The Apache Tomcat community has been working hard over the past two years developing the next release, what will be Apache Tomcat 8. The first release candidate for Tomcat 8 was released this past August, and users are starting to test out the new release. Within the structure of the Apache Software Foundation, the release manager for Apache Tomcat 8 is currently Pivotal's Mark Thomas.
As cited in a profile piece on Mark Thomas on Pivotal's blog earlier this year, since 2003 Thomas has been involved in a number of facets of the Tomcat project, including becoming a Tomcat committer and PMC member, volunteering to be the Tomcat 7 and 8 release manager, creating the Tomcat security pages, becoming a member of the ASF, joining the Apache Security Committee and the JCP expert groups for WebSocket, JSP and Servlet. In addition, he wrote Tomcat’s WebSocket implementation as well as large parts of the Servlet 3.0 and Servlet 3.1 implementations. He also a member of the ASF infrastructure team where, amongst other things, he helps maintain the ASF’s Bugzilla instances.
In parallel with attending JavaOne next week in San Francisco, on Tuesday, September 24, 2013 at 5:30PM, Thomas will host a meetup at Pivotal's San Francisco offices at 875 Howard Street. During the event he will provide an update on several topics including the most recent developments in Tomcat 8 and open the floor to discuss other items about Apache Tomcat.
The Apache Tomcat is pleased to announce the release of the 2.0 version. This plugin can used to run your war project inside an embeded Apache Tomcat and to deploy your project to a running Apache Tomcat instance.
Documentation available: http://tomcat.apache.org/maven-plugin-2.0/index.html
Secure Socket Layer, or SSL, certificates are frequently used to confirm the identity of a server before consuming its services and to secure communications with the server. Typically, when an Apache web server is used to load balance requests to one or more Apache Tomcat servers (including VMware’s commercial version, tc Server), the SSL encryption and certificate authentication is terminated at the web server. Communication between the Apache web server and Tomcat is then trusted and in clear text.
However, there are organizational security policies and B2B scenarios that could mandate secure communication between Apache web server and Tomcat. Furthermore, it could be important to restrict access to Tomcat to known instances of Apache web server.
This tutorial will provide details for a configuration option that enables SSL communication and client certificate authentication between Apache Web Server and Tomcat.
At a high level, this tutorial provides instructions to
The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.28.
Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer Pages technologies.
This release is includes may improvements as well as a number of bug fixes compared to version 7.0.27. The notable changes include:
I have observed the tomcat 7 process memory (private bytes) was initially 1.2 GB during startup and it got increased to 3.5 GB where my server RAM size is only 4GB after running a 100 users test for 4 hours. this private bytes was not released even after stopping the test. could you please let us know any configurations that might help this or kindly analyze the situation and provide your suggestions/solutions.
Lacking more specific about the behavior that you are seeing and about the environment that you are using to run your tests, and since this is a testing environment, my suggestion to you would be to run your tests while you have a profiler hooked up to Tomcat (YourKit is an excellent profiler). The profiler will allow you to look for memory problems in your application.
That's not to say there is definitely a problem here. It is entirely possible that you could see the heap grow from 1.2 G to 3.5G legitimately. It just depends on your JVM options and the memory demands of your application.
The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.27
This release is includes significant new features as well as a number of bug fixes compared to version 7.0.26. The notable changes include:
Please refer to the change log for the complete list of changes:
2011 has been a great year for the Tomcat Expert community. After almost 2 years of operating, the Tomcat Expert has hit its stride, unloading an array of new information, as well as keeping you up to date with the newest releases for Apache Tomcat 6 and Apache Tomcat 7. With the addition of two new Tomcat Expert Contributors, (Channing Benson and Daniel Mikusa), the Tomcat Expert community continues to build on its reputation for being the leading source for fresh perspectives and new information on how to best leverage Apache Tomcat in the enterprise.
Every effort is made to have each version of Apache Tomcat to ship with a system of reasonable defaults forsecurity purposes. This means that the standard defaults for the security settings are reasonably secure—it is not as secure as it could be, but not horribly insecure either. The default security level is essentially a compromise between security and usability. It is probably OK for simple use in production, but there are a number of things that all users should consider before deploying business applications on a standard installation of Apache Tomcat.
Apache Tomcat, and other containers, have been around for so long today that it has become increasingly harder to get started with them today.
In this article, we will take you back from the beginning with how to get started with Apache Tomcat. We will go into the lowest level, so you don't have to rely on an IDE or other system to get started. This article is written for those that have never used Apache Tomcat and wish to get started in an easy, yet explanatory, way that helps you to understand what is happening under the hood. This will fast track you to become very proficient with this light weight application server.
While there are a lot of different packages available to install Tomcat, for example some Linux distributions you can download it using that distributions package and dependency management. This is good, for the sake of simplicity, but once again, you lose the concept of what Tomcat is and what true dependencies it has as well on how to use it.
I strongly recommend only moving to a third party packaging of Apache Tomcat after you understand the container itself. This will help avoid complications when you try to create a plan for how you distribute, upgrade and maintain your software.
Rule 1. When learning, only download the software from http://tomcat.apache.org/
Now, since you are learning Apache Tomcat from scratch, I suggest you start with Apache Tomcat 7. As explained in an earlier post, the majority of features that are implemented, are driven by the (Servlet) and (JSP) specifications. Each time the Servlet specification is upgraded, new features added, the Apache Tomcat will plan for a new major release of Apache Tomcat. The latest version, Apache Tomcat 7, is based on the version of the Servlet specification, in this case, Servlet 3.0.
Announced this morning by the Apache Tomcat team:
The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.21
Apache Tomcat 7.0.21 includes security fixes, bug fixes and new features compared to version 7.0.20 including: