The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M18 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2024-23672 Apache Tomcat - Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M16
Apache Tomcat 10.1.0-M1 to 10.1.18
Apache Tomcat 9.0.0-M1 to 9.0.85
Apache Tomcat 8.5.0 to 8.5.98
Description:
It was possible
CVE-2024-24549 Apache Tomcat - Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M16
Apache Tomcat 10.1.0-M1 to 10.1.18
Apache Tomcat 9.0.0-M1 to 9.0.85
Apache Tomcat 8.5.0 to 8.5.98
Description:
When processing
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.3.0 stable.
The key features of this release are:
- The minimum supported OpenSSL version is 1.1.1
- The minimum supported APR version in 1.6.3
- The windows binaries in this release have been built with
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 2.0.7 stable.
The key features of this release are:
- Align default pass phrase prompt with httpd on Windows
- The windows binaries in this release have been built with OpenSSL
3.0.13
The 2.0.x branch is
Correcting the CVE reference in the text (the subject line is correct)
Mark
On 19/01/2024 10:17, Mark Thomas wrote:
CVE-2023-21733 Apache Tomcat - Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0-M11 to 9.0.43
Apache
CVE-2023-46589 Apache Tomcat - Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0-M11 to 9.0.43
Apache Tomcat 8.5.7 to 8.5.63
Description:
Incomplete POST requests triggered an error response that could contain
data from a
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M16 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M15 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2023-46589 Apache Tomcat - Request Smuggling
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M10
Apache Tomcat 10.1.0-M1 to 10.1.15
Apache Tomcat 9.0.0-M1 to 9.0.82
Apache Tomcat 8.5.0 to 8.5.95
Description:
Tomcat did not
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M14 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M13 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2023-45648 Apache Tomcat - Request Smuggling
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M11
Apache Tomcat 10.1.0-M1 to 10.1.13
Apache Tomcat 9.0.0-M1 to 9.0.80
Apache Tomcat 8.5.0 to 8.5.93
Description:
Tomcat did not
CVE-2023-44487 Apache Tomcat - HTTP/2 DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M11
Apache Tomcat 10.1.0-M1 to 10.1.13
Apache Tomcat 9.0.0-M1 to 9.0.80
Apache Tomcat 8.5.0 to 8.5.93
Description:
Tomcat's HTTP/2
CVE-2023-42795 Apache Tomcat - information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M11
Apache Tomcat 10.1.0-M1 to 10.1.13
Apache Tomcat 9.0.0-M1 to 9.0.80
Apache Tomcat 8.5.0 to 8.5.93
Description:
When
CVE-2023-42794 Apache Tomcat - denial of service
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.70 to 9.0.80
Apache Tomcat 8.5.85 to 8.5.93
Description:
Tomcat's internal fork of a Commons FileUpload included an unreleased,
in progress refactoring
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M12 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.39 stable.
The key features of this release are:
- Disable OCSP if the insecure optionalNoCA certificate verification
option is used
- The binaries for Windows in this release have been built with OpenSSL
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 2.0.6 stable.
The key features of this release are:
- Disable OCSP if the insecure optionalNoCA certificate verification
option is used
- The binaries for Windows in this release have been built with OpenSSL
CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat Connectors mod_jk Connector 1.2.0 to 1.2.48
Description:
In some circumstances, such as when a configuration included
The Apache Tomcat Connectors project is part of the Tomcat project and
provides web server plugins for httpd (mod_jk) and IIS (ISAPI) to
connect those web servers with Tomcat and other backends.
The Apache Tomcat Project is proud to announce the release of version
1.2.49 of the Apache Tomcat
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.93.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 8.5.93 is a bugfix and
CVE-2023-41080 Apache Tomcat - Open redirect
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M10
Apache Tomcat 10.1.0-M1 to 10.1.12
Apache Tomcat 9.0.0-M1 to 9.0.79
Apache Tomcat 8.5.0 to 8.5.92
Description:
If the ROOT (default)
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.80.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.80 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.13.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M11 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.92.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 8.5.92 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.12.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M10 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M9 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2023-34981 Apache Tomcat - Information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M5
Apache Tomcat 10.1.8
Apache Tomcat 9.0.74
Apache Tomcat 8.5.88
Description:
The fix for bug 66512 introduced a regression that was fixed
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M7 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.37 stable.
The key features of this release are:
- Update the version of OpenSSL used to create the binaries for Windows
to OpenSSL 1.1.1u
Please refer to the change log for the complete list of changes:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 2.0.4 stable.
The key features of this release are:
- The binaries for Windows in this release have been built with OpenSSL
3.0.9
The 2.0.x branch is primarily intended for use with Tomcat 10.1.x or
later
CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M2 to 11.0.0-M4
Apache Tomcat 10.1.5 to 10.1.7
Apache Tomcat 9.0.71 to 9.0.73
Apache Tomcat 8.5.85 to 8.5.87
Description:
The
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M6 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M5 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2023-28708 Apache Tomcat - Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M2
Apache Tomcat 10.1.0-M1 to 10.1.5
Apache Tomcat 9.0.0-M1 to 9.0.71
Apache Tomcat 8.5.0 to 8.5.85
Description:
When using the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M4 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M3 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
Re-sending with corrected credit
CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1
Apache Tomcat 10.1.0-M1 to 10.1.4
Apache Tomcat 9.0.0-M1 to 9.0.70
Apache Tomcat 8.5.0 to
CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1
Apache Tomcat 10.1.0-M1 to 10.1.4
Apache Tomcat 9.0.0-M1 to 9.0.70
Apache Tomcat 8.5.0 to 8.5.84
Description:
Apache Tomcat
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 2.0.3 stable.
The key features of this release are:
- The binaries for Windows in this release have been built with OpenSSL
3.0.8
The 2.0.x branch is primarily intended for use with Tomcat 10.1.x or
later
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.36 stable.
The key features of this release are:
- Update the version of OpenSSL used to create the binaries for Windows
to OpenSSL 1.1.1t
Please refer to the change log for the complete list of changes:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.5.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.1
Apache Tomcat 9.0.40 to 9.0.68
Apache Tomcat 8.5.83
Description:
The JsonErrorReportValve did not escape the type, message or
Update with a corrected date for the anticipated final 8.5.x release.
The Apache Tomcat team announces that support for Apache Tomcat 8.5.x
will end on 31 March 2024.
This means that after 31 March 2024:
- releases from the 8.5.x branch are highly unlikely
- bugs affecting only the 8.5.x
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.4.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M1 (alpha).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 1.0.6
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artifacts from Java EE 8 to Jakarta EE
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.2.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 1.0.5
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artefacts from Java EE 8 to Jakarta EE
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 2.0.2 stable.
The key features of this release are:
- Update the minimum supported version of LibreSSL to 3.5.2.
Based on a #13 provided by orbea.
- The windows binaries in this release have been built with
CVE-2022-42252 Apache Tomcat - Request Smuggling
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.0
Apache Tomcat 10.0.0-M1 to 10.0.26
Apache Tomcat 9.0.0-M1 to 9.0.67
Apache Tomcat 8.5.0 to 8.5.52
Description:
If Tomcat was configured to
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.1.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.83.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 8.5.83 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.27.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.68.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.68 is a bugfix and
CVE-2021-43980 Apache Tomcat - Information Disclosure
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.0-M12
Apache Tomcat 10.0.0-M1 to 10.0.18
Apache Tomcat 9.0.0-M1 to 9.0.60
Apache Tomcat 8.5.0 to 8.5.77
Description:
The simplified
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.26.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0 (stable).
This is the first stable release of the 10.1.x branch.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 1.0.4
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artefacts from Java EE 8 to Jakarta EE
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 1.0.3
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artefacts from Java EE 8 to Jakarta EE
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.23.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M17 (beta).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 2.0.1 stable.
The key features of this release are:
- JNI API has been reduced to just that required to support Tomcat's
OpenSSL based TLS implementation. The APR/native connector is no
longer supported in
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 1.0.1
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artefacts from Java EE 8 to Jakarta EE
CVE-2022-34305 Apache Tomcat - XSS in examples web application
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.0-M16
Apache Tomcat 10.0.0-M1 to 10.0.22
Apache Tomcat 9.0.30 to 9.0.64
Apache Tomcat 8.5.50 to 8.5.81
Description:
The Form
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.34 stable.
The key features of this release are:
- Refactor the initialization of the native code so it is compatible
with Tomcat 10.1.x where deprecated Java classes will be removed
- Map the OpenSSL
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.22.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M16 (beta).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.21.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M15 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2022-25762 Apache Tomcat - Request Mix-up
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.20
Apache Tomcat 8.5.0 to 8.5.75
Description:
If a web application sends a WebSocket message concurrently with the
WebSocket connection
CVE-2022-29885 Apache Tomcat EncryptInterceptor
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.0-M14
Apache Tomcat 10.0.0-M1 to 10.0.20
Apache Tomcat 9.0.13 to 9.0.62
Apache Tomcat 8.5.38 to 8.5.78
Description:
The documentation for the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.33 stable.
The key features of this release are:
- Windows binaries built using OpenSSL 1.1.1o
- Fixes a potential crash when attempting to read the TLS session ID
after a handshake failure.
Please refer
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.78.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.20.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M14 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.32 stable.
The key features of this release are:
- Windows binaries built using OpenSSL 1.1.1n
Please refer to the change log for the complete list of changes:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.18.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M12 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M11 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.17.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
CVE-2022-23181 Apache Tomcat Local Privilege Escalation
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.0-M8
Apache Tomcat 10.0.0-M5 to 10.0.14
Apache Tomcat 9.0.35 to 9.0.56
Apache Tomcat 8.5.55 to 8.5.73
Description:
The fix for bug
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.16.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M10 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The following represents the current understanding of the Apache Tomcat
security team at the time this announcement was issued. There is a lot
of security research being focussed on log4j2 at the moment and it is
probable that additional information will emerge.
Currently supported Tomcat
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.14.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.13.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M7 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2021-42340 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.0-M5
Apache Tomcat 10.0.0-M10 to 10.0.11
Apache Tomcat 9.0.40 to 9.0.53
Apache Tomcat 8.5.60 to 8.5.71
Description:
The fix for bug 63362 introduced a
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.12.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M6 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2021-41079 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.2
Apache Tomcat 9.0.0-M1 to 9.0.43
Apache Tomcat 8.5.0 to 8.5.63
Description:
When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M5 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.11.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.31 stable.
The key features of this release are:
- Windows binaries built using OpenSSL 1.1.1l
- Fix an issue when building with OpenSSl 3.0.0
Please refer to the change log for the complete list of changes:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.70.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M4 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
1 - 100 of 289 matches
Mail list logo