Tomcat 9.0.36 正式发布！

Tomcat 9.0.36 正式发布！

Tomcat是Apache 软件基金会（Apache Software Foundation）的Jakarta 项目中的一个核心项目，由Apache、Sun 和其他一些公司及个人共同开发而成。由于有了Sun 的参与和支持，最新的Servlet 和JSP 规范总是能在Tomcat 中得到体现，Tomcat 5支持最新的Servlet 2.4 和JSP 2.0 规范。因为Tomcat 技术先进、性能稳定，而且免费，因而深受Java 爱好者的喜爱并得到了部分软件开发商的认可，成为目前比较流行的Web 应用服务器。
Tomcat 服务器是一个免费的开放源代码的Web 应用服务器，属于轻量级应用服务器，在中小型系统和并发访问用户不是很多的场合下被普遍使用，是开发和调试JSP 程序的首选。对于一个初学者来说，可以这样认为，当在一台机器上配置好Apache 服务器，可利用它响应HTML（标准通用标记语言下的一个应用）页面的访问请求。实际上Tomcat是Apache 服务器的扩展，但运行时它是独立运行的，所以当你运行tomcat 时，它实际上作为一个与Apache 独立的进程单独运行的。

下载：

apache-tomcat-9.0.36.exe windows安装版

apache-tomcat-9.0.36-windows-x64.zip windows免安装版

Apache Tomcat Version 9.0.36
           Release Notes


=========
CONTENTS:
=========

* Dependency Changes
* API Stability
* Bundled APIs
* Web application reloading and static fields in shared libraries
* Security manager URLs
* Symlinking static resources
* Viewing the Tomcat Change Log
* Cryptographic software notice
* When all else fails


===================
Dependency Changes:
===================
Tomcat 9.0 is designed to run on Java 8 and later.


==============
API Stability:
==============

The public interfaces for the following classes are fixed and will not be
changed at all during the remaining lifetime of the 9.x series:
- All classes in the javax namespace

The public interfaces for the following classes may be added to in order to
resolve bugs and/or add new features. No existing interface method will be
removed or changed although it may be deprecated.
- org.apache.catalina.* (excluding sub-packages)

Note: As Tomcat 9 matures, the above list will be added to. The list is not
      considered complete at this time.

The remaining classes are considered part of the Tomcat internals and may change
without notice between point releases.


=============
Bundled APIs:
=============
A standard installation of Tomcat 9.0 makes all of the following APIs available
for use by web applications (by placing them in "lib"):
* annotations-api.jar (Annotations package)
* catalina.jar (Tomcat Catalina implementation)
* catalina-ant.jar (Tomcat Catalina Ant tasks)
* catalina-ha.jar (High availability package)
* catalina-ssi.jar (Server-side Includes module)
* catalina-storeconfig.jar (Generation of XML configuration from current state)
* catalina-tribes.jar (Group communication)
* ecj-4.15.jar (Eclipse JDT Java compiler)
* el-api.jar (EL 3.0 API)
* jasper.jar (Jasper 2 Compiler and Runtime)
* jasper-el.jar (Jasper 2 EL implementation)
* jsp-api.jar (JSP 2.3 API)
* servlet-api.jar (Servlet 4.0 API)
* tomcat-api.jar (Interfaces shared by Catalina and Jasper)
* tomcat-coyote.jar (Tomcat connectors and utility classes)
* tomcat-dbcp.jar (package renamed database connection pool based on Commons DBCP 2)
* tomcat-jdbc.jar (Tomcat's database connection pooling solution)
* tomcat-jni.jar (Interface to the native component of the APR/native connector)
* tomcat-util.jar (Various utilities)
* tomcat-websocket.jar (WebSocket 1.1 implementation)
* websocket-api.jar (WebSocket 1.1 API)

You can make additional APIs available to all of your web applications by
putting unpacked classes into a "classes" directory (not created by default),
or by placing them in JAR files in the "lib" directory.

To override the XML parser implementation or interfaces, use the appropriate
feature for your JVM. For Java <= 8 use the endorsed standards override
feature. The default configuration defines JARs located in "endorsed" as endorsed.
For Java 9+ use the upgradeable modules feature.


================================================================
Web application reloading and static fields in shared libraries:
================================================================
Some shared libraries (many are part of the JDK) keep references to objects
instantiated by the web application. To avoid class loading related problems
(ClassCastExceptions, messages indicating that the classloader
is stopped, etc.), the shared libraries state should be reinitialized.

Something which might help is to avoid putting classes which would be
referenced by a shared static field in the web application classloader,
and putting them in the shared classloader instead (JARs should be put in the
"lib" folder, and classes should be put in the "classes" folder).


======================
Security manager URLs:
======================
In order to grant security permissions to JARs located inside the
web application repository, use URLs of the following format
in your policy file:

file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar


============================
Symlinking static resources:
============================
By default, Unix symlinks will not work when used in a web application to link
resources located outside the web application root directory.

This behavior is optional, and the "allowLinking" flag may be used to disable
the check.


==============================
Viewing the Tomcat Change Log:
==============================
The full change log is available from https://tomcat.apache.org and is also
included in the documentation web application.


=============================
Cryptographic software notice
=============================
This distribution includes cryptographic software.  The country in
which you currently reside may have restrictions on the import,
possession, use, and/or re-export to another country, of
encryption software.  BEFORE using any encryption software, please
check your country's laws, regulations and policies concerning the
import, possession, or use, and re-export of encryption software, to
see if this is permitted.  See <http://www.wassenaar.org/> for more
information.

The U.S. Government Department of Commerce, Bureau of Industry and
Security (BIS), has classified this software as Export Commodity
Control Number (ECCN) 5D002.C.1, which includes information security
software using or performing cryptographic functions with asymmetric
algorithms.  The form and manner of this Apache Software Foundation
distribution makes it eligible for export under the License Exception
ENC Technology Software Unrestricted (TSU) exception (see the BIS
Export Administration Regulations, Section 740.13) for both object
code and source code.

The following provides more details on the included cryptographic
software:
  - Tomcat includes code designed to work with JSSE
  - Tomcat includes code designed to work with OpenSSL