Apache Tomcat 9.0.21 releases

Apache Tomcat 9

Apache Tomcat is an open source implementation of Java Servlets, JavaServer Pages, Java Expression Language, and Java WebSocket technology. Designed to provide users with the original Java environment to run Web applications.

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here.

Apache Tomcat software powers numerous large-scale, mission-critical web applications across a diverse range of industries and organizations. Some of these users and their stories are listed on the PoweredBy wiki page.

Apache Tomcat 9.0.21 includes fixes and other enhancements and changes.


  • Add:  57287: Add file sorting to DefaultServlet (schultz)
  • Fix:  Fix --no-jmx flag processing, which was called after registry initialization. (remm)
  • Fix:  Ensure that a default request character encoding set on a ServletContext is used when calling ServletRequest#getReader(). (markt)
  • Fix:  Make a best efforts attempt to clean-up if a request fails during processing due to an OutOfMemoryException. (markt)
  • Fix:  Improve the BoM detection for static files handled by the default servlet for the rarely used UTF-32 encodings. Identified by Coverity Scan. (markt)
  • Fix:  Ensure that the default servlet reads the entire global XSLT file if one is defined. Identified by Coverity Scan. (markt)
  • Fix:  Avoid potential NullPointerException when generating an HTTP Allow header. Identified by Coverity Scan. (markt)
  • Code:  Add Context.createInstanceManager() for easier framework integration. (remm)
  • Code:  Add utility org.apache.catalina.core.FrameworkListener to allow replicating adding a Listener to context.xml in a programmatic way. (remm)
  • Code:  Move Container.ADD_CHILD_EVENT to before the child container start, and Container.REMOVE_CHILD_EVENT to before removal of the child from the internal child collection. (remm)
  • Add:  Remove any fragment included in the target path used to obtain a RequestDispatcher. The requested target path is logged as a warning since this is an application error. (markt)