The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.78.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers technologies.
Apache Tomcat 8.5.78 is a bugfix and feature release. The notable
changes compared to 8.5.77 include:
- Update the packaged version of the Tomcat Native Library to 1.2.32 to
pick up Windows binaries built with OpenSSL 1.1.1n.
- Improve logging of unknown HTTP/2 settings frames. Pull request by
Thomas Hoffmann.
- Add additional warnings if incompatible TLS configurations are used
such as HTTP/2 with CLIENT-CERT authentication
- Harden the class loader to provide a mitigation for CVE-2022-22965
a Spring Framework vulnerability
Along with lots of other bug fixes and improvements.
Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html
Downloads:
http://tomcat.apache.org/download-80.cgi
Migration guides from Apache Tomcat 7.x and 8.0.x:
http://tomcat.apache.org/migration.html
Enjoy!
- The Apache Tomcat team
