[ANN] Apache Tomcat 11.0.0-M11 (alpha) available

Fri, 25 Aug 2023 10:45:35 -0700 

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M11 (alpha).

Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.

Users of Tomcat 10 onwards should be aware that, as a result of the move
from Java EE to Jakarta EE as part of the transfer of Java EE to the
Eclipse Foundation, the primary package for all implemented APIs has
changed from javax.* to jakarta.*. This will almost certainly require
code changes to enable applications to migrate from Tomcat 9 and earlier
to Tomcat 10 and later. A migration tool is available to aid this process.
Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and has been made to provide users with early access to the new features in Apache Tomcat 11.0.x so that they may provide feedback. The notable changes compared to 11.0.0-M10 include: 

- Update the HTTP parameter handling to align with the changes in the
  Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used
  to obtain request parameters. Invalid parameters and/or exceeding
  parameter size and/or quantity limits now triggerm exceptions. As a
  consequence, the FailedRequestFilter has been removed.

- If an application or library sets both a non-500 error code and the
  jakarta.servlet.error.exception</code> request attribute, use the
  provided error code during error page processing rather than assuming
  an error code of 500.

- Fix for FORM authentication open redirect - CVE-2023-41080

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-11.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-11.cgi

Migration guides from Apache Tomcat 8.5.x, 9.0.x and 10.1.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to