[ANN] Apache Tomcat 11.0.0-M18 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M18 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2024-23672 Apache Tomcat - Denial of Service

CVE-2024-23672 Apache Tomcat - Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M16 Apache Tomcat 10.1.0-M1 to 10.1.18 Apache Tomcat 9.0.0-M1 to 9.0.85 Apache Tomcat 8.5.0 to 8.5.98 Description: It was possible

[SECURITY] CVE-2024-24549 Apache Tomcat - Denial of Service

CVE-2024-24549 Apache Tomcat - Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M16 Apache Tomcat 10.1.0-M1 to 10.1.18 Apache Tomcat 9.0.0-M1 to 9.0.85 Apache Tomcat 8.5.0 to 8.5.98 Description: When processing

[ANN] Apache Tomcat Native 1.3.0 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.3.0 stable. The key features of this release are: - The minimum supported OpenSSL version is 1.1.1 - The minimum supported APR version in 1.6.3 - The windows binaries in this release have been built with

[ANN] Apache Tomcat Native 2.0.7 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 2.0.7 stable. The key features of this release are: - Align default pass phrase prompt with httpd on Windows - The windows binaries in this release have been built with OpenSSL 3.0.13 The 2.0.x branch is

Re: [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure

Correcting the CVE reference in the text (the subject line is correct) Mark On 19/01/2024 10:17, Mark Thomas wrote: CVE-2023-21733 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache

[SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure

CVE-2023-46589 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache Tomcat 8.5.7 to 8.5.63 Description: Incomplete POST requests triggered an error response that could contain data from a

[ANN] Apache Tomcat 11.0.0-M16 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M16 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 11.0.0-M15 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M15 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2023-46589 Apache Tomcat - Request Smuggling

CVE-2023-46589 Apache Tomcat - Request Smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M10 Apache Tomcat 10.1.0-M1 to 10.1.15 Apache Tomcat 9.0.0-M1 to 9.0.82 Apache Tomcat 8.5.0 to 8.5.95 Description: Tomcat did not

[ANN] Apache Tomcat 11.0.0-M14 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M14 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 11.0.0-M13 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M13 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2023-45648 Apache Tomcat - Request Smuggling

CVE-2023-45648 Apache Tomcat - Request Smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M11 Apache Tomcat 10.1.0-M1 to 10.1.13 Apache Tomcat 9.0.0-M1 to 9.0.80 Apache Tomcat 8.5.0 to 8.5.93 Description: Tomcat did not

[SECURITY] CVE-2023-44487 Apache Tomcat - HTTP/2 DoS

CVE-2023-44487 Apache Tomcat - HTTP/2 DoS Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M11 Apache Tomcat 10.1.0-M1 to 10.1.13 Apache Tomcat 9.0.0-M1 to 9.0.80 Apache Tomcat 8.5.0 to 8.5.93 Description: Tomcat's HTTP/2

[SECURITY] CVE-2023-42795 Apache Tomcat - information disclosure

CVE-2023-42795 Apache Tomcat - information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M11 Apache Tomcat 10.1.0-M1 to 10.1.13 Apache Tomcat 9.0.0-M1 to 9.0.80 Apache Tomcat 8.5.0 to 8.5.93 Description: When

[SECURITY] CVE-2023-42794 Apache Tomcat - denial of service

CVE-2023-42794 Apache Tomcat - denial of service Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.70 to 9.0.80 Apache Tomcat 8.5.85 to 8.5.93 Description: Tomcat's internal fork of a Commons FileUpload included an unreleased, in progress refactoring

[ANN] Apache Tomcat 11.0.0-M12 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M12 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat Native 1.2.39 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.39 stable. The key features of this release are: - Disable OCSP if the insecure optionalNoCA certificate verification option is used - The binaries for Windows in this release have been built with OpenSSL

[ANN] Apache Tomcat Native 2.0.6 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 2.0.6 stable. The key features of this release are: - Disable OCSP if the insecure optionalNoCA certificate verification option is used - The binaries for Windows in this release have been built with OpenSSL

[SECURITY] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure

CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat Connectors mod_jk Connector 1.2.0 to 1.2.48 Description: In some circumstances, such as when a configuration included

[ANN] Apache Tomcat Connectors 1.2.49 released

The Apache Tomcat Connectors project is part of the Tomcat project and provides web server plugins for httpd (mod_jk) and IIS (ISAPI) to connect those web servers with Tomcat and other backends. The Apache Tomcat Project is proud to announce the release of version 1.2.49 of the Apache Tomcat

[ANN] Apache Tomcat 8.5.93 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.93. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.93 is a bugfix and

[SECURITY] CVE-2023-41080 Apache Tomcat - open redirect

CVE-2023-41080 Apache Tomcat - Open redirect Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M10 Apache Tomcat 10.1.0-M1 to 10.1.12 Apache Tomcat 9.0.0-M1 to 9.0.79 Apache Tomcat 8.5.0 to 8.5.92 Description: If the ROOT (default)

[ANN] Apache Tomcat 9.0.80 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.80. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.80 is a bugfix and

[ANN] Apache Tomcat 10.1.13 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.13. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 11.0.0-M11 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M11 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 8.5.92 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.92. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.92 is a bugfix and

[ANN] Apache Tomcat 10.1.12 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.12. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 11.0.0-M10 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M10 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 11.0.0-M9 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M9 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2023-34981 Apache Tomcat - Information disclosure

CVE-2023-34981 Apache Tomcat - Information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M5 Apache Tomcat 10.1.8 Apache Tomcat 9.0.74 Apache Tomcat 8.5.88 Description: The fix for bug 66512 introduced a regression that was fixed

[ANN] Apache Tomcat 11.0.0-M7 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M7 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat Native 1.2.37 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.37 stable. The key features of this release are: - Update the version of OpenSSL used to create the binaries for Windows to OpenSSL 1.1.1u Please refer to the change log for the complete list of changes:

[ANN] Apache Tomcat Native 2.0.4 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 2.0.4 stable. The key features of this release are: - The binaries for Windows in this release have been built with OpenSSL 3.0.9 The 2.0.x branch is primarily intended for use with Tomcat 10.1.x or later

[SECURITY] CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete

CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M2 to 11.0.0-M4 Apache Tomcat 10.1.5 to 10.1.7 Apache Tomcat 9.0.71 to 9.0.73 Apache Tomcat 8.5.85 to 8.5.87 Description: The

[ANN] Apache Tomcat 11.0.0-M6 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M6 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 11.0.0-M5 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M5 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2023-28708 Apache Tomcat - Information Disclosure

CVE-2023-28708 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M2 Apache Tomcat 10.1.0-M1 to 10.1.5 Apache Tomcat 9.0.0-M1 to 9.0.71 Apache Tomcat 8.5.0 to 8.5.85 Description: When using the

[ANN] Apache Tomcat 11.0.0-M4 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M4 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 11.0.0-M3 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M3 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts

Re-sending with corrected credit CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 Apache Tomcat 10.1.0-M1 to 10.1.4 Apache Tomcat 9.0.0-M1 to 9.0.70 Apache Tomcat 8.5.0 to

[SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts

CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 Apache Tomcat 10.1.0-M1 to 10.1.4 Apache Tomcat 9.0.0-M1 to 9.0.70 Apache Tomcat 8.5.0 to 8.5.84 Description: Apache Tomcat

[ANN] Apache Tomcat Native 2.0.3 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 2.0.3 stable. The key features of this release are: - The binaries for Windows in this release have been built with OpenSSL 3.0.8 The 2.0.x branch is primarily intended for use with Tomcat 10.1.x or later

[ANN] Apache Tomcat Native 1.2.36 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.36 stable. The key features of this release are: - Update the version of OpenSSL used to create the binaries for Windows to OpenSSL 1.1.1t Please refer to the change log for the complete list of changes:

[ANN] Apache Tomcat 10.1.5 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.5. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection

CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.1 Apache Tomcat 9.0.40 to 9.0.68 Apache Tomcat 8.5.83 Description: The JsonErrorReportValve did not escape the type, message or

[ANN] End of life for Apache Tomcat 8.5.x

Update with a corrected date for the anticipated final 8.5.x release. The Apache Tomcat team announces that support for Apache Tomcat 8.5.x will end on 31 March 2024. This means that after 31 March 2024: - releases from the 8.5.x branch are highly unlikely - bugs affecting only the 8.5.x

[ANN] Apache Tomcat 10.1.4 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.4. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 11.0.0-M1 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M1 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.6

The Apache Tomcat team announces the immediate availability of Apache Tomcat Migration Tool for Jakarta EE 1.0.6 Apache Tomcat Migration Tool for Jakarta EE is an open source software tool for migrating binary web applications (WAR files) and other binary artifacts from Java EE 8 to Jakarta EE

[ANN] Apache Tomcat 10.1.2 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.2. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.5

The Apache Tomcat team announces the immediate availability of Apache Tomcat Migration Tool for Jakarta EE 1.0.5 Apache Tomcat Migration Tool for Jakarta EE is an open source software tool for migrating binary web applications (WAR files) and other binary artefacts from Java EE 8 to Jakarta EE

[ANN] Apache Tomcat Native 2.0.2 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 2.0.2 stable. The key features of this release are: - Update the minimum supported version of LibreSSL to 3.5.2. Based on a #13 provided by orbea. - The windows binaries in this release have been built with

[SECURITY] CVE-2022-42252 Apache Tomcat - Request Smuggling

CVE-2022-42252 Apache Tomcat - Request Smuggling Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0 Apache Tomcat 10.0.0-M1 to 10.0.26 Apache Tomcat 9.0.0-M1 to 9.0.67 Apache Tomcat 8.5.0 to 8.5.52 Description: If Tomcat was configured to

[ANN] Apache Tomcat 10.1.1 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.1. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 8.5.83 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.83. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.83 is a bugfix and

[ANN] Apache Tomcat 10.0.27 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.27. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 9.0.68 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.68. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.68 is a bugfix and

[SECURITY] CVE-2021-43980 Apache Tomcat - Information Disclosure

CVE-2021-43980 Apache Tomcat - Information Disclosure Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M12 Apache Tomcat 10.0.0-M1 to 10.0.18 Apache Tomcat 9.0.0-M1 to 9.0.60 Apache Tomcat 8.5.0 to 8.5.77 Description: The simplified

[ANN] Apache Tomcat 10.0.26 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.26. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0 (stable) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0 (stable). This is the first stable release of the 10.1.x branch. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta

[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.4

The Apache Tomcat team announces the immediate availability of Apache Tomcat Migration Tool for Jakarta EE 1.0.4 Apache Tomcat Migration Tool for Jakarta EE is an open source software tool for migrating binary web applications (WAR files) and other binary artefacts from Java EE 8 to Jakarta EE

[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.3

The Apache Tomcat team announces the immediate availability of Apache Tomcat Migration Tool for Jakarta EE 1.0.3 Apache Tomcat Migration Tool for Jakarta EE is an open source software tool for migrating binary web applications (WAR files) and other binary artefacts from Java EE 8 to Jakarta EE

[ANN] Apache Tomcat 10.0.23 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.23. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M17 (beta) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M17 (beta). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat Native 2.0.1 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 2.0.1 stable. The key features of this release are: - JNI API has been reduced to just that required to support Tomcat's OpenSSL based TLS implementation. The APR/native connector is no longer supported in

[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.1

The Apache Tomcat team announces the immediate availability of Apache Tomcat Migration Tool for Jakarta EE 1.0.1 Apache Tomcat Migration Tool for Jakarta EE is an open source software tool for migrating binary web applications (WAR files) and other binary artefacts from Java EE 8 to Jakarta EE

[SECURITY] CVE-2022-34305 Apache Tomcat - XSS in examples web application

CVE-2022-34305 Apache Tomcat - XSS in examples web application Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M16 Apache Tomcat 10.0.0-M1 to 10.0.22 Apache Tomcat 9.0.30 to 9.0.64 Apache Tomcat 8.5.50 to 8.5.81 Description: The Form

[ANN] Apache Tomcat Native 1.2.34 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.34 stable. The key features of this release are: - Refactor the initialization of the native code so it is compatible with Tomcat 10.1.x where deprecated Java classes will be removed - Map the OpenSSL

[ANN] Apache Tomcat 10.0.22 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.22. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M16 (beta) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M16 (beta). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 10.0.21 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.21. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M15 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M15 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2022-25762 Apache Tomcat - Request Mix-up

CVE-2022-25762 Apache Tomcat - Request Mix-up Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.20 Apache Tomcat 8.5.0 to 8.5.75 Description: If a web application sends a WebSocket message concurrently with the WebSocket connection

[SECURITY] CVE-2022-29885 Apache Tomcat EncryptInterceptor DoS

CVE-2022-29885 Apache Tomcat EncryptInterceptor Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M14 Apache Tomcat 10.0.0-M1 to 10.0.20 Apache Tomcat 9.0.13 to 9.0.62 Apache Tomcat 8.5.38 to 8.5.78 Description: The documentation for the

[ANN] Apache Tomcat Native 1.2.33 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.33 stable. The key features of this release are: - Windows binaries built using OpenSSL 1.1.1o - Fixes a potential crash when attempting to read the TLS session ID after a handshake failure. Please refer

[ANN] Apache Tomcat 8.5.78 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.78. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 10.0.20 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.20. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M14 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M14 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat Native 1.2.32 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.32 stable. The key features of this release are: - Windows binaries built using OpenSSL 1.1.1n Please refer to the change log for the complete list of changes:

[ANN] Apache Tomcat 10.0.18 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.18. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M12 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M12 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 10.1.0-M11 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M11 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 10.0.17 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.17. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[SECURITY] CVE-2022-23181 Apache Tomcat Local Privilege Escalation

CVE-2022-23181 Apache Tomcat Local Privilege Escalation Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M8 Apache Tomcat 10.0.0-M5 to 10.0.14 Apache Tomcat 9.0.35 to 9.0.56 Apache Tomcat 8.5.55 to 8.5.73 Description: The fix for bug

[ANN] Apache Tomcat 10.0.16 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.16. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M10 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M10 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] Apache Tomcat and CVE-2021-44228 (Log4j vulnerability)

The following represents the current understanding of the Apache Tomcat security team at the time this announcement was issued. There is a lot of security research being focussed on log4j2 at the moment and it is probable that additional information will emerge. Currently supported Tomcat

[ANN] Apache Tomcat 10.0.14 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.14. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.0.13 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.13. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M7 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M7 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2021-42340 Apache Tomcat DoS

CVE-2021-42340 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M5 Apache Tomcat 10.0.0-M10 to 10.0.11 Apache Tomcat 9.0.40 to 9.0.53 Apache Tomcat 8.5.60 to 8.5.71 Description: The fix for bug 63362 introduced a

[ANN] Apache Tomcat 10.0.12 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.12. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M6 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M6 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2021-41079 Apache Tomcat DoS

CVE-2021-41079 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.2 Apache Tomcat 9.0.0-M1 to 9.0.43 Apache Tomcat 8.5.0 to 8.5.63 Description: When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a

[ANN] Apache Tomcat 10.1.0-M5 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M5 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 10.0.11 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.11. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat Native 1.2.31 released

The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.31 stable. The key features of this release are: - Windows binaries built using OpenSSL 1.1.1l - Fix an issue when building with OpenSSl 3.0.0 Please refer to the change log for the complete list of changes:

[ANN] Apache Tomcat 8.5.70 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.70. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 10.1.0-M4 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M4 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

  1   2   3   >