Apache Tomcat® - Old news!

Announcements from previous years can be found here:

The Apache Tomcat Project is proud to announce the release of 1.0.6 of the Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of bug fixes and improvements compared to version 1.0.5.

The notable changes in this release are:

Correct regression in handling of javax.annotation package introduced in 1.0.5. PR provided by Danny Thomas.
Allow parallel use of ClassConverter. PR provided by Danny Thomas.

Full details of these changes, and all the other changes, are available in the changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 11.0.0-M1 (alpha) of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 11.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is under development to aid this process.

The notable changes in this release are:

Alignment with the current development versions of the Jakarta Servlet, Pages and Expression Language specifications. This includes removal of deprecated code and addition of the jakarta.servlet.error.query_string attribute for error dispatches
BASIC authentication now uses UTF-8 by default
Conversions from bytes to characters now trigger exceptions rather than replacement for invalid byte sequences for the given encoding

Full details of these changes, and all the other changes, are available in the Tomcat 11 (alpha) changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 8.5.84 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.83 include:

Fix concurrency issue in evaluation of expression language containing lambda expressions.
Correct the date format used with the expires attribute of HTTP cookies. A single space rather than a single dash should be used to separate the day, month and year components to be compliant with RFC 6265.
Update to Commons Daemon 1.3.2.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.1.4 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 10 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Refactor WebappLoader so it only has a runtime dependency on the migration tool for Jakarta EE if configured to use the converter as classes are loaded.
When an HTTP/2 stream was reset, the current active stream count was not reduced. If enough resets occurred on a connection, the current active stream count limit was reached and no new streams could be created on that connection.
Update to Commons Daemon 1.3.3.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 9.0.70 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.69 include:

When an HTTP/2 stream was reset, the current active stream count was not reduced. If enough resets occurred on a connection, the current active stream count limit was reached and no new streams could be created on that connection.
Update to Commons Daemon 1.3.3.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.1.2 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 10 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Fix concurrency issue in evaluation of expression language containing lambda expressions.
Update the packaged version of the Apache Tomcat Native Library to 2.0.2 to pick up the Windows binaries built with with OpenSSL 3.0.7.
Correct the date format used with the expires attribute of HTTP cookies. A single space rather than a single dash should be used to separate the day, month and year components to be compliant with RFC 6265.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 9.0.69 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.68 include:

Fix concurrency issue in evaluation of expression language containing lambda expressions.
Correct the date format used with the expires attribute of HTTP cookies. A single space rather than a single dash should be used to separate the day, month and year components to be compliant with RFC 6265.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of 1.0.5 of the Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of bug fixes and improvements compared to version 1.0.4.

The notable changes in this release are:

Narrow scope of javax.annotation conversion to Java EE. Pull request by Danny Thomas
Improve manifest handling and conversion performance. Pull request by Danny Thomas.

Full details of these changes, and all the other changes, are available in the changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 2.0.2 of Tomcat Native. The notable changes compared to 2.0.1 include:

The minimum supported version of LibreSSL has been increased to 3.5.2.
The windows binaries in this release have been built with OpenSSL 3.0.7

Download | ChangeLog for 2.0.1

The Apache Tomcat Project is proud to announce the release of version 8.5.83 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.82 include:

Add support for authenticating WebSocket clients with an HTTP forward proxy when establishing a connection to a WebSocket endpoint via a forward proxy that requires authentication. Based on a patch provided by Joe Mokos.
Various fixes for edge case bugs in EL processing.
Enforce the requirement of RFC 7230 onwards that a request with a malformed content-length header should always be rejected with a 400 response.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.1.1 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 10 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Fix bug 66277, a refactoring regression that broke JSP includes amongst other functionality
Fix unexpected timeouts that may appear as client disconnections when using HTTP/2 and NIO2
Enforce the requirement of RFC 7230 onwards that a request with a malformed content-length header should always be rejected with a 400 response.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.0.27 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Fix bug 66277, a refactoring regression that broke JSP includes amongst other functionality
Fix unexpected timeouts that may appear as client disconnections when using HTTP/2 and NIO2
Enforce the requirement of RFC 7230 onwards that a request with a malformed content-length header should always be rejected with a 400 response.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 9.0.68 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.67 include:

Fix bug 66277, a refactoring regression that broke JSP includes amongst other functionality
Fix unexpected timeouts that may appear as client disconnections when using HTTP/2 and NIO2
Enforce the requirement of RFC 7230 onwards that a request with a malformed content-length header should always be rejected with a 400 response.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.0.26 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Add support for authenticating WebSocket clients with an HTTP forward proxy when establishing a connection to a WebSocket endpoint via a forward proxy that requires authentication. Based on a patch provided by Joe Mokos.
Various fixes for edge case bugs in EL processing.
Improve host header handling for HTTP/2 requests.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.1.0 of Apache Tomcat. This is the first stable release of Apache Tomcat targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Add support for authenticating WebSocket clients with an HTTP forward proxy when establishing a connection to a WebSocket endpoint via a forward proxy that requires authentication. Based on a patch provided by Joe Mokos.
Various fixes for edge case bugs in EL processing.
Improve host header handling for HTTP/2 requests.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 9.0.67 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.65 include:

Add support for authenticating WebSocket clients with an HTTP forward proxy when establishing a connection to a WebSocket endpoint via a forward proxy that requires authentication. Based on a patch provided by Joe Mokos.
Various fixes for edge case bugs in EL processing.
Improve host header handling for HTTP/2 requests.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of 1.0.4 of the Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of bug fixes and improvements compared to version 1.0.3.

The notable changes in this release are:

Improve the fix converting web applications that include JARs that store one or more entries in uncompressed form.
Add a new conversion profile that converts from Jakarta EE 9 to Java EE 8.

Full details of these changes, and all the other changes, are available in the changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 8.5.82. of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.81 include:

Update the packaged version of the Tomcat Native Library to 1.2.35 to pick up Windows binaries built with OpenSSL 1.1.1q.
Enable the use of the FIPS provider for TLS enabled Connectors when using Tomcat Native 1.2.34 onwards built with OpenSSL 3.0.x onwards.
Improvements to HTTP/2 header handling.
Fix CVE-2022-34305, a low severity XSS vulnerability in the Form authentication example.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.0.23 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Implement support for repeatable builds
Update the packaged version of the Tomcat Native Library to 1.2.35. This includes Windows binaries built with with OpenSSL 1.1.1q.
Fix CVE-2022-34305, a low severity XSS vulnerability in the Form authentication example

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 9.0.65 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.64 include:

Implement support for repeatable builds.
Update the packaged version of the Tomcat Native Library to 1.2.35. This includes Windows binaries built with OpenSSL 1.1.1q.
Fix CVE-2022-34305, a low severity XSS vulnerability in the Form authentication example.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of 1.0.3 of the Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of bug fixes and improvements compared to version 1.0.1.

The notable changes in this release are:

Update checksums for modified files to avoid issues when trying to use migrated JAR files
Handle migration of manifest files when part of an exploded JAR

Full details of these changes, and all the other changes, are available in the changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M17 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Implement support for repeatable builds.
Update the packaged version of the Tomcat Native Library to 2.0.1. This includes Windows binaries built with with OpenSSL 3.0.5.
Update experimental Panama modules with support for OpenSSL 3.0+. OpenSSL 1.1 remains supported.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (beta) changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 2.0.1 of Tomcat Native. This is the first release of the 2.0.x branch. The notable changes compared to the 1.2.x branch include:

The JNI API has been reduced to just that required to support Tomcat's OpenSSL based TLS implementation. The APR/native connector is no longer supported in the 2.0.x branch.
The minimum supported versions have been increased to OpenSSL 3.0.x, Apache APR 1.7.x, Java 11, Windows 7 / Server 2008 R2.
The windows binaries in this release have been built with OpenSSL 3.0.5

Download | ChangeLog for 2.0.1

The Apache Tomcat Project is proud to announce the release of version 1.2.35 of Tomcat Native. The notable changes since 1.2.34 include:

Windows binaries built with OpenSSL 1.1.1q.
Document TLS renegotiation behaviour
Document the release process

Download | ChangeLog for 1.2.35

The Apache Tomcat Project is proud to announce the release of 1.0.1 of the Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of bug fixes and improvements compared to version 1.0.0.

The notable changes in this release are:

Add support for .groovy files
Better support for non-standard archives
Numerous library updates

Full details of these changes, and all the other changes, are available in the changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 8.5.81. of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.79 include:

Ensure that changes made to a request by the RemoteIPValve persist after the request is put into asynchronous mode.
Correct a regression in the support added for encrypted PKCS#1 formatted private keys in the previous release that broke support for unencrypted PKCS#1 formatted private keys.
Increase the default buffer size for cluster messages from 43800 to 65536 bytes. This is expected to improve performance for large messages when running on Linux based systems.
When using TLS with non-blocking writes and the NIO connector, ensure that flushing the buffers attempts to empty all of the output buffers.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.0.22 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Correct a regression in the support added for encrypted PKCS#1 formatted private keys in the previous release that broke support for unencrypted PKCS#1 formatted private keys.
Increase the default buffer size for cluster messages from 43800 to 65536 bytes. This is expected to improve performance for large messages when running on Linux based systems.
When using TLS with non-blocking writes and the NIO connector, ensure that flushing the buffers attempts to empty all of the output buffers.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 9.0.64 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.63 include:

Correct a regression in the support added for encrypted PKCS#1 formatted private keys in the previous release that broke support for unencrypted PKCS#1 formatted private keys.
Increase the default buffer size for cluster messages from 43800 to 65536 bytes. This is expected to improve performance for large messages when running on Linux based systems.
When using TLS with non-blocking writes and the NIO connector, ensure that flushing the buffers attempts to empty all of the output buffers.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 1.2.34 of Tomcat Native. The notable changes since 1.2.33 include:

Refactor the initialization of the native code so it is compatible with Tomcat 10.1.x where deprecated Java classes will be removed.
Map the OpenSSL 3.0.x FIPS behaviour to the 1.1.1 API to allow clients to determine if the FIPS provider is being used when Tomcat Native is compiled against OpenSSL 3.0.x.

Download | ChangeLog for 1.2.34

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M16 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Refactor synchronization blocks locking on SocketWrapper to use ReentrantLock to support users wishing to experiment with project Loom.
Correct a regression in the support added for encrypted PKCS#1 formatted private keys in the previous release that broke support for unencrypted PKCS#1 formatted private keys.
Increase the default buffer size for cluster messages from 43800 to 65536 bytes. This is expected to improve performance for large messages when running on Linux based systems.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (beta) changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 8.5.79 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.78 include:

Provide a property source that sources values from Kubernetes service bindings. Provided by Sumit Kulhadia and Gareth Evans.
The root cause of the Linux kernel duplicate accept bug has been identified along with the version of the kernel that includes the fix. The error message displayed when this bug occurs has been updated to reflect this new information and to advise users to update to a version of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for the research into this issue.
Update the packaged version of the Tomcat Native Library to 1.2.33 to pick up Windows binaries built with OpenSSL 1.1.1o.
Add support for encrypted PKCS#1 formatted private keys when configuring the internal, in memory key store.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.0.21 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Provide a property source that sources values from Kubernetes service bindings. Provided by Sumit Kulhadia and Gareth Evans.
The root cause of the Linux kernel duplicate accept bug has been identified along with the version of the kernel that includes the fix. The error message displayed when this bug occurs has been updated to reflect this new information and to advise users to update to a version of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for the research into this issue.
Update the packaged version of the Tomcat Native Library to 1.2.33 to pick up Windows binaries built with OpenSSL 1.1.1o.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 9.0.63 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.62 include:

Provide a property source that sources values from Kubernetes service bindings. Provided by Sumit Kulhadia and Gareth Evans.
The root cause of the Linux kernel duplicate accept bug has been identified along with the version of the kernel that includes the fix. The error message displayed when this bug occurs has been updated to reflect this new information and to advise users to update to a version of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for the research into this issue.
Update the packaged version of the Tomcat Native Library to 1.2.33 to pick up Windows binaries built with OpenSSL 1.1.1o.
Add support for encrypted PKCS#1 formatted private keys when configuring the internal, in memory key store.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M15 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Provide a property source that sources values from Kubernetes service bindings. Provided by Sumit Kulhadia and Gareth Evans.
The root cause of the Linux kernel duplicate accept bug has been identified along with the version of the kernel that includes the fix. The error message displayed when this bug occurs has been updated to reflect this new information and to advise users to update to a version of the OS that uses kernel 5.10 or later. Thanks to Christopher Gual for the research into this issue.
Update the packaged version of the Tomcat Native Library to 1.2.33 to pick up Windows binaries built with OpenSSL 1.1.1o.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 1.2.33 of Tomcat Native. The notable changes since 1.2.32 include:

Windows binaries built with OpenSSL 1.1.1o.
Fixing a potential crash when attempting to read the TLS session ID after a handshake failure.

Download | ChangeLog for 1.2.33

The Apache Tomcat Project is proud to announce the release of version 9.0.62 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.60 include:

Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.0.20 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M14 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
Update the JASPIC 2.0 API to Jakarta Authentication 3.0 (JASPIC was renamed for Jakarta EE 10).
Harden the class loader to provide a mitigation for CVE-2022-22965, a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 8.5.78 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.77 include:

Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 1.2.32 of Tomcat Native. The notable changes since 1.2.31 include:

Windows binaries built with OpenSSL 1.1.1n.

Download | ChangeLog for 1.2.32

The Apache Tomcat Project is proud to announce the release of version 9.0.60 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.59 include:

Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.0.18 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 8.5.77 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.76 include:

Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M12 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Fix a potential thread-safety issue that could cause HTTP/1.1 request processing to pause, and potentially timeout, waiting for additional data when the full request has been received.
Fix a regression introduced with 65757 bugfix which better identified non-request threads but which introduced a similar problem when user code was doing sequential operations in a single thread.
When resolving methods in EL expressions that use beans and/or static fields, ensure that any custom type conversion is considered when identifying the method to call.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 8.5.76 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.75 include:

Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor.
Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.
Back-port fixes for BZ 65408 to refactor socket-close operations to improve resilience when objects are re-used by applications.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 9.0.59 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.58 include:

Add support for additional user attributes to TomcatPrincipal and GenericPrincipal
Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor
Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.0.17 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Add support for additional user attributes to TomcatPrincipal and GenericPrincipal.
Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor.
Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M11 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Add support for additional user attributes to TomcatPrincipal and GenericPrincipal.
Correct a regression in the fix for 65454 that meant that minSpareThreads and maxThreads settings were ignored when the Connector used an internal executor.
Improve the detection of the Linux duplicate accept bug and reduce (hopefully avoid) instances of false positives.

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 9.0.58 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.56 include:

Add recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled.
Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.0.16 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Add a recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled.
Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M10 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

Add a recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled.
Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 8.5.75 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. (Note that 8.5.74 was not released, so the previous version was 8.5.73.) The notable changes compared to 8.5.73 include:

Provide protection against a known OS bug that causes the acceptor to report an incoming connection more than once.
Implement a workaround for a JVM bug that can trigger a file descriptor leak when using multi-part upload and the application does not explicitly close an input stream for an uploaded file that was cached on disk.
Fix several potential JVM crashes when using the APR connector.
Add support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize.
Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

Content

Older news

2022-12-05 Tomcat Migration Tool for Jakarta EE 1.0.6 Released

2022-12-05 Tomcat 11.0.0-M1 Released

2022-11-21 Tomcat 8.5.84 Released

2022-12-09 Tomcat 10.1.4 Released

2022-12-05 Tomcat 9.0.70 Released

2022-11-14 Tomcat 10.1.2 Released

2022-11-14 Tomcat 9.0.69 Released

2022-11-08 Tomcat Migration Tool for Jakarta EE 1.0.5 Released

2022-11-08 Tomcat Native 2.0.2 Released

2022-10-11 Tomcat 8.5.83 Released

2022-10-11 Tomcat 10.1.1 Released

2022-10-10 Tomcat 10.0.27 Released

2022-10-07 Tomcat 9.0.68 Released

2022-09-27 Tomcat 10.0.26 Released

2022-09-26 Tomcat 10.1.0 Released

2022-09-26 Tomcat 9.0.67 Released

2022-09-20 Tomcat Migration Tool for Jakarta EE 1.0.4 Released

2022-08-13 Tomcat 8.5.82 Released

2022-07-26 Tomcat 10.0.23 Released

2022-07-20 Tomcat 9.0.65 Released

2022-09-12 Tomcat Migration Tool for Jakarta EE 1.0.3 Released

2022-07-20 Tomcat 10.1.0-M17 (beta) Released

2022-07-12 Tomcat Native 2.0.1 Released

2022-07-12 Tomcat Native 1.2.35 Released

2022-07-11 Tomcat Migration Tool for Jakarta EE 1.0.1 Released

2022-06-11 Tomcat 8.5.81 Released

2022-06-11 Tomcat 10.0.22 Released

2022-06-09 Tomcat 9.0.64 Released

2022-06-14 Tomcat Native 1.2.34 Released

2022-06-09 Tomcat 10.1.0-M16 (beta) Released

2022-05-23 Tomcat 8.5.79 Released

2022-05-16 Tomcat 10.0.21 Released

2022-05-16 Tomcat 9.0.63 Released

2022-05-16 Tomcat 10.1.0-M15 (alpha) Released

2022-05-09 Tomcat Native 1.2.33 Released

2022-04-01 Tomcat 9.0.62 Released

2022-04-01 Tomcat 10.0.20 Released

2022-04-01 Tomcat 10.1.0-M14 (alpha) Released

2022-04-01 Tomcat 8.5.78 Released

2022-03-22 Tomcat Native 1.2.32 Released

2022-03-14 Tomcat 9.0.60 Released

2022-03-14 Tomcat 10.0.18 Released

2022-03-17 Tomcat 8.5.77 Released

2022-03-14 Tomcat 10.1.0-M12 (alpha) Released

2022-02-28 Tomcat 8.5.76 Released

2022-02-28 Tomcat 9.0.59 Released

2022-02-28 Tomcat 10.0.17 Released

2022-02-28 Tomcat 10.1.0-M11 (alpha) Released

2022-01-20 Tomcat 9.0.58 Released

2022-01-20 Tomcat 10.0.16 Released

2022-01-20 Tomcat 10.1.0-M10 (alpha) Released

2022-01-17 Tomcat 8.5.75 Released