You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2023/08/25 17:45:26 UTC

[ANN] Apache Tomcat 11.0.0-M11 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M11 (alpha).

Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.

Users of Tomcat 10 onwards should be aware that, as a result of the move
from Java EE to Jakarta EE as part of the transfer of Java EE to the
Eclipse Foundation, the primary package for all implemented APIs has
changed from javax.* to jakarta.*. This will almost certainly require
code changes to enable applications to migrate from Tomcat 9 and earlier
to Tomcat 10 and later. A migration tool is available to aid this process.

Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and 
has been made to provide users with early access to the new features in 
Apache Tomcat 11.0.x so that they may provide feedback. The notable 
changes compared to 11.0.0-M10 include:

- Update the HTTP parameter handling to align with the changes in the
   Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used
   to obtain request parameters. Invalid parameters and/or exceeding
   parameter size and/or quantity limits now triggerm exceptions. As a
   consequence, the FailedRequestFilter has been removed.

- If an application or library sets both a non-500 error code and the
   jakarta.servlet.error.exception</code> request attribute, use the
   provided error code during error page processing rather than assuming
   an error code of 500.

- Fix for FORM authentication open redirect - CVE-2023-41080

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-11.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-11.cgi

Migration guides from Apache Tomcat 8.5.x, 9.0.x and 10.1.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org