Content

Older news

Announcements from previous years can be found here:

2023-04-19 Tomcat 10.1.8 Released

The Apache Tomcat Project is proud to announce the release of version 10.1.8 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 10 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Reduce the default value of maxParameterCount from 10,000 to 1,000.
  • Correct a regression in the fix for bug 66442 that meant that streams without a response body did not decrement the active stream count when completing leading to ERR_HTTP2_SERVER_REFUSED_STREAM for some connections.
  • Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used.
  • Implement RFC 9239; note the MIME types for Javascript has changed to text/javascript.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 changelog.

Download

2023-04-19 Tomcat 8.5.88 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.88 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.87 include:

  • Reduce the default value of maxParameterCount from 10,000 to 1,000.
  • Correct a regression in the fix for bug 66442 that meant that streams without a response body did not decrement the active stream count when completing, leading to ERR_HTTP2_SERVER_REFUSED_STREAM for some connections.
  • Refactor synchronization blocks locking on SocketWrapper to use ReentrantLock to support users wishing to experiment with project Loom.
  • Implement RFC 9239; note the MIME types for Javascript has changed to text/javascript.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Please note that Apache Tomcat 8.5.x will reach End-of-life (EOL) on 31 March 2024.

Download

2023-04-18 Tomcat 9.0.74 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.74 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.73 include:

  • Correct a regression in the fix for bug 66442 that meant that streams without a response body did not decrement the active stream count when completing, leading to ERR_HTTP2_SERVER_REFUSED_STREAM for some connections.
  • Add an access log valve that uses a json format. Based on a pull request provided by Thomas Meyer.
  • Refactor synchronization blocks locking on SocketWrapper to use ReentrantLock to support users wishing to experiment with project Loom.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2023-04-19 Tomcat 11.0.0-M5 Released

The Apache Tomcat Project is proud to announce the release of version 11.0.0-M5 (alpha) of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 11.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is available to aid this process.

The notable changes in this release are:

  • Reduce the default value of maxParameterCount from 10,000 to 1,000.
  • Correct a regression in the fix for bug 66442 that meant that streams without a response body did not decrement the active stream count when completing leading to ERR_HTTP2_SERVER_REFUSED_STREAM for some connections.
  • Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used.

Full details of these changes, and all the other changes, are available in the Tomcat 11 (alpha) changelog.

Download

2023-03-03 Tomcat 10.1.7 Released

The Apache Tomcat Project is proud to announce the release of version 10.1.7 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 10 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Correct a regression introduced in the fix for bug 66196 that meant that the HTTP headers and/or request line could get corrupted (one part overwriting another part) within a single request.
  • Revert the switch to using the ServiceLoader mechanism to load the custom URL protocol handlers that Tomcat uses. The original system property based approach has been restored.
  • Restore inline state after async operation in NIO2, to account the fact that unexpected exceptions are sometimes thrown by the implementation. Patch submitted by zhougang.
  • Provide a more appropriate response (501 rather than 400) when rejecting an HTTP request using the CONNECT method.
  • Add support for txt: and rnd: rewrite map types from mod_rewrite. Based on a pull request provided by Dimitrios Soumis.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 changelog.

Download

2023-03-03 Tomcat 8.5.87 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.87 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.86 include:

  • Correct a regression introduced in the fix for bug 66196 that meant that the HTTP headers and/or request line could get corrupted (one part overwriting another part) within a single request.
  • Provide a more appropriate response (501 rather than 400) when rejecting an HTTP request using the CONNECT method.
  • Add support for txt: and rnd: rewrite map types from mod_rewrite. Based on a pull request provided by Dimitrios Soumis.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Please note that Apache Tomcat 8.5.x will reach End-of-life (EOL) on 31 March 2024.

Download

2023-03-06 Tomcat 11.0.0-M4 Released

The Apache Tomcat Project is proud to announce the release of version 11.0.0-M4 (alpha) of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 11.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

  • Revert the switch to using the ServiceLoader mechanism to load the custom URL protocol handlers that Tomcat uses. The original system property based approach has been restored.
  • Provide an implementation of the sub-set of JavaBeans support that does not depend on the java.beans package. This for use by Expression Language when the java.desktop module (which is where the java.beans package resides) is not available.
  • Restore inline state after async operation in NIO2, to account the fact that unexpected exceptions are sometimes thrown by the implementation. Patch submitted by zhougang.

Full details of these changes, and all the other changes, are available in the Tomcat 11 (alpha) changelog.

Download

2023-03-03 Tomcat 9.0.73 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.73 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.72 include:

  • Correct a regression introduced in the fix for bug 66196 that meant that the HTTP headers and/or request line could get corrupted (one part overwriting another part) within a single request.
  • Provide a more appropriate response (501 rather than 400) when rejecting an HTTP request using the CONNECT method.
  • Add support for txt: and rnd: rewrite map types from mod_rewrite. Based on a pull request provided by Dimitrios Soumis.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2023-02-24 Tomcat 10.1.6 Released

The Apache Tomcat Project is proud to announce the release of version 10.1.6 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 10 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Switch to using the ServiceLoader mechanism to load the custom URL protocol handlers that Tomcat uses.
  • Update the packaged version of the Apache Tomcat Native Library to 2.0.3 to pick up the Windows binaries built with with OpenSSL 3.0.8.
  • Add the shared address space specified by RFC 6598 (100.64.0.0/10) to the list of trusted proxies for RemoteIPValve/Filter.
  • Limit access to examples web application to localhost by default .

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 changelog.

Download

2023-02-24 Tomcat 8.5.86 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.86 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.85 include:

  • Add an error report valve that allows redirecting to or proxying from an external web server.
  • Add the shared address space specified by RFC 6598 (100.64.0.0/10) to the list of trusted proxies for RemoteIPValve/Filter.
  • Log basic information for each configured TLS certificate when Tomcat starts.
  • Limit access to examples web application to localhost by default.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Please note that Apache Tomcat 8.5.x will reach End-of-life (EOL) on 31 March 2024.

Download

2023-02-23 Tomcat 9.0.72 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.72 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.71 include:

  • Add an error report valve that allows redirecting to or proxying from an external web server.
  • Log basic information for each configured TLS certificate when Tomcat starts.
  • Add the shared address space specified by RFC 6598 (100.64.0.0/10) to the list of trusted proxies for RemoteIPValve/Filter.
  • Limit access to examples web application to localhost by default.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2023-02-23 Tomcat 11.0.0-M3 Released

The Apache Tomcat Project is proud to announce the release of version 11.0.0-M3 (alpha) of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 11.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

  • Increase the minimum supported Java version to Java 17.
  • Remove support for starting Tomcat under a SecurityManager.
  • Remove JAX-RPC support which was removed from the Jakarta EE platform for Jakarta EE 9

Full details of these changes, and all the other changes, are available in the Tomcat 11 (alpha) changelog.

Download

2023-01-19 Tomcat 8.5.85 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.85 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.84 include:

  • The default value of AccessLogValve's file encoding is now UTF-8.
  • Correct a regression in the refactoring that replaced the use of the URL constructors. The regression broke lookups for resources that contained one or more characters in their name that required escaping when used in a URI path.
  • When an HTTP/2 stream was reset, the current active stream count was not reduced. If enough resets occurred on a connection, the current active stream count limit was reached and no new streams could be created on that connection.
  • Change the default of the org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED system property to true unless the EL library is running on Tomcat in which case the default remains false as the EL library is already called from within a privileged block and skipping the unnecessary privileged block improves performance.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Please note that Apache Tomcat 8.5.x will reach End-of-life (EOL) on 31 March 2024.

Download

2023-01-13 Tomcat 9.0.71 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.71 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.70 include:

  • Correct a regression in the refactoring that replaced the use of the URL constructors. The regression broke lookups for resources that contained one or more characters in their name that required escaping when used in a URI path.
  • When resetting an HTTP/2 stream because the final response has been generated before the request has been fully read, use the HTTP/2 error code NO_ERROR so that client does not discard the response. Based on a suggestion by Lorenzo Dalla Vecchia.
  • Change the default of the org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED system property to true unless the EL library is running on Tomcat in which case the default remains false as the EL library is already called from within a privileged block and skipping the unnecessary privileged block improves performance.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2023-01-13 Tomcat 10.1.5 Released

The Apache Tomcat Project is proud to announce the release of version 10.1.5 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 10 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Correct a regression in the refactoring that replaced the use of the URL constructors. The regression broke lookups for resources that contained one or more characters in their name that required escaping when used in a URI path.
  • When resetting an HTTP/2 stream because the final response has been generated before the request has been fully read, use the HTTP/2 error code NO_ERROR so that client does not discard the response. Based on a suggestion by Lorenzo Dalla Vecchia.
  • Change the default of the org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED system property to true unless the EL library is running on Tomcat in which case the default remains false as the EL library is already called from within a privileged block and skipping the unnecessary privileged block improves performance.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 changelog.

Download