Apache Tomcat 7.0.21 Released
The Apache Tomcat team released version 7.0.21 today, which fixes some bugs and addresses some security issues. Some of the more important changes in this release, which were summarized in the release announcement, include:
- A fix for CVE-2011-3190 that allowed an attacker to inject requests when Tomcat was configured behind a reverse proxy using the AJP protocol.
- Multiple additions and improvements to the memory leak detection/prevention features.
- Improved validation of received AJP messages.