Fri. Nov 22nd, 2019

Apache Tomcat 9.0.27 releases

3 min read

Apache Tomcat is an open source implementation of Java Servlets, JavaServer Pages, Java Expression Language, and Java WebSocket technology. Designed to provide users with the original Java environment to run Web applications.

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here.

Apache Tomcat software powers numerous large-scale, mission-critical web applications across a diverse range of industries and organizations. Some of these users and their stories are listed on the PoweredBy wiki page.

Apache Tomcat 9.0.27 includes fixes and other enhancements and changes.


  • Fix:  Correct a regression introduced in 9.0.25 that prevented configuration files from being loaded from the class path. (markt)


  • Fix:  Use URL safe base 64 encoding rather than standard base 64 encoding when generating or parsing the HTTP2-Settings header as part of an HTTP upgrade to h2c as required by RFC 7540. (markt)
  • Fix:  63765: NIO2 should try to unwrap after TLS handshake to avoid edge cases. (remm)
  • Fix:  63766: Ensure Processor objects are recycled when processing an HTTP upgrade connection that terminates before processing switches to the Processor for the upgraded protocol. (markt)
  • Fix:  Fix a memory leak introduced by the HTTP/2 timeout refactoring in 9.0.23 that could occur when HTTP/2 or WebSocket was used. (markt)


  • Update:  Update to the Eclipse JDT compiler 4.13. (markt)
  • Fix:  Add GraalVM specific ELResolver to avoid BeanInfo use in BeanElResolver if possible, as it needs manual reflection configuration. (remm)
  • Fix:  63781: When performing various checks related to the visibility of classes, fields an methods in the EL implementation, also check that the containing modeul has been exported. (markt)

Web Socket

  • Fix:  63753: Ensure that the Host header in a Web Socket HTTP upgrade request only contains a port if a non-default port is being used. (markt)
  • Fix:  When running on Java 9 and above, don’t attempt to instantiate WebSocket Endpoints found in modules that are not exported. (markt)

Web Applications

  • Docs:  Add base GraalVM documentation. (remm)
  • Docs:  Add Javadoc for the Common Annotations API implementation. (markt)


  • Fix:  When connections are validated without an explicit validation query, ensure that any transactions opened by the validation process are committed. Patch provided by Pascal Davoust. (markt)


  • Code:  Deprecate org.apache.tomcat.util.compat.TLS. Its functionality was only used for unit tests in and has been moved there. (rjung)
  • Fix:  63759: When installing Tomcat with the Windows installer, grant sufficient privileges to enable the uninstaller to execute when user account control is active. (markt)
  • Add:  Use a build property to define the minimum supported Java version and use that build property to reduce the number of edits required to update the minimum supported Java version. (markt)
  • Update:  Update the OWB module to Apache OpenWebBeans 2.0.12. (remm)
  • Update:  Update the CXF module to Apache CXF 3.3.3. (remm)
  • Update:  63767: Update to Commons Daemon 1.2.2. This corrects a regression in Commons Daemon 1.2.0 and 1.2.1 that caused the Windows Service to crash on start when running on an operating system that had not been fully updated. (markt)