The Apache Tomcat project is pleased to announce the first release of Apache Tomcat 7. Tomcat 7 implements the Servlet 3.0, JSP 2.2 and EL 2.2 specifications. The updated specifications add a number of new features including:

  • asynchronous processing
  • web-fragment support
  • annotation based configuration
  • programmatic configuration
  • increased control of session tracking
  • httpOnly support for cookies
  • file upload support
  • programmatic login
  • additional options for JSP property groups
  • support for method invocation in expression language

In addition to the updated specifications, the new and improved Tomcat 7 features include:

  • memory leak prevention and detection
  • protection against session fixation attacks
  • a simple filter to add cross-site request forgery protection to an application
  • simplified embedding of Tomcat in other applications
  • support for mapping external folders into web application context (aliases)
  • better security for the Manager and Host Manager applications
  • all connector implementations now use Executors to provide the thread pool
  • the internal component life-cycle management and MBean registration have been refactored
  • making the features of a number of the valves from Tomcat 6 available as Filters
  • lots of internal code clean-up

Tomcat 7 is available from the Tomcat 7 downloads. The Tomcat 7 documentation is also available.

Tomcat 7.0.0 is a beta release. Information on the known issues in this release can be found in the changelog for 7.0.1 and in the open bugs and enhancements for Tomcat 7.

Some configuration changes may be required to move from Tomcat 6 to Tomcat 7. The full details can be found in the migration guide.