-
Latest Version
-
Operating System
Windows XP / Vista / Windows 7 / Windows 8 / Windows 10
-
User Rating
Click to vote -
Author / Product
-
Filename
apache-tomcat-9.0.31.exe
Sometimes latest versions of the software can cause issues when installed on older devices or devices running an older version of the operating system.
Software makers usually fix these issues but it can take them some time. What you can do in the meantime is to download and install an older version of Apache Tomcat 9.0.31.
For those interested in downloading the most recent release of Apache Tomcat or reading our review, simply click here.
All old versions distributed on our website are completely virus-free and available for download at no cost.
We would love to hear from you
If you have any questions or ideas that you want to share with us - head over to our Contact page and let us know. We value your feedback!
What's new in this version:
Catalina:
Update:
- Do not store username and password as session notes during authentication if they are not needed
Update: 63691: Skip all jar and directory scanning when the wildcard pattern "*" or "*.jar" is set or added to tomcat.util.scan.StandardJarScanFilter.jarsToSkip
- Allow more than one parameter when defining RewriteMaps
- Refactor recycle facade system property into a new connector attribute named discardFacades
Fix:
- Avoid useless environment restore when not using GSSCredential in JNDIRealm
- Respect the argument-count when searching for MBean operations to invoke via the JMXProxyServlet
- Correct a regression in the static resource caching changes introduced in 9.0.28. Avoid a NullPointerException when working with the URL provided for the root of a packed WAR
- Provide default configuration source based on the current directory if none has been set, for full compatibility with existing code
- Clarify/expand the Javadoc for the Tomcat#addWebapp() and related methods
- JNDIRealm no longer authenticates to LDAP
- Ensure that container provided SCIs are always loaded before application provided SCIs. Note that where both the container and the application provide the same SCI, it is the application provided SCI that will be used
- SCI definitions from JARs unpacked into WEB-INF/classes are now handled consistently and will always be found irrespective of whether the web application defines a JAR ordering or not
- Skip null-valued session attributes when deserializing sessions
- Do not throw a NullPointerException when an MBean or operation cannot be found by the JMXProxyServlet
- InputStreams for directories obtained from resource URLs now return a directory listing consistent with the behaviour of FileURLConnection. In addition to restoring the behaviour that was lost as a result of the introduction of CachedResourceURLConnection, it expands the feature to include packedWARs and to take account of resource JARs
- Add ${...} property replacement support to XML external entity definitions
- Fix a problem that meant that remote host, address and port information could be missing in the access log for an HTTP/2 request where the connection was closed unexpectely
Code:
- Deprecate MappingData.contextPath as it is unused
- Deprecate the JmxRemoteLifecycleListener as the features it provides are now available in the remote JMX capability included with the JRE. This listener will be removed in Tomcat 10 and may be removed from Tomcat 9.0.x some time after 2020-12-31.
Coyote:
Update:
- Simplify NIO blocking read and write
- Disable (comment out in server.xml) the AJP/1.3 connector by default
- Change the default bind address for the AJP/1.3 connector to be the loopback address
Fix:
- Ensure that Servlet Asynchronous processing timeouts fire when requests are made using HTTP/2
- Fix the corrupton of the TLS configuration when using the deprecated TLS attributes on the Connector if the configuration has already been set via the new SSLHostConfig and SSLHostConfigCertificate elements
- Switch the message shown when using HTTP to connect to an HTTPS port from ISO-8859-1 to UTF-8
- Cancel selection key in poller before wrapper close to avoid possible deadlock
- Correct a regression introduced in 9.0.28 that meant invalid tokens in the Transfer-Encoding header were ignored rather than treated as an error
- Rename the HTTP Connector attribute rejectIllegalHeaderName to rejectIllegalHeader and expand the underlying implementation to include header values as well as names
Add:
- Add support for RFC 5915 formatted, unencrypted EC key files when using a JSSE based TLS connector
- Rename the requiredSecret attribute of the AJP/1.3 Connector to secret and add a new attribute secretRequired that defaults to true. When secretRequired is true the AJP/1.3 Connector will not start unless the secret attribute is configured to a non-null, non-zero length String
- Add a new attribute, allowedRequestAttributesPattern to the AJP/1.3 Connector. Requests with unrecognised attributes will be blocked with a 403
Jasper:
Fix:
- Update the performance optimisation for using expressions in tags that depend on uninitialised tag attributes with implied scope to make the performance optimisation aware of the new public class (java.lang.Record) added in Java 14
- Replace the faulty custom services lookup used for ExpressionFactory implementations with ServiceLoader
Add:
- Add a META-INF/services entry to jasper-el.jar so that the Expression Language implementation can be discovered via the services API
Cluster:
Fix:
- Ensure that session ID changes are replicated during form-authentication
Web applications:
Fix:
- In the examples web application, where a Servlet example includes ii18n support, the Locale used should be based on the request locale and not the server locale
Add: Add additional information on securing AJP/1.3 Connectors
Other:
Fix:
- Ensure statements are closed when a pooled JDBC connection is passivated in Tomcat's fork of Commons DBCP2
- OperaOpera 115.0 Build 5322.109 (64-bit)
- 4K Download4K Video Downloader+ 1.10.3 (64-bit)
- PhotoshopAdobe Photoshop CC 2025 26.2 (64-bit)
- OKXOKX - Buy Bitcoin or Ethereum
- iTop VPNiTop VPN 6.2.0 - Fast, Safe & Secure
- Premiere ProAdobe Premiere Pro CC 2025 25.1
- BlueStacksBlueStacks 10.41.642.1001
- Hero WarsHero Wars - Online Action Game
- TradingViewTradingView - Trusted by 60 Million Traders
- LockWiperiMyFone LockWiper (Android) 5.7.2
Comments and User Reviews