The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.40.
Apache Tomcat is an open source software implementation of the Java Servlet, JavaServer Pages and Java Expression Language technologies. This release contains a security fix and a number of bug fixes and improvements compared to version 7.0.39. The notable changes include: - A fix for CVE-2013-2071 (bug <bug>54178</bug>) an informatio disclosure issue. - Various fixes to stop Tomcat attempting to parse text that looks like an EL expression in a JSP document as an EL expression when EL expressions are either not permitted or not enabled. - Improved handling and reporting if a ConcurrentModificationException occurs while checking for memory leaks when a web application is being stopped. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html Note: This version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for Windows operating systems running on different CPU architectures. Note: If you use the APR/native AJP or HTTP connector you *must* upgrade to version 1.1.24 or later of the AJP/native library and it is recommended that you upgrade to 1.1.27 Downloads: http://tomcat.apache.org/download-70.cgi Migration guides from Apache Tomcat 5.5.x and 6.0.x: http://tomcat.apache.org/migration.html