Apache Tomcat 9.0.1 (beta) 和 8.5.23 已发布。 Apache Tomcat 9.0.1 是 9.0.x 分支的首个 beta 版,与 9.0.0.M26 相比,有以下值得关注的变更: This is the first release after the publication of the Servlet 4.0 specification and fully implements the new specification. A fix for CVE-2017-12617. The ability to update the TLS configuration without restarting Tomcat or the TLS connector. Stricter validation of the HTTP Host header. Additional capabilities for the CGI Servlet. Added support for the OpenSSL SSL_CONF API. To support this the minimum required Tomcat Native version is 1.2.14. 点此查看完整的更新说明。 下载地址 Apache Tomcat 8.5.x 旨在替代 8.0.x,并包含从 Tomcat 9.0.x 向前推出的新功能。要求的最小 Java 版本和实现的规范版本保持不变,与 8.5.20 相比,8.5.23 显著的变化包括: A fix for CVE-2017-12617. Stricter validation of the HTTP Host header. Add ExtractingRoot, a new WebResourceRoot implementation that extracts JARs to the work directory for improved performance when deploying packed WAR files. Added support for the OpenSSL SSL_CONF API. To support this the minimum required Tomcat Native version is 1.2.14. 点此查看完整的更新说明。 下载地址 Apache Tomcat 9.0.1 (beta) 和 8.5.23 发布下载地址
