Tomcat Logo

Apache Tomcat

 Apache Logo

Apache Tomcat

Download

Documentation

Problems?

Get Involved

Media

Misc

Tomcat 7.0.40 Released2013-05-09

The Apache Tomcat Project is proud to announce the release of version 7.0.40 of Apache Tomcat. This release contains a security fix and a number of bug fixes and improvements compared to version 7.0.39. The notable changes include:

  • A fix for CVE-2013-2071 (bug 54178) an information disclosure issue.
  • Various fixes to stop Tomcat attempting to parse text that looks like an EL expression in a JSP document as an EL expression when EL expressions are either not permitted or not enabled.
  • Improved handling and reporting if a ConcurrentModificationException occurs while checking for memory leaks when a web application is being stopped.
Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.40


Tomcat 7.0.39 Released2013-03-26

The Apache Tomcat Project is proud to announce the release of version 7.0.39 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.37. The notable changes include:

  • There have been multiple improvements in the bytes to/from characters conversion process. The core conversion process has been refactored to use the NIO APIs. This has resulted in a number of improvements including invalid UTF-8 byte sequences at the end of a series of bytes now trigger a conversion error rather than being silently swallowed. Errors detected in request URIs will be replaced with the replacement character (allowing the application to respond to the invalid URI as it wishes) and errors in request bodies will trigger an IOException. The use of the JVM provided UTF-8 decoder has been replaced by a better UTF-8 decoder derived from Apache Harmony. This improved decoder has earlier detection of error conditions and more closely follows the Unicode specification regarding the use of replacement characters.
  • The annotation scanning process now provides more information if the scan fails due to broken class dependencies. There is now enough information to identify the class(es) at fault. The JAR scanning process that supports annotation scanning has also seen multiple improvements and fixes including the exclusion by default of the Bootstrap class path from the scan.
  • Upgraded a number of Tomcat's dependencies including Commons Daemon to 1.0.14, Commons IO to 2.4 and Commons FileUpload to r1458500. A new dependency on Commons Codec was added to replace Tomcat's internal Base64 encoder/decoder.
Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.39


Tomcat 7.0.37 Released2013-02-18

The Apache Tomcat Project is proud to announce the release of version 7.0.37 of Apache Tomcat. This release contains a small number of bug fixes and improvements compared to version 7.0.35. The notable changes include:

  • Fix the regression in the JspC tool that is used to pre-compile JSP pages introduced in 7.0.35. See issue 54440 for details. Patch provided by Sheldon Shao.
  • Improve handling of ciphers and sslEnabledProtocols options for the BIO and NIO connectors. The behaviour of each connector is now the same. The values provided are pruned to those supported by the SSL implementation and when none of the remaining values are supported a warning is issued and the connector configured with an empty set of options (which essentially disables HTTPS support).
  • Update to Commons Daemon 1.0.13.
Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.37


Tomcat 7.0.35 Released2013-01-16

The Apache Tomcat Project is proud to announce the release of version 7.0.35 of Apache Tomcat. This release contains a small number of bug fixes and improvements compared to version 7.0.34. The notable changes include:

  • Integrate documentation of Tomcat 7 with Apache Comments System. People can leave their comments when reading the documentation online.
  • Improve detection of JAVA_HOME on OSX.
  • Add support for auto-detection and configuration of JARs on the classpath that provide tag plug-in implementations. Based on a patch by Sheldon Shao.
Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Notice: The JspC tool that is used to pre-compile JSP pages is broken in this release. See issue 54440 for details.

Download | ChangeLog for 7.0.35


Older news

Announcements from previous years can be found here:

Copyright © 1999-2013, The Apache Software Foundation
Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation.