|
Apache Tomcat
Download
Documentation
Problems?
Get Involved
Media
Misc
|
|
Tomcat 7.0.40 Released | 2013-05-09 |
|
The Apache Tomcat Project is proud to announce the release of version 7.0.40 of
Apache Tomcat. This release contains a security fix and a number of bug fixes
and improvements compared to version 7.0.39. The notable changes include:
- A fix for CVE-2013-2071 (bug 54178) an information disclosure
issue.
- Various fixes to stop Tomcat attempting to parse text that looks like an EL
expression in a JSP document as an EL expression when EL expressions are
either not permitted or not enabled.
- Improved handling and reporting if a ConcurrentModificationException occurs
while checking for memory leaks when a web application is being stopped.
Full details of these changes, and all the other changes, are available in the
Tomcat 7 changelog.
Download |
ChangeLog for 7.0.40
|
|
|
Tomcat 7.0.39 Released | 2013-03-26 |
|
The Apache Tomcat Project is proud to announce the release of version 7.0.39 of
Apache Tomcat. This release contains a number of bug fixes and improvements
compared to version 7.0.37. The notable changes include:
- There have been multiple improvements in the bytes to/from characters
conversion process. The core conversion process has been refactored to use
the NIO APIs. This has resulted in a number of improvements including
invalid UTF-8 byte sequences at the end of a series of bytes now trigger a
conversion error rather than being silently swallowed. Errors detected in
request URIs will be replaced with the replacement character (allowing the
application to respond to the invalid URI as it wishes) and errors in
request bodies will trigger an IOException. The use of the JVM provided
UTF-8 decoder has been replaced by a better UTF-8 decoder derived from
Apache Harmony. This improved decoder has earlier detection of error
conditions and more closely follows the Unicode specification regarding the
use of replacement characters.
- The annotation scanning process now provides more information if the scan
fails due to broken class dependencies. There is now enough information to
identify the class(es) at fault. The JAR scanning process that supports
annotation scanning has also seen multiple improvements and fixes including
the exclusion by default of the Bootstrap class path from the scan.
- Upgraded a number of Tomcat's dependencies including Commons Daemon to
1.0.14, Commons IO to 2.4 and Commons FileUpload to r1458500. A new
dependency on Commons Codec was added to replace Tomcat's internal Base64
encoder/decoder.
Full details of these changes, and all the other changes, are available in the
Tomcat 7 changelog.
Download |
ChangeLog for 7.0.39
|
|
|
Tomcat 7.0.37 Released | 2013-02-18 |
|
The Apache Tomcat Project is proud to announce the release of version 7.0.37 of
Apache Tomcat. This release contains a small number of bug fixes and
improvements compared to version 7.0.35. The notable changes include:
- Fix the regression in the JspC tool that is used to pre-compile JSP pages
introduced in 7.0.35. See
issue
54440 for details. Patch provided by Sheldon Shao.
- Improve handling of
ciphers and
sslEnabledProtocols options for the BIO and NIO connectors. The
behaviour of each connector is now the same. The values provided are pruned
to those supported by the SSL implementation and when none of the remaining
values are supported a warning is issued and the connector configured with
an empty set of options (which essentially disables HTTPS support).
- Update to Commons Daemon 1.0.13.
Full details of these changes, and all the other changes, are available in the
Tomcat 7 changelog.
Download |
ChangeLog for 7.0.37
|
|
|
Tomcat 7.0.35 Released | 2013-01-16 |
|
The Apache Tomcat Project is proud to announce the release of version 7.0.35 of
Apache Tomcat. This release contains a small number of bug fixes and
improvements compared to version 7.0.34. The notable changes include:
- Integrate documentation of Tomcat 7 with Apache Comments System. People can
leave their comments when reading the documentation
online.
- Improve detection of JAVA_HOME on OSX.
- Add support for auto-detection and configuration of JARs on the classpath
that provide tag plug-in implementations. Based on a patch by Sheldon
Shao.
Full details of these changes, and all the other changes, are available in the
Tomcat 7 changelog.
Notice: The JspC tool that is used to pre-compile JSP pages
is broken in this release. See
issue 54440
for details.
Download |
ChangeLog for 7.0.35
|
|
|
Older news |
|
Announcements from previous years can be found here:
|
|
|
|
Copyright © 1999-2013, The Apache Software Foundation
Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
project logo are trademarks of the Apache Software Foundation.
|