- General
- Migrating from 8.0.x or 8.5.x to 9.0.x
- Java 8 required
- Specification APIs
- Servlet 4.0 API
- JavaServer Pages 2.3
- Expression Language 3.0
- WebSocket 1.1
- BIO connector removed
- HTTP connector changes
- Comet support removed
- HTTP/2 support added
- TLS virtual hosting and multiple certificate support added
- Internal APIs
- JSR-77 implementation removed
- Clustering
- InstanceListener removed
- SessionManager
- Cookies
- Web applications
- Engine and Host configurations
- Context configurations
- Logging
- Upgrading 9.0.x
Content
Table of Contents
General
Please read the general Migration Guide page first, for common considerations that apply to migration or upgrade between versions of Apache Tomcat®.
Migrating from 8.0.x or 8.5.x to 9.0.x
This section lists all the known changes between 8.0.x / 8.5.x and 9.0.x which may cause backwards compatibility problems when upgrading. Some of these changes and new features are already present in Apache Tomcat 8.5.x.
Java 8 required
Apache Tomcat 9.0.x requires Java 8 or later. Apache Tomcat 8.0.x and 8.5.x required Java 7.
Specification APIs
Apache Tomcat 9 supports the Java Servlet 4.0, JavaServer Pages 2.3, Java Unified Expression Language 3.0 and Java API for WebSocket 1.0 specifications. The changes between versions of specifications may be found in the Changes appendix in each of specification documents.
Servlet 4.0 API
In JSP pages that use wildcard import syntax the new classes added in
Servlet API may conflict with ones in web applications.
For example, if package "a"
contains class
PushBuilder
, the following JSP page will cease to compile in
Tomcat 9:
<%@page import="a.*"%>
<% PushBuilder pushBuilder = new PushBuilder(); %>
This happens because the implicit import of
javax.servlet.http.*
and the explicit import of
a.*
will provide conflicting definitions of class
PushBuilder
that was added in Servlet 4.0. The solution is to
use the explicit import, import="a.PushBuilder"
.
JavaServer Pages 2.3
This is unchanged from Tomcat 8.x.
Expression Language 3.0
This is unchanged from Tomcat 8.x.
WebSocket 1.1
This is unchanged from Tomcat 8.x.
BIO connector removed
The following change is present in 8.5.0 onwards.
The Java blocking IO implementation (BIO) for both HTTP and AJP has been removed. Users are recommended to switch to the Java non-blocking IO implementation (NIO).
HTTP connector changes
HTTP reason phrases have been removed entirely. Some non-RFC-compliant clients are known to fail when the reason phrase is missing. Such failures are a problem with the client and not with Tomcat.
Comet support removed
The following change is present in 8.5.0 onwards.
Comet support has been removed without a direct replacement. Applications using Comet are recommended to migrate to WebSockets.
HTTP/2 support added
The following feature is available since 8.5.0 onwards.
HTTP/2 is supported for h2 (over TLS, negotiated via ALPN) and h2c (clear text, negotiated via HTTP/1.1 upgrade). HTTP/2 needs to be explicitly enabled for a connector. To enable it, insert
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
TLS virtual hosting and multiple certificate support added
The following feature is available since 8.5.0 onwards.
Tomcat 9 supports multiple TLS virtual hosts for a single connector with each virtual host able to support multiple certificates. Virtual host definitions are nested inside the Connector element with the default specified using the defaultSSLHostConfigName attribute on the Connector if more than one virtual host is specified. Certificate definitions are nested inside the virtual host.
The following example shows how to use this to configure a single APR/native connector for multiple TLS virtual hosts with each host having both an RSA and EC certificate.
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150"
SSLEnabled="true"
defaultSSLHostConfigName="openoffice.apache.org" >
<SSLHostConfig hostName="openoffice.apache.org" >
<Certificate certificateKeyFile="conf/openoffice.apache.org-rsa-key.pem"
certificateFile="conf/openoffice.apache.org-rsa-cert.pem"
type="RSA" />
<Certificate certificateKeyFile="conf/openoffice.apache.org-ec-key.pem"
certificateFile="conf/openoffice.apache.org-ec-cert.pem"
type="EC" />
</SSLHostConfig>
<SSLHostConfig hostName="www.openoffice.org" >
<Certificate certificateKeyFile="conf/www.openoffice.org-rsa-key.pem"
certificateFile="conf/www.openoffice.org-rsa-cert.pem"
type="RSA" />
<Certificate certificateKeyFile="conf/www.openoffice.org-ec-key.pem"
certificateFile="conf/www.openoffice.org-ec-cert.pem"
type="EC" />
</SSLHostConfig>
</Connector>
Internal APIs
Whilst the Tomcat 9 internal API is broadly compatible with Tomcat 8 there have been many changes at the detail level and they are not binary compatible. Developers of custom components that interact with Tomcat's internals should review the JavaDoc for the relevant API.
Of particular note are:
- Significant refactoring has taken place throughout the connectors to reduce duplicate code and to align behaviour across implementations. (This change is present in 8.5.x.)
- The deprecated
digest
attribute has been removed from theRealm
. (This change is present in 8.5.x.)
JSR-77 implementation removed
The following change is present in 8.5.0 onwards.
The JSR-77 implementation is incomplete and has been removed in 8.5.x and 9.0.x. Specifically, the following methods that exposed to JMX have been removed.
StandardContext.getServlets()
StandardContext.isStateManageable()
StandardContext.getDeploymentDescriptor()
StandardWrapper.isStateManageable()
Clustering
The following change is present in 8.5.0 onwards.
MessageDispatch15Interceptor
had been used to add the Java 5
features to MessageDispatchInterceptor.
MessageDispatch15Interceptor
has been removed in Tomcat 8.5.x and 9.0.x
by merging the Java 5 features to MessageDispatchInterceptor
.
InstanceListener removed
The following change is present in 8.5.0 onwards.
The support of InstanceListener has been removed in 8.5.x and 9.0.x. Specifically, the following classes have been removed.
org.apache.catalina.InstanceListener
org.apache.catalina.InstanceEvent
org.apache.catalina.util.InstanceSupport
SessionManager
The following change is present in 8.5.0 onwards.
The following session manager attributes have been completely removed in 8.5.x and 9.0.x.
distributable
maxInactiveInterval
sessionIdLength
The replacements are as follows:
- The
distributable
attribute has been deprecated in 8.0 and specified value is ignored. This should be configured via the Context. The value is inherited based on the presence or absence of the<distributable />
element in/WEB-INF/web.xml.
- The
maxInactiveInterval
attribute has been deprecated in 8.0. If the value is specified, a warning log is issued. This should be configured via the Context. The value is inherited based on the value of the<session-timeout>
element in/WEB-INF/web.xml
. - The
sessionIdLength
attribute ofManager
has been replaced bysessionIdLength
attribute ofSessionIdGenerator
.
Cookies
The default CookieProcessor
is now the
Rfc6265CookieProcessor
. The CookieProcessor
is
configurable per Context
and the
LegacyCookieProcessor
may be used to obtain the 8.0.x
behaviour.
Web applications
The Manager and HostManager web applications are configured by default
with a RemoteAddrValve
that limits access to those
applications to connections from localhost.
Engine and Host configurations
The behaviour for startStopThreads
has changed when the
effective value is 1. In this case, children will be started on the current
thread rather than via an ExecutorService
configured with a
single thread.
Context configurations
The clearReferencesStatic
attribute has been removed in
8.5.x and 9.0.x.
Logging
By default the log files will be kept 90 days and then removed from the file system.
Upgrading 9.0.x
When upgrading instances of Apache Tomcat from one version of Tomcat 9 to another, particularly when using separate locations for $CATALINA_HOME and $CATALINA_BASE, it is necessary to ensure that any changes in the configuration files such as new attributes and changes to defaults are applied as part of the upgrade. To assist with the identification of these changes, the form below may be used to view the differences between the configuration files in different versions of Tomcat 9.
Tomcat 9.0.x noteable changes
The Tomcat developers aim for each patch release to be fully backwards compatible with the previous release. Occasionally, it is necessary to break backwards compatibility in order to fix a bug. In most cases, these changes will go unnoticed. This section lists changes that are not fully backwards compatible and might cause breakage when upgrading.
- In 9.0.96, a change was made to the way pooled JSP tags were released, resulting in a binary incompatiblity between some JSP files compiled with earlier versions of Apache Tomcat 9. This incompatibility will be corrected in 9.0.97, so JSPs compiled before 9.0.96 should again run without recompilation in 9.0.97 and later.
-
In 9.0.74 onwards, the default value for the Connector attribute
maxParameterCount
has been reduced from 10,000 to 1,000. In 9.0.31 onwards, the default listen address of the AJP Connector was changed to the loopback address rather than all addresses.
Reference: AJP connector.
In 9.0.31 onwards, the requiredSecret attribute of the AJP Connector was deprecated and replaced by the secret attribute.
Reference: AJP connector.
In 9.0.31 onwards, the secretRequired attribute was added to the AJP Connector. If set to
true
, the default, the AJP Connector will not start unless a secret has been specified.Reference: AJP connector.
In 9.0.31 onwards, the allowedRequestAttributesPattern attribute was added to the AJP Connector. Requests with unrecognised attributes will now be blocked with a 403.
Reference: AJP connector.
In 9.0.44 onwards, the semantics of the
HostConfig.check(String)
method have changed. Rather than marking the application as serviced before calling the method, the method will mark the application as serviced before checking resources and then un-mark the application as being serviced after the checks are complete. If the application is marked as serviced when the method is called, the method will be a NO-OP.In 9.0.48 onwards, the NIO poller was simplified and the block poller and selector configuration has been removed. This will not cause a startup error if they are present in the configuration, but may produce a warning and will have no effect.
In 9.0.51 onwards, Tomcat no longer adds an "Expires" HTTP response header when adding "Cache-Control: private" due to a CONFIDENTIAL transport-guarantee. This will likely cause a change in caching behavior for applications that do not explicitly set their own headers but rely on Tomcat's previous behavior. If you wish to disable caching, you will need to configure it explicitly in your application. See BZ 65513 for more information.
In 9.0.53 onwards, as a result of the updated fork of Commons FileUpload now using
java.nio.file.Files
, applications using multi-part uploads need to ensure that the JVM is configured with sufficient direct memory to store all in progress multi-part uploads.In 9.0.56 onwards, the system property
org.apache.juli.AsyncLoggerPollInterval
is no longer used.
Tomcat 9.0.x configuration file differences
Select a configuration file, old version and new version from the boxes below and then click "View differences" to see the differences. The differences will be shown in a new tab/window.
Note: If there are no differences you will see an error page.
You can also use a Git command similar to the following from within a working copy:
git diff 9.0.0 9.0.12 -- conf/