tomcat-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject [ANN] Apache Tomcat 4.1.40 stable is now available
Date Thu, 25 Jun 2009 22:16:55 GMT
The Apache Tomcat team is proud to announce the immediate availability
of Tomcat 4.1.40 stable. This build contains a small number of bug fixes
and two important and three low severity security fixes.

Please refer to the release notes for a complete list of changes.

Apache Tomcat 4 is an implementation of the Java Server Pages 1.2 and
Java Servlet 2.3 specifications.

Apache Tomcat 4.1.40 is very likely to be the last release of the 4.1.x
series. Users should be aware that if further security vulnerabilities
are reported in Apache Tomcat, the 4.1.x series will not be reviewed to
determine if the 4.1.x series is affected, neither will a further
release containing a security fix be made for the 4.1.x series. Users
still using the 4.1.x series are strongly encouraged to upgrade to the
latest stable release of the 6.0.x series, 6.0.20.

All Apache Tomcat releases will always be available from the Apache


Security information:

The Apache Tomcat Team

                     Cryptographic software notice

This distribution includes cryptographic software.  The country in
which you currently reside may have restrictions on the import,
possession, use, and/or re-export to another country, of
encryption software.  BEFORE using any encryption software, please
check your country's laws, regulations and policies concerning the
import, possession, or use, and re-export of encryption software, to
see if this is permitted.  See <> for more

The U.S. Government Department of Commerce, Bureau of Industry and
Security (BIS), has classified this software as Export Commodity
Control Number (ECCN) 5D002.C.1, which includes information security
software using or performing cryptographic functions with asymmetric
algorithms.  The form and manner of this Apache Software Foundation
distribution makes it eligible for export under the License Exception
ENC Technology Software Unrestricted (TSU) exception (see the BIS
Export Administration Regulations, Section 740.13) for both object
code and source code.

The following provides more details on the included cryptographic
  - Tomcat includes code designed to work with JSSE
  - Tomcat includes code designed to work with OpenSSL

View raw message