Content

Older news

Announcements from previous years can be found here:

2022-04-01 Tomcat 9.0.62 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.62 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.60 include:

  • Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
  • Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
  • Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
  • Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2022-04-01 Tomcat 10.0.20 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.20 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
  • Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
  • Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
  • Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

2022-04-01 Tomcat 10.1.0-M14 (alpha) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M14 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
  • Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
  • Update the JASPIC 2.0 API to Jakarta Authentication 3.0 (JASPIC was renamed for Jakarta EE 10).
  • Harden the class loader to provide a mitigation for CVE-2022-22965, a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

Download

2022-04-01 Tomcat 8.5.78 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.78 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.77 include:

  • Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
  • Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
  • Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
  • Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2022-03-22 Tomcat Native 1.2.32 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.32 of Tomcat Native. The notable changes since 1.2.31 include:

  • Windows binaries built with OpenSSL 1.1.1n.

Download | ChangeLog for 1.2.32

2022-03-14 Tomcat 9.0.60 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.60 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.59 include:

  • Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
  • Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
  • When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2022-03-14 Tomcat 10.0.18 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.18 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
  • Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
  • When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

2022-03-17 Tomcat 8.5.77 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.77 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.76 include:

  • Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
  • Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
  • When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2022-03-14 Tomcat 10.1.0-M12 (alpha) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M12 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
  • Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
  • When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

Download

2022-02-28 Tomcat 8.5.76 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.76 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.75 include:

  • Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor.
  • Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.
  • Back-port fixes for BZ 65408 to refactor socket-close operations to improve resilience when objects are re-used by applications.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

2022-02-28 Tomcat 9.0.59 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.59 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.58 include:

  • Add support for additional user attributes to TomcatPrincipal and GenericPrincipal
  • Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor
  • Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2022-02-28 Tomcat 10.0.17 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.17 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Add support for additional user attributes to TomcatPrincipal and GenericPrincipal.
  • Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor.
  • Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

2022-02-28 Tomcat 10.1.0-M11 (alpha) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M11 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Add support for additional user attributes to TomcatPrincipal and GenericPrincipal.
  • Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor.
  • Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

Download

2022-01-20 Tomcat 9.0.58 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.58 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.56 include:

  • Add recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled.
  • Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
  • Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

2022-01-20 Tomcat 10.0.16 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.16 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Add a recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled.
  • Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
  • Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

2022-01-20 Tomcat 10.1.0-M10 (alpha) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M10 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

  • Add a recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled.
  • Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
  • Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

Download

2022-01-17 Tomcat 8.5.75 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.75 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. (Note that 8.5.74 was not released, so the previous version was 8.5.73.) The notable changes compared to 8.5.73 include:

  • Provide protection against a known OS bug that causes the acceptor to report an incoming connection more than once.
  • Implement a workaround for a JVM bug that can trigger a file descriptor leak when using multi-part upload and the application does not explicitly close an input stream for an uploaded file that was cached on disk.
  • Fix several potential JVM crashes when using the APR connector.
  • Add support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
  • Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download