The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.13.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory. This conversion is performed using the Apache Tomcat
migration tool for Jakarta EE tool which is also available as a separate
download for off-line use.
The notable changes compared to 10.1.12 include:
- If an application or library sets both a non-500 error code and the
jakarta.servlet.error.exception</code> request attribute, use the
provided error code during error page processing rather than assuming
an error code of 500.
- Fix for FORM authentication open redirect - CVE-2023-41080
Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-10.1-doc/changelog.html
Downloads:
http://tomcat.apache.org/download-10.cgi
Migration guides from Apache Tomcat 8.5.x and 9.0.x:
http://tomcat.apache.org/migration.html
Enjoy!
- The Apache Tomcat team
