Content

Older news

Announcements from previous years can be found here:

2015-02-20 Tomcat 8.0.20 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.20 of Apache Tomcat. Apache Tomcat 8.0.20 includes a numerous fixes for issues identified in 8.0.18 as well as a number of other enhancements and changes. The notable changes since 8.0.18 include:

  • Fix a performance regression in the new resources implementation when signed JARs are used in a web application.
  • Fix several bugs that could cause multiple registrations for write events for a single socket when using Servlet 3.0 async. Typically, the side effects of these multiple registrations would be exceptions appearing in the logs.
  • Enhance the bean factory used for JNDI resources. The new attribute forceString allows to support non-standard string argument property setters.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2015-02-20 Apache Standard Taglib 1.2.3 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.3 of the Standard Taglib. This tag library provides Apache's implementation of the JSTL 1.2 specification.

Version 1.2.3 is a security and bug fix release. It fixes a few bugs found in Standard Taglib 1.2.1 and provides protection against CVE-2015-0254 vulnerability (XXE and RCE via XSL extension in JSTL XML tags).

Please see the Taglibs section for more details.

Download | Changes

2015-01-26 Tomcat 8.0.18 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.18 of Apache Tomcat. Apache Tomcat 8.0.18 includes a numerous fixes for issues identified in 8.0.17 as well as a number of other enhancements and changes. The notable changes since 8.0.17 include:

  • A regression that caused response truncation when using forwarding (57475) has been fixed.
  • Various improvements to ReplicatedMap in Tribes.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2015-01-15 Tomcat 8.0.17 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.17 of Apache Tomcat. Apache Tomcat 8.0.17 includes numerous fixes for issues identified in 8.0.15 as well as a number of other enhancements and changes. The notable changes since 8.0.15 include:

  • Fixing a regression in annotation scanning introduced in 8.0.15
  • The RemoteAddrValve and RemoteHostValve can now optionally include the port when filtering along with a new option to trigger authentication rather than denying access
  • Various edge cases fixes in WebSocket

Warning: The following notable bug was found in 8.0.17: 57476: some HTTP responses may be truncated. The team works on preparing the next release (8.0.18) to address this issue.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download