The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.43.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the /webapps-javaee directory and Tomcat will
automatically convert them to Jakarta EE and copy them to the webapps
directory. This conversion is performed using the Apache Tomcat
migration tool for Jakarta EE tool which is also available as a separate
download for off-line use.
Apache Tomcat 10.1.43 is a bugfix and feature release. The notable
changes compared to 10.1.42 include:
- Increase the default for maxPartCount from 10 to 50. Update the
documentation to provide more details on the memory requirements
to support multi-part uploads while avoiding a denial of service
risk.
- Improvements to http/2 support, including data-frame padding,
request statistics, and suppression of warnings when client
certificate verification has been configured in certain environments.
- Fix a regression in the fix for CVE-2025-49125 that prevented access
to PreResources and PostResources when mounted below the web
application root with a path that was terminated with a file
separator.
Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-10.1-doc/changelog.html
Downloads:
http://tomcat.apache.org/download-10.cgi
Migration guides from Apache Tomcat 8.5.x and 9.0.x:
http://tomcat.apache.org/migration.html
Enjoy!
- The Apache Tomcat team
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org