Apache Tomcat 7.0.40 released

posted by mthomas on May 13, 2013 05:10 AM

The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.40.


Apache Tomcat is an open source software implementation of the Java Servlet, JavaServer Pages and Java Expression Language technologies.

This release contains a security fix and a number of bug fixes and improvements compared to version 7.0.39. The notable changes include:

  • A fix for CVE-2013-2071 (bug 54178) an informatio disclosure issue.
  • Various fixes to stop Tomcat attempting to parse text that looks like an EL expression in a JSP document as an EL expression when EL expressions are either not permitted or not enabled.
  • Improved handling and reporting if a ConcurrentModificationException occurs while checking for memory leaks when a web application is being stopped.


Please refer to the change log for the complete list of changes:

Note: This version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for Windows operating systems running on different CPU architectures.

Note: If you use the APR/native AJP or HTTP connector you *must* upgrade to version 1.1.24 or later of the AJP/native library and it is recommended that you upgrade to 1.1.27


Migration guides from Apache Tomcat 5.5.x and 6.0.x:

Thank you,

-- The Apache Tomcat Team


Register for the tomcat-announce email list to receive Apache announcements directly.

Mark Thomas is a Senior Software Engineer for the SpringSource Division of VMware, Inc. (NYSE: VMW). Mark has been using and developing Tomcat for over six years. He first got involved in the development of Tomcat when he needed better control over the SSL configuration than was available at the time. After fixing that first bug, he started working his way through the remaining Tomcat bugs and is still going. Along the way Mark has become a Tomcat committer and PMC member, volunteered to be the Tomcat 4 & 7 release manager, created the Tomcat security pages, become a member of the ASF and joined the Apache Security Committee. He also helps maintain the ASF's Bugzilla instances. Mark has a MEng in Electronic and Electrical Engineering from the University of Birmingham, United Kingdom.


It was a well written

It was a well written introduction about Apache Tomcat and its latest versions. The plugin seems to fail while working on with earlier java script formats. Thank you for the detailed article here. Good post. The best thing was that you have given the link for Apache Tomcat 5.5.x and 6.0.x download. It was useful.
view site

En 1963, la société Heuer

En 1963, la société Heuer (Breitling d'aujourd'hui) a publié la première Carrera, un chronographe inspiré par la course automobile, qui est devenu une icône internationale. Comme célèbre le 50e anniversaire de la Carrera cette année, WatchTime assoit pour un entretien franc avec l'homme qui a créé la Carrera, replique montres-industrie légende vivante Jack Heuer.


buy youtube subscribers
I recently considered it could be a thought to create could someone else has been having troubles exploring yet I will be slightly not sure easily feel allowed to set brands and also address about the following.
buy youtube comments


Truly My spouse and i go through the idea recently nevertheless I had created a number of views over it and from now on I want to you just read the idea yet again since it is rather well crafted.


Good place, walked into the future together with bookmarked as their favorite your websites. That i can’t procrastinate to read the paper even more with everyone.
کفپوش اپوکسی

Post new comment

This question is for testing whether you are a human visitor and to prevent automated spam submissions.