The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.43.

Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the /webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

Apache Tomcat 10.1.43 is a bugfix and feature release. The notable changes compared to 10.1.42 include:

 - Increase the default for maxPartCount from 10 to 50. Update the
   documentation to provide more details on the memory requirements
   to support multi-part uploads while avoiding a denial of service
   risk.

 - Improvements to http/2 support, including data-frame padding,
   request statistics, and suppression of warnings when client
   certificate verification has been configured in certain environments.

 - Fix a regression in the fix for CVE-2025-49125 that prevented access
   to PreResources and PostResources when mounted below the web
   application root with a path that was terminated with a file
   separator.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-10.1-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-10.cgi

Migration guides from Apache Tomcat 8.5.x and 9.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to