The Apache Tomcat Servlet/JSP Container

Apache Tomcat 7

Version 7.0.42, Jul 2 2013
Apache Logo


User Guide


Apache Tomcat Development


Tomcat 7.0.42 (markt)
fix Enforce the restriction described in section 4.4 of the Servlet 3.0 specification that requires the new pluggability methods only to be available to ServletContextListeners defined in one of the specified ways. (markt)
fix Better handle FORM authentication when requesting a resource as an unauthenticated user that is only protected for a sub-set of HTTP methods that does not include GET. (markt)
fix 53777: Add support for a JAAS Realm instance to use a dedicated configuration rather than the JVM global JAAS configuration. This is most likely to be useful for per web application JAAS Realms. Based on a patch by eolivelli. (markt)
fix 54745: Fix JAR file scanning when Tomcat is deployed via Java Web Start. Patch provided by Nick Williams. (markt)
add 55017: Add the ability to configure the RMI bind address when using the JMX remote lifecycle listener. Patch provided by Alexey Noskov. (markt)
fix 55071: Ensure original exception is reported if JDBC Realm fails to read a user's credentials. (markt)
fix 55073, 55108, 55109, 55110, 55158 & 55159: Small performance improvements. Patches provided by Adrian Nistor. (markt/violetagg)
add 55102: Add support for time to first byte in the AccessLogValve. Patch provided by Jeremy Boynes. (markt)
fix 55125: If the Server container fails to start, don't allow the Catalina wrapper to start (used when running from the command line and when running as a service) since Tomcat will not be able to do any useful work. (markt)
fix Update the JreMemoryLeakPreventionListener to take account of changes in the behaviour of java.beans.Introspector.flushCaches() and sun.awt.AppContext.getAppContext() in Java 7. (markt)
fix Avoid WARNING log message of Users:type=UserDatabase,database=UserDatabase at Tomcat shutdown. (pero)
fix Avoid ClassCastException when an asynchronous dispatch is invoked in an asynchronous cycle which is started by a call to ServletRequest.startAsync(ServletRequest,ServletResponse) where ServletRequest/ServletResponse are custom implementations. (violetagg)
fix Correct a regression introduced in 7.0.39 (refactoring of base 64 encoding and decoding) that broke the JNDI Realm when userPassword was set and passwords were hashed with MD5 or SHA1. (markt/kkolinko)
fix Correct the mechanism for the path calculation in AsyncContext.dispatch(). (violetagg)
fix 55155: Avoid constant focus grabbing when running the Tomcat unit tests under Java 6 on OSX. Patch provided by Casey Lucas. (markt)
fix 55160: Don't ignore connectionUploadTimeout setting when using HTTP NIO connector. (markt)
fix 55176: Correctly handle regular expressions within SSI expressions that contain an equals character. (markt)
fix 55177: Correctly handle infinite soTimeout for BIO HTTP connector. Based on a patch by Nick Bunn. (markt)
fix 55180: Correctly handle infinite soTimeout when disableUploadTimeout is set to false. Patch provided by Nick Bunn. (violetagg)
fix Delete leftover of war file from tempDir when removing invalid FileMessageFactory. (kfujino)
fix Ensure that the keepAlive of NioSender works correctly when keepAliveCount/keepAliveTime is set to a value greater than 0. (kfujino)
add Add logging of when a member is unable to join the cluster. (kfujino)
fix Replace Tribes's TaskQueue as executor's workQueue in order to ensure that executor's maxThread works correctly. (kfujino)
fix 54086: Fix an additional code path that could lead to multiple threads attempting to modify the same selector key set. (markt)
Web applications
add Complete the document for MessageDispatch15Interceptor. (kfujino)
add 53655: Document the circumstances under which Tomcat will add a javax.mail.Authenticator to mail sessions created via a JNDI resource. (markt)
fix 55179: Correct the Javadoc for the remote IP valve so the correct name is used to refer to the proxiesHeader property. (markt)
fix 55031: Fixed Export-Package header and uses directives in MANIFEST.MF. Change the version for package org.apache.juli.logging to "0" in Import-Package header. Thus any version of that package can be used. Patch provided by Martin Lichtin. (violetagg)
update Update Maven Cental location used to download dependencies at build time to be (kkolinko)
update Update JUnit to version 4.11. Configure separate download for Hamcrest 1.3 core library as its classes are no longer included in junit.jar. (kkolinko)
fix 54013: When using a forced stop, allow a short period of time (5s) for the process to die before returning. Patch provided by mukarram.baig. (markt)
fix 55119: Ensure that the build process produces Javadoc that is not vulnerable to CVE-2013-1571. Based on a patch by Uwe Schindler. (markt)
Tomcat 7.0.41 (markt)2013-06-10
403 Forbidden

403 Forbidden

fix 54703: Make parsing of HTTP Content-Type headers tolerant of any CR or LF characters that appear in the value passed by the application. Also fix some whitespace parsing issues identified by the additional test cases. (markt)
fix Prevent possible WAR file locking when reading a context.xml file from an unexpanded WAR file. Note that in normal usage, the JreMemoryLeakPreventionListener would protect against this. (markt)
fix Ensure that when auto deployment runs for a Host, it uses the latest values for copyXML, deployXML and unpackWARs. (markt)