-
Latest Version
-
Operating System
Windows XP / Vista / Windows 7 / Windows 8 / Windows 10
-
User Rating
Click to vote -
Author / Product
-
Filename
apache-tomcat-9.0.74.exe
Sometimes latest versions of the software can cause issues when installed on older devices or devices running an older version of the operating system.
Software makers usually fix these issues but it can take them some time. What you can do in the meantime is to download and install an older version of Apache Tomcat 9.0.74.
For those interested in downloading the most recent release of Apache Tomcat or reading our review, simply click here.
All old versions distributed on our website are completely virus-free and available for download at no cost.
We would love to hear from you
If you have any questions or ideas that you want to share with us - head over to our Contact page and let us know. We value your feedback!
What's new in this version:
Catalina:
- Fix: 65995: Implement RFC 9239 and use text/javascript as the media type for JavaScript rather than application/javascript
- Add: Add an access log valve that uses a json format. Based on pull request #539 provided by Thomas Meyer
- Add: Harden the FORM authentication process against DoS attacks by using a reduced session timeout if the FORM authentication process creates a session. The duration of this timeout is configured by the authenticationSessionTimeout attribute of the FORM authenticator
- Fix: 66527: Correct the Javadoc for the Tomcat.addWebapp() methods that incorrectly stated that the docBase parameter could be a relative path
- Fix: 66524 Correct eviction ordering in WebResource cache to by LRU as intended
- Update: Use server.xml to reduce the default value of maxParameterCount from 10,000 to 1,000. If not configured in server.xml, the default remains 10,000
- Add: Update Digest authentication support to align with RFC 7616. This adds a new configuration attribute, algorithms, to the DigestAuthenticator with a default of SHA-256,MD5
- Update: Add support code for custom user attributes in RealmBase. Based on code from #473 by Carsten Klein
- Fix: Expand the set of HTTP request headers considered sensitive that should be skipped when generating a response to a TRACE request. This aligns with 11.0.x
- Fix: 66541: Improve handling for cached resources for resources that use custom URL schemes. The scheme specific equals() and hashcode() algorithms, if present, will now be used for URLs for these resources. This addresses a potential performance issue with some OSGi custom URL schemes that can trigger potentially slow DNS lookups in some configurations. Based on a patch provided by Tom Whitmore
- Fix: When using a custom session manager deployed as part of the web application, avoid ClassNotFoundExceptions when validating session IDs extracted from requests
- Fix: 66543: Give StandardContext#fireRequestDestroyEvent its own log message
- Fix: 66554: Initialize Random during server initialization to avoid possible JVM thread creation in the webapp context on some platforms
- Update: Make the server utility executor available to webapps using a Servlet context attribute named org.apache.tomcat.util.threads.ScheduledThreadPoolExecutor
Coyote:
- Fix: JSON filter should support specific escaping for common special characters as defined in RFC 8259. Based on code submitted by Thomas Meyer
- Fix: 66511: Fix GzipOutputFilter (used for compressed HTTP responses) when used with direct buffers. Patch suggested by Arjen Poutsma
- Fix: 66512: Align AJP handling of invalid HTTP response headers (they are now removed from the response) with HTTP
- Fix: 66530: Correct a regression in the fix for bug 66442 that meant that streams without a response body did not decrement the active stream count when completing leading to ERR_HTTP2_SERVER_REFUSED_STREAM for some connections
- Code: Refactor synchronization blocks locking on SocketWrapper to use ReentrantLock to support users wishing to experiment with project Loom
Jasper:
- Fix: 66536: Fix parsing of tag files that meant that tag directives could be ignored for some tag files
Cluster:
- Fix: 66535: Redefine the maxValidTime attribute of FarmWarDeployer to be the maximum time allowed between receiving parts of a transferred file before the transfer is cancelled and the associated resources cleaned-up. A new warning message will be logged if the file transfer is cancelled
WebSocket:
- Fix: 66508: When using WebSocket with NIO2, avoid waiting for a timeout before sending the close frame if an I/O error occurs during a write
Other:
- Add: Improvements to French translations
- Add: Improvements to Japanese translations. Contributed by Shirayuking and tak7iji
- Add: Improvements to Chinese translations. Contributed by totoo
- Code: Refactor code using MD5Encoder to use HexUtils.toHexString()
- Fix: 66507: Fix a bug that $JAVA_OPTS is not passed to the jvm in catalina.sh when calling version. Patch suggested by Eric Hamilton
- Update: Update the internal fork of Commons DBCP to f131286 (2023-03-08, 2.10.0-SNAPSHOT). This corrects a regression introduced in 9.0.71
- Fix: Improve the error messages if JRE_HOME or JAVA_HOME are not set correctly. On windows, align the handling of JRE_HOME and JAVA_HOME for the start-up scripts and the service install script
- Update: Update UnboundID to 6.0.8
- Update: Update Checkstyle to 10.9.3
- Update: Update Jacoco to 0.8.9
- OperaOpera 114.0 Build 5282.222 (64-bit)
- 4K Download4K Video Downloader+ 1.10.0 (64-bit)
- PhotoshopAdobe Photoshop CC 2025 26.1 (64-bit)
- OKXOKX - Buy Bitcoin or Ethereum
- iTop VPNiTop VPN 6.1.0 - Fast, Safe & Secure
- Premiere ProAdobe Premiere Pro CC 2025 25.0
- BlueStacksBlueStacks 10.41.610.1001
- Hero WarsHero Wars - Online Action Game
- TradingViewTradingView - Trusted by 60 Million Traders
- LockWiperiMyFone LockWiper (Android) 5.7.2
Comments and User Reviews