You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Mark Thomas <ma...@apache.org> on 2022/04/01 11:10:08 UTC

[ANN] Apache Tomcat 8.5.78 available

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.78.

Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers technologies.

Apache Tomcat 8.5.78 is a bugfix and feature release. The notable 
changes compared to 8.5.77 include:

- Update the packaged version of the Tomcat Native Library to 1.2.32 to
    pick up Windows binaries built with OpenSSL 1.1.1n.

- Improve logging of unknown HTTP/2 settings frames. Pull request by
    Thomas Hoffmann.

- Add additional warnings if incompatible TLS configurations are used
    such as HTTP/2 with CLIENT-CERT authentication

- Harden the class loader to provide a mitigation for CVE-2022-22965
    a Spring Framework vulnerability

Along with lots of other bug fixes and improvements.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 7.x and 8.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team