You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2013/05/10 10:37:37 UTC
[ANN] Apache Tomcat 7.0.40 released
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.40.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.
This release contains a security fix and a number of bug fixes
and improvements compared to version 7.0.39. The notable changes include:
- A fix for CVE-2013-2071 (bug <bug>54178</bug>) an informatio
disclosure issue.
- Various fixes to stop Tomcat attempting to parse text that looks like
an EL expression in a JSP document as an EL expression when EL
expressions are either not permitted or not enabled.
- Improved handling and reporting if a ConcurrentModificationException
occurs while checking for memory leaks when a web application is
being stopped.
Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Note: This version has 4 zip binaries: a generic one and three
bundled with Tomcat native binaries for Windows operating systems
running on different CPU architectures.
Note: If you use the APR/native AJP or HTTP connector you *must* upgrade
to version 1.1.24 or later of the AJP/native library and it is
recommended that you upgrade to 1.1.27
Downloads:
http://tomcat.apache.org/download-70.cgi
Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org