Apache Tomcat® - Old news!

Older news

Announcements from previous years can be found here:

2020-10-09 Tomcat 10.0.0-M9 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.0-M9 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 9.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

Refactor the handling of closed HTTP/2 streams to reduce the heap usage associated with used streams and to retain information for more streams in the priority tree.
Allow using the utility executor for annotation scanning. Patch provided by Jatin Kamnani.
Add a bloom filter to speed up archive lookup and improve deployment speed of applications with a large number of JARs. Patch provided by Jatin Kamnani.

Full details of these changes, and all the other changes, are available in the Tomcat 10 (alpha) changelog.

2020-10-09 Tomcat 9.0.39 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.39 of Apache Tomcat. The notable changes compared to 9.0.38 include:

Refactor the handling of closed HTTP/2 streams to reduce the heap usage associated with used streams and to retain information for more streams in the priority tree.
Allow using the utility executor for annotation scanning. Patch provided by Jatin Kamnani.
Add a bloom filter to speed up archive lookup and improve deployment speed of applications with a large number of JARs. Patch provided by Jatin Kamnani.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2020-10-09 Tomcat 8.5.59 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.59 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.58 include:

Refactor the handling of closed HTTP/2 streams to reduce the heap usage associated with used streams and to retain information for more streams in the priority tree.
Deprecate the JDBCRealm.
Ensure that none of the methods on a ServletContext instance always fail when running under a SecurityManager. Pull request provided by Kyle Stiemann.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

2020-09-20 Tomcat 7.0.106 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.106 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.105.

Add support for a read idle timeout and a write idle timeout to the WebSocket session via custom properties in the user properties instance associated with the session. Based on a pull request by sakshamverma.
Update the packaged version of the Tomcat Native Library to 1.2.25

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Note: End of life date for Apache Tomcat 7.0.x is announced. Read more...

2020-09-14 Tomcat 10.0.0-M8 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.0-M8 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 9.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

For requests containing the Expect: 100-continue header, optional support has been added to delay sending an intermediate 100 status response until the servlet reads the request body, allowing the servlet the opportunity to respond without asking for the request body. Based on a pull request by malaysf.
Add support for a read idle timeout and a write idle timeout to the WebSocket session via custom properties in the user properties instance associated with the session. Based on a pull request by sakshamverma.
Update the packaged version of the Tomcat Native Library to 1.2.25

Full details of these changes, and all the other changes, are available in the Tomcat 10 (alpha) changelog.

2020-09-15 Tomcat 9.0.38 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.38 of Apache Tomcat. The notable changes compared to 9.0.37 include:

For requests containing the Expect: 100-continue header, optional support has been added to delay sending an intermediate 100 status response until the servlet reads the request body, allowing the servlet the opportunity to respond without asking for the request body. Based on a pull request by malaysf.
Add support for a read idle timeout and a write idle timeout to the WebSocket session via custom properties in the user properties instance associated with the session. Based on a pull request by sakshamverma.
Update the packaged version of the Tomcat Native Library to 1.2.25

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2020-09-15 Tomcat 8.5.58 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.58 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.57 include:

For requests containing the Expect: 100-continue header, optional support has been added to delay sending an intermediate 100 status response until the servlet reads the request body, allowing the servlet the opportunity to respond without asking for the request body. Based on a pull request by malaysf.
Add support for a read idle timeout and a write idle timeout to the WebSocket session via custom properties in the user properties instance associated with the session. Based on a pull request by sakshamverma.
Update the packaged version of the Tomcat Native Library to 1.2.25

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

2020-07-07 Tomcat 7.0.105 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.105 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.104.

Add support for the CATALINA_OUT_CMD environment variable that defines a command to which captured stdout and stderr will be redirected. For use with, for example, rotatelogs. Patch provided by Harald Dunkel.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Note: End of life date for Apache Tomcat 7.0.x is announced. Read more...

2020-07-05 Tomcat 9.0.37 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.37 of Apache Tomcat. The notable changes compared to 9.0.36 include:

Implement a significant portion of the TLS environment variables for the rewrite valve.
Improvements to the creation of OSGi manifests.
Reduce the memory footprint of closed HTTP/2 streams
Improve parsing of RFC 2109 cookies

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2020-07-05 Tomcat 8.5.57 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.57 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.56 include:

Improvements to the creation of OSGi manifests.
Reduce the memory footprint of closed HTTP/2 streams

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

2020-07-05 Tomcat 10.0.0-M7 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.0-M7 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 9.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

Implement a significant portion of the TLS environment variables for the rewrite valve.
Add the Jakarta EE 9 schema.
Improvements to the creation of OSGi manifests.

Full details of these changes, and all the other changes, are available in the Tomcat 10 (alpha) changelog.

2020-06-07 Tomcat 9.0.36 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.36 of Apache Tomcat. The notable changes compared to 9.0.35 include:

Add support for ALPN on recent OpenJDK 8 releases.
Add support for the CATALINA_OUT_CMD environment variable that defines a command to which captured stdout and stderr will be redirected. For use with, for example, rotatelogs. Patch provided by Harald Dunkel.
Be more flexible with respect to the ordering of groups, roles and users in the tomcat-users.xml file

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2020-06-07 Tomcat 8.5.56 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.56 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.55 include:

Add support for ALPN on recent OpenJDK 8 releases.
Add support for the CATALINA_OUT_CMD environment variable that defines a command to which captured stdout and stderr will be redirected. For use with, for example, rotatelogs. Patch provided by Harald Dunkel.
Be more flexible with respect to the ordering of groups, roles and users in the tomcat-users.xml file.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

2020-06-07 Tomcat 10.0.0-M6 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.0-M6 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 9.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

Add support for ALPN on recent OpenJDK 8 releases.
Add support for the CATALINA_OUT_CMD environment variable that defines a command to which captured stdout and stderr will be redirected. For use with, for example, rotatelogs. Patch provided by Harald Dunkel.
Be more flexible with respect to the ordering of groups, roles and users in the tomcat-users.xml file

Full details of these changes, and all the other changes, are available in the Tomcat 10 (alpha) changelog.

2020-05-16 Tomcat 7.0.104 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.104 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.103.

Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann.
When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC 7230.
Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences.
Change default value separator for property replacement to ":-" due to possible conflicts. The syntax is now "${name:-default}".
Update the packaged version of the Tomcat Native Library to 1.2.24.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Note: End of life date for Apache Tomcat 7.0.x is announced. Read more...

2020-05-11 Tomcat 9.0.35 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.35 of Apache Tomcat. The notable changes compared to 9.0.34 include:

Improve the handling of requests that use an expectation. Do not disable keep-alive where the response has a non-2xx status code but the request body has been fully read.
Change default value separator for property replacement to ":-" due to possible conflicts. The syntax is now "${name:-default}".
Update the packaged version of the Tomcat Native Library to 1.2.24.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2020-05-11 Tomcat 8.5.55 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.55 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.54 include:

Improve the handling of requests that use an expectation. Do not disable keep-alive where the response has a non-2xx status code but the request body has been fully read.
Change default value separator for property replacement to ":-" due to possible conflicts. The syntax is now "${name:-default}".
Update the packaged version of the Tomcat Native Library to 1.2.24.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

2020-05-11 Tomcat 10.0.0-M5 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.0-M5 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 9.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

Remove useAprConnector flag from AprLifecycleListener so that the only way to use the APR connectors is to set the full class name.
Change default value separator for property replacement to ":-" due to possible conflicts. The syntax is now "${name:-default}".
Update the packaged version of the Tomcat Native Library to 1.2.24.

Full details of these changes, and all the other changes, are available in the Tomcat 10 (alpha) changelog.

2020-04-29 Tomcat Native 1.2.24 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.24 of Tomcat Native. The notable changes since 1.2.23 include:

Various improvements to the build process
Update Windows binaries to OpenSSL 1.1.1g.

Download | ChangeLog for 1.2.24

2020-04-08 Tomcat 9.0.34 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.34 of Apache Tomcat. The notable changes compared to 9.0.33 include:

Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann.
When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC 7230.
Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2020-04-08 Tomcat 10.0.0-M4 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.0-M4 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 9.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

Replace configuration via system property with configuration via an attribute on the appropriate element where practical. A large number of system properties have been replaced.
Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann.
Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences.

Full details of these changes, and all the other changes, are available in the Tomcat 10 (alpha) changelog.

2020-04-08 Tomcat 8.5.54 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.54 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.53 include:

Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann.
When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC 7230.
Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

2020-03-19 Tomcat 7.0.103 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.103 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.100.

Add new attribute persistAuthentication to both StandardManager and PersistentManager to support authentication persistence. Patch provided by Carsten Klein
A zero length AJP secret will now behave as if it has not been specified.
Add the TLS request attributes used by IIS to the attributes that an AJP Connector will always accept.

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Note: End of life date for Apache Tomcat 7.0.x is announced. Read more...

2020-03-16 Tomcat 9.0.33 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.33 of Apache Tomcat. The notable changes compared to 9.0.31 include:

Add new attribute persistAuthentication to both StandardManager and PersistentManager to support authentication persistence. Patch provided by Carsten Klein
A zero length AJP secret will now behave as if it has not been specified.
Add the TLS request attributes used by IIS to the attributes that an AJP Connector will always accept.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2020-03-16 Tomcat 8.5.53 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.53 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.51 include:

Add new attribute persistAuthentication to both StandardManager and PersistentManager to support authentication persistence. Patch provided by Carsten Klein
A zero length AJP secret will now behave as if it has not been specified.
Add the TLS request attributes used by IIS to the attributes that an AJP Connector will always accept.

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

2020-03-16 Tomcat 10.0.0-M3 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.0-M3 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 9.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

Disable session persistence by default on restart
Add new attribute persistAuthentication to both StandardManager and PersistentManager to support authentication persistence. Patch provided by Carsten Klein
A zero length AJP secret will now behave as if it has not been specified.

Full details of these changes, and all the other changes, are available in the Tomcat 10 (alpha) changelog.

2020-02-20 Tomcat 10.0.0-M1 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.0-M1 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 9.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

Update to Jakarta Servlet 5.0, Jakarta Server Pages 3.0. Jakarta Expression Language 4.0, Jakarta WebSocket 2.0, Jakarta Authentication 2.0 and Jakarta Annotations 2.0 specifications.
Use <request-character-encoding> and <response-character-encoding> in conf/web.xml to set the default request and response character encodings to UTF-8.
Remove duplication of HTTP/1.1 configuration on the HTTP/2 UpgradeProtocol element. Configuration from the main Connector element will now be used.

Full details of these changes, and all the other changes, are available in the Tomcat 10 (alpha) changelog.

2020-02-14 Tomcat 7.0.100 Released

The Apache Tomcat Project is proud to announce the release of version 7.0.100 of Apache Tomcat. This release contains a number of bug fixes and improvements compared to version 7.0.99.

AJP defaults changed to listen the loopback address, require a secret and to be disabled in the sample server.xml file. If you are using the AJP protocol, please refer to the Migration Guide and update your configuration.
The JmxRemoteLifecycleListener is now deprecated
The HTTP Connector attribute rejectIllegalHeaderName is renamed to rejectIllegalHeader and expanded to include header values as well as names

Full details of these changes, and all the other changes, are available in the Tomcat 7 changelog.

Note: End of life date for Apache Tomcat 7.0.x is announced. Read more...

2020-02-11 Tomcat 9.0.31 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.31 of Apache Tomcat. The notable changes compared to 9.0.30 include:

AJP defaults changed to listen the loopback address, require a secret and to be disabled in the sample server.xml file. If you are using the AJP protocol, please refer to the Migration Guide and update your configuration.
The JmxRemoteLifecycleListener is now deprecated
The HTTP Connector attribute rejectIllegalHeaderName is renamed to rejectIllegalHeader and expanded to include header values as well as names

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2020-02-11 Tomcat 8.5.51 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.51 of Apache Tomcat. Apache Tomcat 8.5.x replaces 8.0.x and includes new features pulled forward from Tomcat 9.0.x. The minimum Java version and implemented specification versions remain unchanged. The notable changes compared to 8.5.50 include:

AJP defaults changed to listen the loopback address, require a secret and to be disabled in the sample server.xml file. If you are using the AJP protocol, please refer to the Migration Guide and update your configuration.
The JmxRemoteLifecycleListener is now deprecated
The HTTP Connector attribute rejectIllegalHeaderName is renamed to rejectIllegalHeader and expanded to include header values as well as names

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.