Content

Older news

Announcements from previous years can be found here:

2015-06-03 End of life for Apache Tomcat 6.0.x

End of life date for Apache Tomcat 6.0.x is announced. Read more...

2015-05-22 Tomcat 8.0.23 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.23 of Apache Tomcat. Apache Tomcat 8.0.23 includes a numerous fixes for issues identified in 8.0.22 as well as a number of other enhancements and changes. The notable changes since 8.0.22 include:

  • Fixed corruption issues with NIO2 and TLS
  • Added a workaround for SPNEGO authentication and a JRE regression in Java 8 update 40 onwards
  • Added the new HttpHeaderSecurityFilter

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2015-05-14 Tomcat 7.0.62 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.62 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.61.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.62

2015-05-05 Tomcat 8.0.22 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.22 of Apache Tomcat. Apache Tomcat 8.0.22 includes a numerous fixes for issues identified in 8.0.21 as well as a number of other enhancements and changes. The notable changes since 8.0.21 include:

  • Change the format of the Tomcat specific URLs for resources inside JARs that are in turn packed in a WAR. The ^/ sequence has been replaced by */ so that the resulting URLs are compliant with RFC 2396 and do not trigger exceptions when converted to URIs. The old format will continue to be accepted.
  • Allow logging of the remote port in the access log using the format pattern %{remote}p.
  • When checking last modified times as part of the automatic deployment process, account for the fact that File.lastModified() has a resolution of one second to ensure that if a file has been modified within the last second, the latest version of the file is always used. Note that a side-effect of this change is that files with modification times in the future are treated as if they are unmodified.
  • Align redeploy resource modification checking with reload modification checking so that now, in both cases, a change in modification time rather than an increase in modification time is used to determine if the resource has changed.

Note: There is a known issue with NIO2 and SSL/TLS in this and previous releases that can result in dropped connections. It is not recommended that NIO2 is used in production with SSL/TLS until this issue is resolved (the fix is expected in 8.0.23).

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2015-04-07 Tomcat 7.0.61 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.61 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.59. The notable changes since 7.0.59 include:

  • Add support for Java 8 JSSE server-preferred TLS cipher suite ordering. This feature requires Java 8.
  • Update to Tomcat Native Library version 1.1.33 to pick up the Windows binaries that are based on OpenSSL 1.0.1m and APR 1.5.1.
  • Implement a new feature for AJP connectors - Tomcat Authorization. If enabled Tomcat, will take an authenticated user name from the AJP protocol and use the appropriate Realm for the request to authorize (i.e. add roles) to that user.
  • Update the Eclipse JDT compiler to version 4.4.2.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.61

2015-03-26 Tomcat 8.0.21 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.21 of Apache Tomcat. Apache Tomcat 8.0.21 includes a numerous fixes for issues identified in 8.0.20 as well as a number of other enhancements and changes. The notable changes since 8.0.20 include:

  • Enable Tomcat to detect when a WAR file has been changed while Tomcat is not running.
  • Add support for Java 8 JSSE server-preferred TLS cipher suite ordering. This feature requires Java 8.
  • Update to Tomcat Native Library version 1.1.33 to pick up the Windows binaries that are based on OpenSSL 1.0.1m and APR 1.5.1
  • Implement a new feature for AJP connectors - Tomcat Authorization. If enabled Tomcat, will take an authenticated user name from the AJP protocol and use the appropriate Realm for the request to authorize (i.e. add roles) to that user.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2015-02-20 Tomcat 8.0.20 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.20 of Apache Tomcat. Apache Tomcat 8.0.20 includes a numerous fixes for issues identified in 8.0.18 as well as a number of other enhancements and changes. The notable changes since 8.0.18 include:

  • Fix a performance regression in the new resources implementation when signed JARs are used in a web application.
  • Fix several bugs that could cause multiple registrations for write events for a single socket when using Servlet 3.0 async. Typically, the side effects of these multiple registrations would be exceptions appearing in the logs.
  • Enhance the bean factory used for JNDI resources. The new attribute forceString allows to support non-standard string argument property setters.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2015-02-20 Apache Standard Taglib 1.2.3 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.3 of the Standard Taglib. This tag library provides Apache's implementation of the JSTL 1.2 specification.

Version 1.2.3 is a security and bug fix release. It fixes a few bugs found in Standard Taglib 1.2.1 and provides protection against CVE-2015-0254 vulnerability (XXE and RCE via XSL extension in JSTL XML tags).

Please see the Taglibs section for more details.

Download | Changes

2015-02-04 Tomcat 7.0.59 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.59 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.57. The notable changes since 7.0.57 include:

  • Session ID Generator is now extensible.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download | ChangeLog for 7.0.59

2015-01-26 Tomcat 8.0.18 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.18 of Apache Tomcat. Apache Tomcat 8.0.18 includes a numerous fixes for issues identified in 8.0.17 as well as a number of other enhancements and changes. The notable changes since 8.0.17 include:

  • A regression that caused response truncation when using forwarding (57475) has been fixed.
  • Various improvements to ReplicatedMap in Tribes.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2015-01-15 Tomcat 8.0.17 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.17 of Apache Tomcat. Apache Tomcat 8.0.17 includes numerous fixes for issues identified in 8.0.15 as well as a number of other enhancements and changes. The notable changes since 8.0.15 include:

  • Fixing a regression in annotation scanning introduced in 8.0.15
  • The RemoteAddrValve and RemoteHostValve can now optionally include the port when filtering along with a new option to trigger authentication rather than denying access
  • Various edge cases fixes in WebSocket

Warning: The following notable bug was found in 8.0.17: 57476: some HTTP responses may be truncated. The team works on preparing the next release (8.0.18) to address this issue.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download