The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.42. Apache Tomcat is an open source software implementation of the Java Servlet, JavaServer Pages and Java Expression Language technologies. This release contains a number of bug fixes and improvements compared to version 7.0.41. The notable changes include: - Add support for time to first byte in the AccessLogValve. Patch provided by Jeremy Boynes. - Correct a regression introduced in 7.0.39 (refactoring of base 64 encoding and decoding) that broke the JNDI Realm when userPassword was set and passwords were hashed with MD5 or SHA1. - Ensure that the build process produces Javadoc that is not vulnerable to CVE-2013-1571. Based on a patch by Uwe Schindler. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html Note: This version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for Windows operating systems running on different CPU architectures. Note: If you use the APR/native AJP or HTTP connector you *must* upgrade to version 1.1.24 or later of the AJP/native library and it is recommended that you upgrade to 1.1.27 Downloads: http://tomcat.apache.org/download-70.cgi Migration guides from Apache Tomcat 5.5.x and 6.0.x: http://tomcat.apache.org/migration.html