Tomcat 8.5.78、Tomcat 9.0.62、Tomcat 10.0.20 发布

The Apache Tomcat Project is proud to announce the release of version 9.0.62 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.60 include:

• Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
• Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
• Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
• Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 10.0.20 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

• Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
• Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
• Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
• Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

Download

The Apache Tomcat Project is proud to announce the release of version 8.5.78 of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.77 include:

• Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.
• Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann.
• Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication.
• Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability.

Full details of these changes, and all the other changes, are available in the Tomcat 8 changelog.

Download

转自 https://tomcat.apache.org/