The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.53.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the /webapps-javaee directory and Tomcat will
automatically convert them to Jakarta EE and copy them to the webapps
directory. This conversion is performed using the Apache Tomcat
migration tool for Jakarta EE tool which is also available as a separate
download for off-line use.
Apache Tomcat 10.1.53 is a bugfix and feature release. The notable
changes compared to 10.1.52 include:
- Relax HTTP/2 header validation and respond to invalid requests with
a stream reset or a 400 response as appropriate rather then with a
connection reset.
- Fix bug 69964: Respect the configured cipher order, which was no
longer respected following the addition of TLS 1.3 specific cipher
configuration. TLS 1.3 ciphers will always be first in the list.
- Update Tomcat Native to 2.0.14 and increase the recommended version
to 2.0.14.
Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-10.1-doc/changelog.html
Downloads:
http://tomcat.apache.org/download-10.cgi
Migration guides from Apache Tomcat 8.5.x and 9.0.x:
http://tomcat.apache.org/migration.html
Enjoy!
- The Apache Tomcat team
