A few days ago, the apache tomcat team announced that Tomcat 7 through version 7.0.18, Tomcat 6 through version 6.0.32, and Tomcat 5.5 through version 5.5.33 contained some information disclosure and availability-related vulnerabilities. Today, the Apache Tomcat team released version 7.0.19, which addresses these vulnerabilities within Tomcat 7. Presumably, updates for Tomcat 5.5 and Tomcat 6 will be forthcoming as well.
There are some new features in this release as well:
- JSP recompilation now occurs whenever the last-modified date changes, regardless of whether the date is earlier or later
- An alternative connection pooling option, jdbc-pool, is included
- The Windows installer can now be used to install multiple instances.
The Tomcat 7 changelog lists all the fixes, features, and changes that have been incorporated into this version. version 7.0.17 and 7.0.18 were never formally released so tomcat 7.0.19 incorporates changes from those versions as well.
Downloads are available at the tomcat mirror sites.