Apache Tomcat 9.0.22 releases

Apache Tomcat 9

Apache Tomcat is an open source implementation of Java Servlets, JavaServer Pages, Java Expression Language, and Java WebSocket technology. Designed to provide users with the original Java environment to run Web applications.

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here.

Apache Tomcat software powers numerous large-scale, mission-critical web applications across a diverse range of industries and organizations. Some of these users and their stories are listed on the PoweredBy wiki page.

Apache Tomcat 9.0.22 includes fixes and other enhancements and changes.


  • Fix:  Improve parsing of Range request headers. (markt)
  • Fix:  Range headers that specify a range unit Tomcat does not recognise should be ignored rather than triggering a 416 response. Based on a pull request by zhanhb. (markt)
  • Fix:  When comparing a date from a If-Range header, an exact match is required. Based on a pull request by zhanhb. (markt)
  • Fix:  Add an option to the default servlet to disable processing of PUT requests with Content-Range headers as partial PUTs. The default behaviour (processing as partial PUT) is unchanged. Based on a pull request by zhanhb. (markt)
  • Fix:  Improve parsing of Content-Range headers. (markt)
  • Update:  Update the recommended minimum Tomcat Native version to 1.2.23. (markt)


  • Fix:  Remove a source of potential deadlocks when using HTTP/2 when the Connector is configured with useAsyncIO as true. (markt)
  • Fix:  63523: Restore SSLUtilBase methods as protected to preserve compatibility. (remm)
  • Fix:  Fix typo in UTF-32LE charset name. Patch by zhanhb vi Github. (fschumacher)
  • Fix:  Once a URI is identified as invalid don’t attempt to process it further. Based on a PR by Alex Repert. (markt)
  • Fix:  Fix to avoid the possibility of long poll times for individual pollers when using mutliple pollers with APR. (markt)
  • Fix:  Refactor the fix for 63205 so it only applies when using PKCS12 keystores as regressions have been reported with some other keystore types. (markt)


  • Add:  Include file names if SMAP processor is unable to delete or rename a class file during SMAP generation. (markt)
  • Update:  Update to the Eclipse JDT compiler 4.12. (markt)


  • Fix:  63521: As required by the WebSocket specification, if a POJO that is deployed as a result of the SCI scan for annotated POJOs is subsequently deployed via the programmatic API ignore the programmatic deployment. (markt)


  • Fix:  Switch the check for terminal availability to test for stdin as using stdout does not work when output is piped to another process. Patch provided by Radosław Józwik. (markt)
  • Add:  Add user buildable optional modules for easier CDI 2 and JAX-RS support. Also include a new documentation page describing how to use it. (remm)