Content

Older news

Announcements from previous years can be found here:

2018-12-18 Tomcat 8.5.37 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.37 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.35 include:

  • Implement the requirements of section 8.2.2 2.c of the Servlet specification and prevent a web application from deploying if it has fragments with duplicate names and is configured to use relative ordering of fragments.
  • The default Servlet no longer overrides a previously set content-type.
  • Update the packaged version of the Tomcat Native Library to 1.2.19 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1a.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

Download

2018-12-12 Tomcat 9.0.14 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.14 of Apache Tomcat. The notable changes compared to 9.0.13 include:

  • Significant expansion of localisation support with the addition of Brazilian Portuguese, Korean and Chinese (simplified) as well as the expansion of coverage for existing languages.
  • Refactor back ground processing and various independent thread pools to use a common executor.
  • Update the packaged version of the Tomcat Native Library to 1.2.19 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1a.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2018-12-04 Tomcat Native 1.2.19 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.19 of Tomcat Native. The notable changes since 1.2.18 include:

  • Fixed memory leaks when using OCSP checks.
  • Windows binaries built with APR 1.6.5 and OpenSSL 1.0.2q.
  • Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1a.

Download | ChangeLog for 1.2.19

2018-11-07 Tomcat 9.0.13 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.13 of Apache Tomcat. The notable changes compared to 9.0.12 include:

  • support for TLSv1.3 when used with a JRE or OpenSSL version that supports it
  • added support for encrypting cluster traffic
  • added automatic reloading of tomcat-users.xml after a change

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2018-11-07 Tomcat 8.5.35 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.35 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.34 include:

  • support for TLSv1.3 when used with a JRE or OpenSSl version that supports it
  • multiple improvements to the RewriteValve
  • correct several regressions in the JSP compiler

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

Download

2018-10-20 Tomcat Native 1.2.18 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.18 of Tomcat Native. The notable changes since 1.2.17 include:

  • Windows binaries built with APR 1.6.5 and OpenSSL 1.0.2p.
  • Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1.
  • TLSv1.3 support when built with OpenSSL 1.1.1

Download | ChangeLog for 1.2.18

2018-09-19 Tomcat 7.0.91 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.91 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.90.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download

2018-09-10 Tomcat 9.0.12 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.12 of Apache Tomcat. The notable changes compared to 9.0.11 include:

  • Fix multiple issues associated with using the asynchronous Servlet API in combination with HTTP/2.
  • Add recursion to rewrite substitution parsing.
  • Expand the information in the documentation web application regarding the use of CATALINA_HOME and CATALINA_BASE. Patch provided by Marek Czernek.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2018-09-10 Tomcat 8.5.34 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.34 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.33 include:

  • Fix multiple issues associated with using the asynchronous Servlet API in combination with HTTP/2.
  • Add recursion to rewrite substitution parsing.
  • Expand the information in the documentation web application regarding the use of CATALINA_HOME and CATALINA_BASE. Patch provided by Marek Czernek.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

Download

2018-09-01 Tomcat Connectors 1.2.44 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.44 of Apache Tomcat Connectors. This version fixes a number of bugs found in previous releases.

Download | ChangeLog for 1.2.44

2018-08-17 Tomcat 9.0.11 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.11 of Apache Tomcat. The notable changes compared to 9.0.10 include:

  • Correctly decode URL paths (+ should not be decoded to a space in the path) in the RequestDispatcher and the web application class loader.
  • Add a default location for the native library: ${catalina.home}/bin
  • Make the Jasper (JSP Engine) Java file generation process multi-threaded. By default, one thread will be used per core. Based on a patch by Dan Fabulich.

Note: A number of known issues remain using Servlet asynchronous support with HTTP/2. These will be fixed in the next release.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2018-08-17 Tomcat 8.5.33 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.33 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.32 include:

  • Correctly decode URL paths (+ should not be decoded to a space in the path) in the RequestDispatcher and the web application class loader.
  • When pre-compiling with JspC, report all compilation errors rather than stopping after the first error. A new option -failFast can be used to restore the previous behaviour of stopping after the first error. Based on a patch provided by Marc Pompl.
  • Make the Jasper (JSP Engine) Java file generation process multi-threaded. By default, one thread will be used per core. Based on a patch by Dan Fabulich.

Note: A number of known issues remain using Servlet asynchronous support with HTTP/2. These will be fixed in the next release.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

Download

2018-07-06 Tomcat 7.0.90 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.90 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.88. The notable changes compared to 7.0.88 include:

  • Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges are defined using CIDR notation. Based on a patch by Francis Galiegue.
  • Update the packaged version of the Tomcat Native Library to 1.2.17 to pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL 1.0.2o.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download

2018-06-25 Tomcat 9.0.10 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.10 of Apache Tomcat. The notable changes compared to 9.0.8 include:

  • Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges are defined using CIDR notation. Based on a patch by Francis Galiegue.
  • Use NIO2 API for websockets writes.
  • Update the packaged version of the Tomcat Native Library to 1.2.17 to pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL 1.0.2o.
  • Correct a regression in the Host validation by removing the requirement that the final component of a FQDN must be alphabetic.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2018-06-25 Tomcat 8.5.32 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.32 of Apache Tomcat. Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.31 include:

  • Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges are defined using CIDR notation. Based on a patch by Francis Galiegue.
  • Update the packaged version of the Tomcat Native Library to 1.2.17 to pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL 1.0.2o.
  • Correct a regression in the Host validation by removing the requirement that the final component of a FQDN must be alphabetic.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

Download

2018-06-13 Tomcat Native 1.2.17 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.17 of Tomcat Native. The notable changes since 1.2.16 include:

  • Windows binaries built with APR 1.6.3 and OpenSSL 1.0.2o.
  • Fixes for OCSP support and CRL file handling.

Note that users should now be using 1.2.x in preference to 1.1.x.

Download | ChangeLog for 1.2.17

2018-05-11 Tomcat 7.0.88 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.88 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.86. The notable changes compared to 7.0.86 include:

  • Correct a regression in handling of DataSource resources that do not specify a factory.
  • Implement configuration options to work-around specification non-compliant user agents (including all the major browsers) that do not correctly %nn encode URI paths and query strings as required by RFC 7230 and RFC 3986
  • Enable the CrawlerSessionManagerValve to correctly handle bots that crawl multiple hosts and/or web applications when the Valve is configured on a Host or an Engine.
  • Add support for annotation scanning of classes built with Java 11 EA

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download

2018-05-08 Tomcat 8.0.52 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.52 of Apache Tomcat. Apache Tomcat 8.0.52 includes fixes for issues identified in 8.0.51 as well as other enhancements and changes. The notable changes compared to 8.0.51 include:

  • Implement configuration options to work-around specification non-compliant user agents (including all the major browsers) that do not correctly %nn encode URI paths and query strings as required by RFC 7230 and RFC 3986
  • Enable the CrawlerSessionManagerValve to correctly handle bots that crawl multiple hosts and/or web applications when the Valve is configured on a Host or an Engine.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Note: End of life date for Apache Tomcat 8.0.x is announced. Read more...

Download

2018-05-03 Tomcat 9.0.8 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.8 of Apache Tomcat. The notable changes compared to 9.0.7 include:

  • Implement configuration options to work-around specification non-compliant user agents (including all the major browsers) that do not correctly %nn encode URI paths and query strings as required by RFC 7230 and RFC 3986
  • Enable the CrawlerSessionManagerValve to correctly handle bots that crawl multiple hosts and/or web applications when the Valve is configured on a Host or an Engine.
  • Add support for annotation scanning of classes built with Java 11 EA

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2018-05-03 Tomcat 8.5.31 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.31 of Apache Tomcat. Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.30 include:

  • Implement configuration options to work-around specification non-compliant user agents (including all the major browsers) that do not correctly %nn encode URI paths and query strings as required by RFC 7230 and RFC 3986
  • Enable the CrawlerSessionManagerValve to correctly handle bots that crawl multiple hosts and/or web applications when the Valve is configured on a Host or an Engine.
  • Add support for annotation scanning of classes built with Java 11 EA

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

Download

2018-04-13 Tomcat 7.0.86 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.86 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.85. The notable changes compared to 7.0.85 include:

  • Add support for the maxDays attribute to the AccessLogValve and ExtendedAccessLogValve. This allows the maximum number of days for which rotated access logs should be retained before deletion to be defined.
  • Avoid infinite recursion, when trying to validate a session while loading it with PersistentManager.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Warning: There is a regression in handling of DataSource resources that do not specify a factory. A simple configuration workaround is available. See bug 62316. This will be fixed in 7.0.87.

Download

2018-04-13 Tomcat 8.0.51 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.51 of Apache Tomcat. Apache Tomcat 8.0.51 includes fixes for issues identified in 8.0.50 as well as other enhancements and changes. The notable changes compared to 8.0.50 include:

  • Avoid infinite recursion, when trying to validate a session while loading it with PersistentManager.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Note: End of life date for Apache Tomcat 8.0.x is announced. Read more...

Download

2018-04-07 Tomcat 9.0.7 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.7 of Apache Tomcat. The notable changes compared to 9.0.6 include:

  • Add support for the maxDays attribute to the AccessLogValve and ExtendedAccessLogValve. This allows the maximum number of days for which rotated access logs should be retained before deletion to be defined.
  • Avoid infinite recursion, when trying to validate a session while loading it with PersistentManager.
  • Correct two protocol errors with HTTP/2 PUSH_PROMISE frames.
  • The OpenSSL engine SSL session will now ignore invalid accesses.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2018-04-07 Tomcat 8.5.30 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.30 of Apache Tomcat. Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.29 include:

  • Add support for the maxDays attribute to the AccessLogValve and ExtendedAccessLogValve. This allows the maximum number of days for which rotated access logs should be retained before deletion to be defined.
  • Avoid infinite recursion, when trying to validate a session while loading it with PersistentManager.
  • Correct two protocol errors with HTTP/2 PUSH_PROMISE frames.
  • The OpenSSL engine SSL session will now ignore invalid accesses.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

Download

2018-03-08 Tomcat 9.0.6 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.6 of Apache Tomcat. The notable changes compared to 9.0.5 include:

  • TLS stability improvements.
  • Add the ability to specify static HTML responses for specific error codes and/or exception types with the ErrorReportValve.
  • Add an async HTTP/2 parser for NIO2.
  • Add documentation for the Host Manager web application. Patch provided by Marek Czernek.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2018-03-08 Tomcat 8.5.29 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.29 of Apache Tomcat. Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.28 include:

  • TLS stability improvements.
  • Correct a regression in the fix for 60276 that meant compression was applied to all MIME types. Patch provided by Stefan Knoblich.
  • Add documentation for the Host Manager web application. Patch provided by Marek Czernek.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

Download

2018-03-06 Tomcat Connectors 1.2.43 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.43 of Apache Tomcat Connectors. This version fixes a number of bugs found in previous releases.

Download | ChangeLog for 1.2.43

2018-02-13 Tomcat 7.0.85 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.85 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.84.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download

2018-02-13 Tomcat 8.0.50 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.50 of Apache Tomcat. Apache Tomcat 8.0.50 includes fixes for issues identified in 8.0.49 as well as other enhancements and changes.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Note: End of life date for Apache Tomcat 8.0.x is announced. Read more...

Download

2018-02-11 Tomcat 9.0.5 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.5 of Apache Tomcat. The notable changes compared to 9.0.4 include:

  • Refactor error handling to enable errors that occur before processing is passed to the application to be handled by the application provided error handling and/or the container provided error handling (ErrorReportValve) as appropriate.
  • Enable strict validation of the provided host name and port for all connectors. Requests with invalid host names and/or ports will be rejected with a 400 response.
  • Enhance the JMX support for jdbc-pool in order to expose PooledConnection and JdbcInterceptors.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2018-02-11 Tomcat 8.5.28 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.28 of Apache Tomcat. Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.27 include:

  • Fix truncated request input streams when using NIO2 with TLS.
  • Improved error handling and reporting for TLS configuration.
  • Enhance the JMX support for jdbc-pool in order to expose PooledConnection and JdbcInterceptors.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

Download

2018-01-24 Tomcat 7.0.84 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.84 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.82. The notable changes compared to 7.0.82 include:

  • Java 9 is fully supported
  • Updated the packaged version of the Tomcat Native Library to 1.2.16 to pick up the latest Windows binaries built with APR 1.6.3 and OpenSSL 1.0.2m
  • Add a new system property (org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE) to control the size of the buffer used by Jasper when buffering tag bodies.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Download

2018-01-24 Tomcat 8.0.49 Released

The Apache Tomcat Project is proud to announce the release of version 8.0.49 of Apache Tomcat. Apache Tomcat 8.0.49 includes fixes for issues identified in 8.0.48 as well as other enhancements and changes. The notable changes compared to 8.0.48 include:

  • Add a new system property (org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE) to control the size of the buffer used by Jasper when buffering tag bodies.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Note: End of life date for Apache Tomcat 8.0.x is announced. Read more...

Download

2018-01-22 Tomcat 8.5.27 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.27 of Apache Tomcat. Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.24 include:

  • Add support for GZIP compression with HTTP/2
  • Expand the TLS functionality exposed via the Manager application
  • Return a simple, plain text error message if a client attempts to make a plain text HTTP connection to a TLS enabled NIO or NIO2 Connector.
  • Add a new system property (org.apache.jasper.runtime.BodyContentImpl.BUFFER_SIZE) to control the size of the buffer used by Jasper when buffering tag bodies.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

Download

2018-01-22 Tomcat 9.0.4 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.4 of Apache Tomcat. This is the first stable release of the 9.0.x series. The notable changes compared to 9.0.2 include:

  • Modify the Default and WebDAV Servlets so that a 405 status code is returned for PUT and DELETE requests when disabled via the readonly initialisation parameter.
  • Add support for GZIP compression with HTTP/2
  • Expand the TLS functionality exposed via the Manager application
  • Return a simple, plain text error message if a client attempts to make a plain text HTTP connection to a TLS enabled NIO or NIO2 Connector.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download