Apache Tomcat is updating its software to provide developers with early access to upcoming technology and support new features. The Apache Software Foundation (ASF) announced Apache Tomcat 8.5.12, and the alpha release of Tomcat 9.0.0.M18.
“The Apache Tomcat software is an open source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. The Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket specifications are developed under the Java Community Process,” according to the project’s website.
The 8.5.12 version is intended to replace 8.0.x and provide new features pulled from Tomcat 9.0.x. Notable changes include: early access updates to the Servlet 4.0 API, Java 9 annotation scanning support, and Tomcat Native 1.2.12, the latest native library that enables Tomcat to use certain native resources for such things as performance and compatibility. The full changelog is available here.
According to the Tomcat team, the 9.0.0.M18 alpha version is a milestone release in the 9.0.x branch. It provides users with early access to new features in order to provide feedback. Notable changes include: early access updates to the Sevrlet 4.0 API, support for Java 9 during annotation scanning, ALPN for NIO and NIO2 connections, and Tomcat Native 1.2.12. The full changelog is available here.
In addition, the Apache Software Foundation recently put out a security advisory for Tomcat 9.0.0.M11 to 9.0.0.M15 and Tomcat 8.5.7 to 8.5.9. “The refactoring to make wider use of ByteBuffer introduced a regression that could cause information to leak between requests on the same connection. When running behind a reverse proxy, this could result in information leakage between users. All HTTP connector variants are affected but HTTP/2 and AJP are not affected,” the ASF wrote.
In order to mitigate the risks, the ASF suggest users update to Tomcat 9.0.0.M17 or later, and Tomcat 8.5.11 or later.