Content

Older news

Announcements from previous years can be found here:

2014-10-06 Tomcat 7.0.56 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.56 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.55. The notable changes since 7.0.55 include:

  • Update the Java WebSocket support to version 1.1 of the Java WebSocket specification.
  • Add support for the WebSocket permessage-deflate extension.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.56

2014-09-29 Tomcat 8.0.14 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.14 of Apache Tomcat. Apache Tomcat 8.0.14 includes numerous fixes for issues identified in 8.0.12 as well as a number of other enhancements and changes. The notable changes since 8.0.12 include:

  • Update the Java WebSocket support to version 1.1 of the Java WebSocket specification.
  • The Windows installer, the Windows service and the Windows service management application are all digitally signed.
  • Experimental support for Cookie parsing using RFC 6265. Note that the configuration options associated with this feature are not stable and will change in the next release.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2014-09-03 Tomcat 8.0.12 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.12 of Apache Tomcat. Apache Tomcat 8.0.12 includes numerous fixes for issues identified in 8.0.11 as well as a number of other enhancements and changes. The notable changes since 8.0.11 include:

  • Fix a regression in the processing of includes and forwards when Contexts had been reloaded.
  • Session ID generation is now extensible
  • Extend support for the WebSocket permessage-deflate extension to compression of outgoing messages on the server side

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2014-08-22 Tomcat 8.0.11 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.11 of Apache Tomcat. Apache Tomcat 8.0.11 includes numerous fixes for issues identified in 8.0.9 as well as a number of other enhancements and changes. The notable changes since 8.0.9 include:

  • Update to Tomcat Native Library version 1.1.31 to pick up the Windows binaries that are based on OpenSSL 1.0.1h.
  • Add support for OpenSSL syntax for ciphers when using JSSE SSL connectors.
  • Add support for the WebSocket permessage-deflate extension. This is currently limited to decompressing incoming messages on the server side.

Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

NOTE: A regression has been reported in 8.0.11 ( bug 56882). A 8.0.12 release is expected in the next week or so to address this.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2014-07-27 Tomcat 7.0.55 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.55 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.54. The notable changes since 7.0.54 include:

  • Update to the Eclipse JDT Compiler 4.4
  • Better error handling when the error occurs after the response has been committed
  • Various improvements to the Mapper including fixing some concurrency bugs
  • Update to Tomcat Native Library version 1.1.31 to pick up the Windows binaries that are based on OpenSSL 1.0.1h

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.55

2014-07-07 Tomcat Native 1.1.31 Released

The Apache Tomcat Project is proud to announce the release of version 1.1.31 of Tomcat Native. The notable changes since 1.1.30 include:

  • Windows binaries are linked with OpenSSL 1.0.1h. This provides a fix for CVE-2014-0224, an OpenSSL MITM vulnerability. (56596)
  • Resolve an issue when using FIPS mode. (56396)

Download | ChangeLog for 1.1.31

2014-06-25 Tomcat 8.0.9 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.9 of Apache Tomcat. This is the first stable release of the 8.0.x series. Tomcat 8 is aligned with Java EE 7. In addition to supporting updated versions of the Java EE specifications, Tomcat 8 includes a number of improvements compared to Tomcat 7. The notable changes include:

  • Support for Java Servlet 3.1, JavaServer Pages 2.3, Java Unified Expression Language 3.0 and Java WebSocket 1.0.
  • The default connector implementation is now the Java non-blocking implementation (NIO) for both HTTP and AJP.
  • A new resources implementation that replaces Aliases, VirtualLoader, VirtualDirContext, JAR resources and external repositories with a single, consistent approach for configuring additional web application resources. The new resources implementation can also be used to implement overlays (using a master WAR as the basis for multiple web applications that each have their own customizations).

Apache Tomcat 8.0.9 includes numerous fixes for issues identified in 8.0.8 (beta) as well as a number of other enhancements and changes. The notable changes since 8.0.8 include:

  • Start to move towards RFC6265 for cookie handling
  • Better error handling when the error occurs after the response has been committed
  • Various Jasper improvements to make it easier for other containers (e.g. Jetty) to consume

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2014-05-23 Tomcat 6.0.41 Released

The Apache Tomcat Project is proud to announce the release of version 6.0.41 of Apache Tomcat. This release includes a number of bug fixes over Apache Tomcat 6.0.39. The notable changes include:

  • Add support for using ecj-P20140317-1600.jar to use Java 8 syntax in JSPs
  • Update native library to 1.1.30
  • Various improvements to XML processing

Download | ChangeLog for 6.0.41

2014-05-22 Tomcat 7.0.54 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.54 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.53. The notable changes since 7.0.53 include:

  • Extend and improve memory leak protection and fix a few leaks that crept in during the various refactorings
  • Add additional protection against a failure to correctly recycle the request and response objects
  • APR/native library version updated to 1.1.30.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.54

2014-05-21 Tomcat 8.0.8 (beta) Released

The Apache Tomcat Project is proud to announce the release of version 8.0.8 (beta) of Apache Tomcat. Tomcat 8 is aligned with Java EE 7. In addition to supporting updated versions of the Java EE specifications, Tomcat 8 includes a number of improvements compared to Tomcat 7. The notable changes include:

  • Support for Java Servlet 3.1, JavaServer Pages 2.3, Java Unified Expression Language 3.0 and Java WebSocket 1.0.
  • The default connector implementation is now the Java non-blocking implementation (NIO) for both HTTP and AJP.
  • A new resources implementation that replaces Aliases, VirtualLoader, VirtualDirContext, JAR resources and external repositories with a single, consistent approach for configuring additional web application resources. The new resources implementation can also be used to implement overlays (using a master WAR as the basis for multiple web applications that each have their own customizations).

Apache Tomcat 8.0.8 (beta) includes numerous fixes for issues identified in 8.0.5 as well as a number of other enhancements and changes. The notable changes since 8.0.5 include:

  • Further NIO2 fixes which is now considered BETA
  • Extend and improve memory leak protection and fix a few leaks that crept in during the various refactorings
  • Add additional protection against a failure to correctly recycle the request and response objects

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

The purpose of this beta release is to give users an opportunity to test Tomcat 8 and to provide feedback to the Tomcat community. Although it is a beta release, it is expected to run stably and is being used in production at the ASF for the ASF's Jira instance. The beta status is primarily because the Tomcat developers feel more feedback is required before a stable release and because there may be a small amount of further refactoring.

Download

2014-04-15 Tomcat Native 1.1.30 Released

The Apache Tomcat Project is proud to announce the release of version 1.1.30 of Tomcat Native. The notable changes since 1.1.29 include:

  • Windows binaries are linked with OpenSSL 1.0.1g. This provides a fix for CVE-2014-0160 (Heartbleed) SSL vulnerability.
  • Add support for ECDHE ciphers. (55915)

Download | ChangeLog for 1.1.30

2014-03-30 Tomcat 7.0.53 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.53 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.52. The notable changes since 7.0.52 include:

  • Update the Eclipse JDT compiler to enable full Java 8 support in JSPs.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.53

2014-03-27 Tomcat 8.0.5 (beta) Released

The Apache Tomcat Project is proud to announce the release of version 8.0.5 (beta) of Apache Tomcat. Tomcat 8 is aligned with Java EE 7. In addition to supporting updated versions of the Java EE specifications, Tomcat 8 includes a number of improvements compared to Tomcat 7. The notable changes include:

  • Support for Java Servlet 3.1, JavaServer Pages 2.3, Java Unified Expression Language 3.0 and Java WebSocket 1.0.
  • The default connector implementation is now the Java non-blocking implementation (NIO) for both HTTP and AJP.
  • A new resources implementation that replaces Aliases, VirtualLoader, VirtualDirContext, JAR resources and external repositories with a single, consistent approach for configuring additional web application resources. The new resources implementation can also be used to implement overlays (using a master WAR as the basis for multiple web applications that each have their own customizations).

Apache Tomcat 8.0.5 (beta) includes numerous fixes for issues identified in 8.0.3 as well as a number of other enhancements and changes. The notable changes since 8.0.3 include:

  • Update the Eclipse JDT compiler to enable full Java 8 support in JSPs.
  • Update the default database connection pool implementation based on a repackaged Apache Commons DBCP to use the DBCP 2.0 release.
  • Add new, experimental HTTP and AJP connectors based on NIO2.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

The purpose of this beta release is to give users an opportunity to test Tomcat 8 and to provide feedback to the Tomcat community. Although it is a beta release, it is expected to run stably and is being used in production at the ASF for the ASF's Jira instance. The beta status is primarily because the Tomcat developers feel more feedback is required before a stable release and because there may be a small amount of further refactoring.

Download

2014-03-11 Tomcat Connectors 1.2.39 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.39 of Apache Tomcat Connectors. This version fixes few bugs found in previous releases and adds some new features like IPV6 support.

Download | ChangeLog for 1.2.39

2014-02-17 Tomcat 7.0.52 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.52 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.50. The notable changes since 7.0.50 include:

  • Fix CVE-2014-0050, a DoS vulnerability related to multi-part processing.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.52

2014-02-11 Tomcat 8.0.3 (beta) Released

The Apache Tomcat Project is proud to announce the release of version 8.0.3 (beta) of Apache Tomcat. Tomcat 8 is aligned with Java EE 7. In addition to supporting updated versions of the Java EE specifications, Tomcat 8 includes a number of improvements compared to Tomcat 7. The notable changes include:

  • Support for Java Servlet 3.1, JavaServer Pages 2.3, Java Unified Expression Language 3.0 and Java WebSocket 1.0.
  • The default connector implementation is now the Java non-blocking implementation (NIO) for both HTTP and AJP.
  • A new resources implementation that replaces Aliases, VirtualLoader, VirtualDirContext, JAR resources and external repositories with a single, consistent approach for configuring additional web application resources. The new resources implementation can also be used to implement overlays (using a master WAR as the basis for multiple web applications that each have their own customizations).

Apache Tomcat 8.0.3 (beta) includes numerous fixes for issues identified in 8.0.1 as well as a number of other enhancements and changes. The notable changes since 8.0.1 include:

  • Fix CVE-2014-0050, a DoS vulnerability related to multi-part processing.
  • Fix WebDAV support broken by the resources refactoring.
  • Enable non-blocking reads to take place on non-container threads.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

The purpose of this beta release is to give users an opportunity to test Tomcat 8 and to provide feedback to the Tomcat community. Although it is a beta release, it is expected to run stably and is being used in production at the ASF for the ASF's Jira instance. The beta status is primarily because the Tomcat developers feel more feedback is required before a stable release. It is also because 8.0.3 depends on a snapshot rather than a release build of Apache Commons DBCP2 and because there may be a small amount of further refactoring.

Download

2014-02-02 Tomcat 8.0.1 (beta) Released

The Apache Tomcat Project is proud to announce the release of version 8.0.1 (beta) of Apache Tomcat. Tomcat 8 is aligned with Java EE 7. In addition to supporting updated versions of the Java EE specifications, Tomcat 8 includes a number of improvements compared to Tomcat 7. The notable changes include:

  • Support for Java Servlet 3.1, JavaServer Pages 2.3, Java Unified Expression Language 3.0 and Java WebSocket 1.0.
  • The default connector implementation is now the Java non-blocking implementation (NIO) for both HTTP and AJP.
  • A new resources implementation that replaces Aliases, VirtualLoader, VirtualDirContext, JAR resources and external repositories with a single, consistent approach for configuring additional web application resources. The new resources implementation can also be used to implement overlays (using a master WAR as the basis for multiple web applications that each have their own customizations).

Apache Tomcat 8.0.1 (beta) includes numerous fixes for issues identified in RC10 as well as a number of other enhancements and changes. The notable changes since RC10 include:

  • Fix sendFile support for the NIO connector.
  • Move control of caching and linking options from the Context to the WebResourceRoot to enable them to by changed while the web application is running.
  • Add support for a dedicated listener for class loader binding and unbinding events.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

The purpose of this beta release is to give users an opportunity to test Tomcat 8 and to provide feedback to the Tomcat community. Although it is a beta release, it is expected to run stably and is being used in production at the ASF for the ASF's Jira instance. The beta status is primarily because the Tomcat developers feel more feedback is required before a stable release. It is also because 8.0.1 depends on a snapshot rather than a release build of Apache Commons DBCP2 and because there may be a small amount of further refactoring.

Download

2014-01-31 Tomcat 6.0.39 Released

The Apache Tomcat Project is proud to announce the release of version 6.0.39 of Apache Tomcat. This release includes a number of security and bug fixes over Apache Tomcat 6.0.37. The notable changes include:

  • Various improvements to XML configuration file validation.
  • Better adherence to RFC2616 for Content-Type and Content-Length headers.
  • Avoid CVE-2013-1571 when generating Javadoc.

Download | ChangeLog for 6.0.39

2014-01-08 Tomcat 7.0.50 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.50 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.47.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.50