Return-Path: 
 <announce-return-105-apmail-tomcat-announce-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-announce-archive@minotaur.apache.org
Delivered-To: apmail-tomcat-announce-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2F0FB11316
	for <apmail-tomcat-announce-archive@minotaur.apache.org>;
 Fri, 10 May 2013 08:40:11 +0000 (UTC)
Received: (qmail 15476 invoked by uid 500); 10 May 2013 08:39:57 -0000
Delivered-To: apmail-tomcat-announce-archive@tomcat.apache.org
Received: (qmail 15450 invoked by uid 500); 10 May 2013 08:39:57 -0000
Mailing-List: contact announce-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:announce-help@tomcat.apache.org>
List-Unsubscribe: <mailto:announce-unsubscribe@tomcat.apache.org>
List-Post: <mailto:announce@tomcat.apache.org>
List-Id: <announce.tomcat.apache.org>
Reply-To: announce@tomcat.apache.org
Delivered-To: mailing list announce@tomcat.apache.org
Delivered-To: moderator for announce@tomcat.apache.org
Received: (qmail 82964 invoked by uid 99); 10 May 2013 08:37:43 -0000
Message-ID: <518CB1D1.4010603@apache.org>
Date: Fri, 10 May 2013 09:37:37 +0100
From: Mark Thomas <markt@apache.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
CC: Tomcat Developers List <dev@tomcat.apache.org>,
 announce@tomcat.apache.org, announce@apache.org
Subject: [ANN] Apache Tomcat 7.0.40 released
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.40.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.

This release contains a security fix and a number of bug fixes
and improvements compared to version 7.0.39. The notable changes include:
- A fix for CVE-2013-2071 (bug <bug>54178</bug>) an informatio
  disclosure issue.
- Various fixes to stop Tomcat attempting to parse text that looks like
  an EL expression in a JSP document as an EL expression when EL
  expressions are either not permitted or not enabled.
- Improved handling and reporting if a ConcurrentModificationException
  occurs while checking for memory leaks when a web application is
   being stopped.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Note: This version has 4 zip binaries: a generic one and three
      bundled with Tomcat native binaries for Windows operating systems
      running on different CPU architectures.

Note: If you use the APR/native AJP or HTTP connector you *must* upgrade
      to version 1.1.24 or later of the AJP/native library and it is
      recommended that you upgrade to 1.1.27

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html