Content

Older news

Announcements from previous years can be found here:

2024-03-14 Tomcat 9.0.87 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.87 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.86 include:

  • When restoring a saved POST request after a successful FORM authentication, ensure that neither the URI, the query string nor the protocol are corrupted when restoring the request body.
  • Align error handling for Writer and OutputStream. Ensure use of either once the response has been recycled triggers a NullPointerException provided that discardFacades is configured with the default value of true.
  • The standard thread pool implementations that are configured using the Executor element now implement ExecutorService for better support of NIO2 or others.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2024-03-14 Tomcat 11.0.0-M18 Released

The Apache Tomcat Project is proud to announce the release of version 11.0.0-M18 (alpha) of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 11.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is available to aid this process.

The notable changes in this release are:

  • Reduce minimum Java version to Java 17
  • When restoring a saved POST request after a successful FORM authentication, ensure that neither the URI, the query string no the protocol are corrupted when restoring the request body.
  • Align error handling for Writer and OutputStream. Ensure use of either once the response has been recycled triggers a NullPointerException provided that discardFacades is configured with the default value of true.

Full details of these changes, and all the other changes, are available in the Tomcat 11 (alpha) changelog.

Download

2024-02-19 Tomcat 10.1.19 Released

The Apache Tomcat Project is proud to announce the release of version 10.1.19 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 10 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns.
  • Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Altındağ.
  • Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 changelog.

Download

2024-02-19 Tomcat 8.5.99 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.99 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.98 include:

  • Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns.
  • Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Altındağ.
  • Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Please note that Apache Tomcat 8.5.x will reach End-of-life (EOL) on 31 March 2024.

Download

2024-02-19 Tomcat 9.0.86 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.86 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.85 include:

  • Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns.
  • Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Altındağ.
  • Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2024-02-19 Tomcat 11.0.0-M17 Released

The Apache Tomcat Project is proud to announce the release of version 11.0.0-M17 (alpha) of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 11.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is available to aid this process.

The notable changes in this release are:

  • Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns.
  • Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Altındağ.
  • Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace.

Full details of these changes, and all the other changes, are available in the Tomcat 11 (alpha) changelog.

Download

2024-01-09 Tomcat 8.5.98 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.98 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.97 include:

  • Fix virtual thread support for the NIO2 connector.
  • Correct a regression in the fix for 67675 that broke TLS key file parsing for PKCS#8 format keys that do not specify an explicit pseudo-random function and rely on the default. This typically affects keys generated by OpenSSL 1.0.2.
  • Allow multiple operations with the same name on introspected mbeans, fixing a regression caused by the introduction of a second addSslHostConfig() method.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Please note that Apache Tomcat 8.5.x will reach End-of-life (EOL) on 31 March 2024.

Download

2024-01-09 Tomcat 10.1.18 Released

The Apache Tomcat Project is proud to announce the release of version 10.1.18 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 10 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Fix virtual thread support for the NIO2 connector.
  • Correct a regression in the fix for 67675 that broke TLS key file parsing for PKCS#8 format keys that do not specify an explicit pseudo-random function and rely on the default. This typically affects keys generated by OpenSSL 1.0.2.
  • Allow multiple operations with the same name on introspected mbeans, fixing a regression caused by the introduction of a second addSslHostConfig() method.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 changelog.

Download

2024-01-09 Tomcat 9.0.85 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.85 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.84 include:

  • Fix virtual thread support for the NIO2 connector.
  • Correct a regression in the fix for 67675 that broke TLS key file parsing for PKCS#8 format keys that do not specify an explicit pseudo-random function and rely on the default. This typically affects keys generated by OpenSSL 1.0.2.
  • Allow multiple operations with the same name on introspected mbeans, fixing a regression caused by the introduction of a second addSslHostConfig() method.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2024-01-09 Tomcat 11.0.0-M16 Released

The Apache Tomcat Project is proud to announce the release of version 11.0.0-M16 (alpha) of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 11.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is available to aid this process.

The notable changes in this release are:

  • Fix virtual thread support for the NIO2 connector
  • Correct a regression in the fix for 67675 that broke TLS key file parsing for PKCS#8 format keys that do not specify an explicit pseudo-random function and rely on the default. This typically affects keys generated by OpenSSL 1.0.2.
  • Allow multiple operations with the same name on introspected mbeans, fixing a regression caused by the introduction of a second addSslHostConfig() method.

Full details of these changes, and all the other changes, are available in the Tomcat 11 (alpha) changelog.

Download