HeroDevs

Release Notes

Complete Changelog for NES for Tomcat

Tomcat 8.5.x

8.5.101 (NES) - July 10, 2025

Notes

  • This release originates from the open‑source Apache Tomcat project forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds.
  • This release includes both maven packages and binaries. The binary packages for this release are available at https://registry.nes.herodevs.com/bin/org.apache.tomcat/tomcat-release/8.5.100-tomcat-8.5.101/tomcat-nes-v8.5.101.zip.

Bug Fixes

  • Make counting of active streams more robust
  • Add support for re-keying with TLS 1.3
  • Fix inconsistent resource metadata with current GET and PUT/DELETE
  • If the Jakarta Authentication fails with an exception, set a 500 status
  • Fix Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.
  • Automate protection for CVE-2024-56337
  • Enhance lifecycle of temporary files used by partial PUT
  • Fix Apache Tomcat Denial of Service via invalid HTTP priority header
  • Fix Apache Tomcat Rewrite rule bypass
  • Refactor CGI servlet to access resources via WebResources and Use WebResource API to differentiate files and directories
  • Fix Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.
  • Fix Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
  • Use the full path when calling icacls.exe
  • Expand checks for webAppMount

Full Version: 8.5.100-tomcat-8.5.101

Getting Started
Long-term support and security updates for NES for Tomcat 8.5.x
Previous Article
Published Packages
Available versions of NES Binaries and NES Maven artifacts
Next Article