Release Notes: This release fixes a denial of service condition affecting use of SSL in the standalone HTTP/1.1 connector, as well as thread safety issues in the session management code.
Release Notes: This release fixes an object recycling bug which could lead to a denial of service attack. It also fixes SSL handling in the AJP connector.
Release Notes: This release features performance and reliability improvements, many JK and HTTP/1.1 connector fixes (including fixes to SSL support), and JSP code generator fixes.
Release Notes: This release includes a JSP source disclosure security fix, Windows specific fixes in Jasper, and JSP tag library handling fixes.
Release Notes: This release includes Web-based administration, new connectors (HTTP/1.1 and AJP 1.3), a new Jasper 2 JSP page compiler, enhanced management tools, and major performance and scalability improvements.
Release Notes: This release includes minor bugfixes to the JSP page compiler.
Release Notes: This release fixes a security vulnerability allowing the use of a request dispatcher to bypass the Java Security Manager sandbox, and would enable a malicious servlet or JSP page to read any file from the server filesystem. This is the only change in this release. The fix is also available as a smaller binary patch which can be applied to an existing Tomcat 4.0.2 installation. People who are not using the Java Security Manager to run Tomcat do not need to upgrade.
Release Notes: This release has a major native connectors update (including AJP 1.4 support), load balancing support using AJP, performance improvements for single thread model servlets, and many miscellaneous bugfixes.
Release Notes: AJP 1.3 support was added, major class loading fixes, and specification compliance fixes were made.