apr-2019 **:**:**.248 SEVERE [main] org.apache.tomcat.util.digester.Digester.error Parse error at line [5] column [41] org.xml.sax.SAXParseException; systemId: jar:file:*OMITTED*/webapps/ROOT/WEB-INF/lib/spring-web-4.3.23.RELEASE.jar!/META-INF/web-fragment.xml; lineNumber: 5; columnNumber: 41; cvc-elt.1: Cannot find the declaration of element 'web-fragment'. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:134) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:396) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:284) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1901) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.startElement(XMLSchemaValidator.java:741) [...] at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1431) at org.apache.tomcat.util.descriptor.web.WebXmlParser.parseWebXml(WebXmlParser.java:119) at org.apache.tomcat.util.descriptor.web.FragmentJarScannerCallback.scan(FragmentJarScannerCallback.java:77) at org.apache.tomcat.util.scan.StandardJarScanner.process(StandardJarScanner.java:378) at org.apache.tomcat.util.scan.StandardJarScanner.scan(StandardJarScanner.java:191) at org.apache.catalina.startup.ContextConfig.processJarsForWebFragments(ContextConfig.java:1956) at org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1122) at org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:768) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:301) [...] EXPECTED: If the library is downgraded to version 4.3.22, the web application starts successfully.
Commit that did the change in Spring Framework (beware that it has 612 changed files): https://github.com/spring-projects/spring-framework/commit/d40ed0942bbf184694ab522b54d616d63111c6be?diff=unified
In the tag libraries in spring-webmvc-4.3.23.RELEASE.jar they also changed META-INF/spring.tld META-INF/spring-form.tld - xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" + xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee https://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" That caused a failure during scanning of tlds and compilation failures for JSPs in some configurations (7.0.93, metadata-complete="true" so that fragments are not scanned, the exact steps are TBD). Why the ROOT app of 9.0.17 that has metadata-complete="true" performs scanning and validation for web-fragment.xml is a separate question. Workaround If I turn validation off by setting org.apache.catalina.STRICT_SERVLET_COMPLIANCE=false the affected web applications start successfully.
Fixed in: - master for 9.0.18 onwards - 8.5.x for 8.5.40 onwards - 7.0.x for 7.0.94 onwards
I tested builds of current master and 7.0.x branches. The issue is fixed. Thank you.