- The HTTP header parser has been re-written making it smaller and faster
- The Status page in the Tomcat Manager web application now displays memory pools usage, which includes the PermGen
- Added support for client WebSocket Pings
- A fix for a potential null pointer exception in the AccessLogValve when logged SessionID's become invalidated and to the timestamp cache that caused some entries to be logged with a timstamp earlier than the true time
- The CSRF Prevention Filter now allows you to customize the HTTP Status code delivered for denied requests
As always, you can download a copy from a mirror near you.