Apache Tomcat® - Old news!

Older news

Announcements from previous years can be found here:

2022-07-26 Tomcat 10.0.23 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.23 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Implement support for repeatable builds
Update the packaged version of the Tomcat Native Library to 1.2.35. This includes Windows binaries built with with OpenSSL 1.1.1q.
Fix CVE-2022-34305, a low severity XSS vulnerability in the Form authentication example

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

2022-07-20 Tomcat 9.0.65 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.65 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.64 include:

Implement support for repeatable builds.
Update the packaged version of the Tomcat Native Library to 1.2.35. This includes Windows binaries built with OpenSSL 1.1.1q.
Fix CVE-2022-34305, a low severity XSS vulnerability in the Form authentication example.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2022-09-12 Tomcat Migration Tool for Jakarta EE 1.0.3 Released

The Apache Tomcat Project is proud to announce the release of 1.0.3 of the Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of bug fixes and improvements compared to version 1.0.1.

The notable changes in this release are:

Update checksums for modified files to avoid issues when trying to use migrated JAR files
Handle migration of manifest files when part of an exploded JAR

Full details of these changes, and all the other changes, are available in the changelog.

2022-07-20 Tomcat 10.1.0-M17 (beta) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M17 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Implement support for repeatable builds.
Update the packaged version of the Tomcat Native Library to 2.0.1. This includes Windows binaries built with with OpenSSL 3.0.5.
Update experimental Panama modules with support for OpenSSL 3.0+. OpenSSL 1.1 remains supported.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (beta) changelog.

2022-07-11 Tomcat Migration Tool for Jakarta EE 1.0.1 Released

The Apache Tomcat Project is proud to announce the release of 1.0.1 of the Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of bug fixes and improvements compared to version 1.0.0.

The notable changes in this release are:

Add support for .groovy files
Better support for non-standard archives
Numerous library updates

Full details of these changes, and all the other changes, are available in the changelog.

2022-06-11 Tomcat 8.5.81 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.81. of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.79 include:

Ensure that changes made to a request by the RemoteIPValve persist after the request is put into asynchronous mode.
Correct a regression in the support added for encrypted PKCS#1 formatted private keys in the previous release that broke support for unencrypted PKCS#1 formatted private keys.
Increase the default buffer size for cluster messages from 43800 to 65536 bytes. This is expected to improve performance for large messages when running on Linux based systems.
When using TLS with non-blocking writes and the NIO connector, ensure that flushing the buffers attempts to empty all of the output buffers.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

2022-06-11 Tomcat 10.0.22 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.22 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Correct a regression in the support added for encrypted PKCS#1 formatted private keys in the previous release that broke support for unencrypted PKCS#1 formatted private keys.
Increase the default buffer size for cluster messages from 43800 to 65536 bytes. This is expected to improve performance for large messages when running on Linux based systems.
When using TLS with non-blocking writes and the NIO connector, ensure that flushing the buffers attempts to empty all of the output buffers.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

2022-06-09 Tomcat 9.0.64 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.64 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.63 include:

Correct a regression in the support added for encrypted PKCS#1 formatted private keys in the previous release that broke support for unencrypted PKCS#1 formatted private keys.
Increase the default buffer size for cluster messages from 43800 to 65536 bytes. This is expected to improve performance for large messages when running on Linux based systems.
When using TLS with non-blocking writes and the NIO connector, ensure that flushing the buffers attempts to empty all of the output buffers.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2022-06-14 Tomcat Native 1.2.34 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.34 of Tomcat Native. The notable changes since 1.2.33 include:

Refactor the initialization of the native code so it is compatible with Tomcat 10.1.x where deprecated Java classes will be removed.
Map the OpenSSL 3.0.x FIPS behaviour to the 1.1.1 API to allow clients to determine if the FIPS provider is being used when Tomcat Native is compiled against OpenSSL 3.0.x.

Download | ChangeLog for 1.2.34

2022-06-09 Tomcat 10.1.0-M16 (beta) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M16 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Refactor synchronization blocks locking on SocketWrapper to use ReentrantLock to support users wishing to experiment with project Loom.
Correct a regression in the support added for encrypted PKCS#1 formatted private keys in the previous release that broke support for unencrypted PKCS#1 formatted private keys.
Increase the default buffer size for cluster messages from 43800 to 65536 bytes. This is expected to improve performance for large messages when running on Linux based systems.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (beta) changelog.

2022-05-23 Tomcat 8.5.79 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.79 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.78 include:

Provide a property source that sources values from Kubernetes service bindings. Provided by Sumit Kulhadia and Gareth Evans.
The root cause of the Linux kernel duplicate accept bug has been identified along with the version of the kernel that includes the fix. The error message displayed when this bug occurs has been updated to reflect this new information and to advise users to update to a version of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for the research into this issue.
Update the packaged version of the Tomcat Native Library to 1.2.33 to pick up Windows binaries built with OpenSSL 1.1.1o.
Add support for encrypted PKCS#1 formatted private keys when configuring the internal, in memory key store.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

2022-05-16 Tomcat 10.0.21 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.21 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Provide a property source that sources values from Kubernetes service bindings. Provided by Sumit Kulhadia and Gareth Evans.
The root cause of the Linux kernel duplicate accept bug has been identified along with the version of the kernel that includes the fix. The error message displayed when this bug occurs has been updated to reflect this new information and to advise users to update to a version of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for the research into this issue.
Update the packaged version of the Tomcat Native Library to 1.2.33 to pick up Windows binaries built with OpenSSL 1.1.1o.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

2022-05-16 Tomcat 9.0.63 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.63 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.62 include:

Provide a property source that sources values from Kubernetes service bindings. Provided by Sumit Kulhadia and Gareth Evans.
The root cause of the Linux kernel duplicate accept bug has been identified along with the version of the kernel that includes the fix. The error message displayed when this bug occurs has been updated to reflect this new information and to advise users to update to a version of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for the research into this issue.
Update the packaged version of the Tomcat Native Library to 1.2.33 to pick up Windows binaries built with OpenSSL 1.1.1o.
Add support for encrypted PKCS#1 formatted private keys when configuring the internal, in memory key store.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2022-05-16 Tomcat 10.1.0-M15 (alpha) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M15 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Provide a property source that sources values from Kubernetes service bindings. Provided by Sumit Kulhadia and Gareth Evans.
The root cause of the Linux kernel duplicate accept bug has been identified along with the version of the kernel that includes the fix. The error message displayed when this bug occurs has been updated to reflect this new information and to advise users to update to a version of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for the research into this issue.
Update the packaged version of the Tomcat Native Library to 1.2.33 to pick up Windows binaries built with OpenSSL 1.1.1o.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

2022-05-09 Tomcat Native 1.2.33 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.33 of Tomcat Native. The notable changes since 1.2.32 include:

Windows binaries built with OpenSSL 1.1.1o.
Fixing a potential crash when attempting to read the TLS session ID after a handshake failure.

Download | ChangeLog for 1.2.33

2022-04-01 Tomcat 9.0.62 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.62 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.60 include:

Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2022-04-01 Tomcat 10.0.20 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.20 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

2022-04-01 Tomcat 10.1.0-M14 (alpha) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M14 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
Update the JASPIC 2.0 API to Jakarta Authentication 3.0 (JASPIC was renamed for Jakarta EE 10).
Harden the class loader to provide a mitigation for CVE-2022-22965, a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

2022-04-01 Tomcat 8.5.78 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.78 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.77 include:

Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

2022-03-22 Tomcat Native 1.2.32 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.32 of Tomcat Native. The notable changes since 1.2.31 include:

Windows binaries built with OpenSSL 1.1.1n.

Download | ChangeLog for 1.2.32

2022-03-14 Tomcat 9.0.60 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.60 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.59 include:

Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2022-03-14 Tomcat 10.0.18 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.18 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

2022-03-17 Tomcat 8.5.77 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.77 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.76 include:

Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

2022-03-14 Tomcat 10.1.0-M12 (alpha) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M12 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

2022-02-28 Tomcat 8.5.76 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.76 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.75 include:

Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor.
Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.
Back-port fixes for BZ 65408 to refactor socket-close operations to improve resilience when objects are re-used by applications.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

2022-02-28 Tomcat 9.0.59 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.59 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.58 include:

Add support for additional user attributes to TomcatPrincipal and GenericPrincipal
Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor
Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2022-02-28 Tomcat 10.0.17 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.17 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Add support for additional user attributes to TomcatPrincipal and GenericPrincipal.
Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor.
Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

2022-02-28 Tomcat 10.1.0-M11 (alpha) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M11 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Add support for additional user attributes to TomcatPrincipal and GenericPrincipal.
Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor.
Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

2022-01-20 Tomcat 9.0.58 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.58 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.56 include:

Add recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled.
Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2022-01-20 Tomcat 10.0.16 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.16 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Add a recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled.
Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

2022-01-20 Tomcat 10.1.0-M10 (alpha) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M10 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Add a recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled.
Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

2022-01-17 Tomcat 8.5.75 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.75 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. (Note that 8.5.74 was not released, so the previous version was 8.5.73.) The notable changes compared to 8.5.73 include:

Provide protection against a known OS bug that causes the acceptor to report an incoming connection more than once.
Implement a workaround for a JVM bug that can trigger a file descriptor leak when using multi-part upload and the application does not explicitly close an input stream for an uploaded file that was cached on disk.
Fix several potential JVM crashes when using the APR connector.
Add support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.