Pivotal tc Server 3.2 Release Notes

Note: End of General Support occurred on December 31st 2020 and End of Technical guidance will end on June 30th, 2021. Please refer to the 3.x End of Life Timeline.

VMware tc Server 3.2.29 | 20 MAY 2021

VMware tc Server 3.2.28 | 03 MAY 2021

VMware tc Server 3.2.27 | 10 FEB 2021

VMware tc Server 3.2.26 | 24 NOV 2020

VMware tc Server 3.2.25 | 25 SEP 2020

VMware tc Server 3.2.24 | 01 JUL 2020

VMware tc Server 3.2.23 | 15 JUN 2020

VMware tc Server 3.2.22 | 06 MAY 2020

VMware tc Server 3.2.21 | 13 APR 2020

Pivotal tc Server 3.2.20 | 21 FEB 2020

Pivotal tc Server 3.2.19 | 23 DEC 2019

Pivotal tc Server 3.2.18 | 12 NOV 2019

Pivotal tc Server 3.2.17 | 13 AUG 2019

Pivotal tc Server 3.2.16 | 15 MAY 2019

Pivotal tc Server 3.2.15 | 29 APR 2019

Pivotal tc Server 3.2.14 | 01 MAR 2019

Pivotal tc Server 3.2.13 | 06 DEC 2018

Pivotal tc Server 3.2.12 | 05 OCT 2018

Pivotal tc Server 3.2.11 | 13 JUL 2018

Pivotal tc Server 3.2.10 | 27 APR 2018

Pivotal tc Server 3.2.9 | 20 FEB 2018

Pivotal tc Server 3.2.8 | 10 OCT 2017

Pivotal tc Server 3.2.7 | 08 SEP 2017

Pivotal tc Server 3.2.6 | 24 MAY 2017

Pivotal tc Server 3.2.5 | 05 APR 2017

Pivotal tc Server 3.2.4 | 06 JAN 2017

Pivotal tc Server 3.2.3 | 19 DEC 2016

Pivotal tc Server 3.2.2 | 15 NOV 2016

Pivotal tc Server 3.2.1 | 06 OCT 2016

Pivotal tc Server 3.2.0 | 17 AUG 2016

Last Document Update: 13 JUL 2021

What’s in the Release Notes

These release notes cover the following topics:

What’s New in VMware tc Server 3.2.29

Note: This is the final planned release of tc Server 3.2.x.

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.66.B.RELEASE, equivalent to Apache Tomcat 8.5.66, with the following additions
      • Fix BZ 65308 - NPE in JNDIRealm when no userRoleAttribute is specified
      • Includes CVE-2021-33037
    • 7.0.109.B.RELEASE, equivalent to Apache Tomcat 7.0.109

Please upgrade to the latest tc Server version 4.1.x.

What’s New in VMware tc Server 3.2.28

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:

    • 8.5.65.B.RELEASE, equivalent to Apache Tomcat 8.5.65, with the following additions
      • Includes JDNI Cleanup, ASF commit 31fb9c0
      • Includes fix for BZ 65251
      • Includes CVE-2021-30640
    • 7.0.109.A.RELEASE, equivalent to Apache Tomcat 7.0.109

Please upgrade to the latest tc Server version 4.1.x.

What’s New in VMware tc Server 3.2.27

This VMware tc Server release includes the following new features and changes:

What’s New in VMware tc Server 3.2.26

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.60.A.RELEASE, equivalent to Apache Tomcat 8.5.60
    • 7.0.107.A.RELEASE, equivalent to Apache Tomcat 7.0.107

What’s New in VMware tc Server 3.2.25

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.58.B.RELEASE, equivalent to Apache Tomcat 8.5.58 including the following fixes:
    • 7.0.106.B.RELEASE, equivalent to Apache Tomcat 7.0.106
  • tc Runtime Repository Changes:
    • The tc Runtime Repository has been changed to use repo.pivotal.io on port 443 which is the same repository used by 4.0+.
    • Messages output from the tcruntime-admin get-runtime command have been changed.
    • Included dependencies have been reduced including the removal of jackson-databind

What’s New in VMware tc Server 3.2.24

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.56.B.RELEASE, equivalent to Apache Tomcat 8.5.56 including the following fixes:
    • 7.0.104.B.RELEASE, equivalent to Apache Tomcat 7.0.104 including the following fixes:

What’s New in VMware tc Server 3.2.23

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.56.A.RELEASE, equivalent to Apache Tomcat 8.5.56
    • 7.0.104.A.RELEASE, equivalent to Apache Tomcat 7.0.104

What’s New in VMware tc Server 3.2.22

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.54.B.RELEASE, equivalent to Apache Tomcat 8.5.54, including the following fixes:
      • Rework the fix for BZ 64021 for better custom class loader support (ASF commit: 33074db)
      • Fix compilation of JSPs with inner classes with ECJ 4.14 onwards (ASF commit: 5bc5ed2)
      • Includes CVE-2020-9484
    • 7.0.103.B.RELEASE, equivalent to Apache Tomcat 7.0.103, including the following fixes:
      • Rework the fix for BZ 64021 for better custom class loader support (ASF commit: b732c45)
      • Fix compilation of JSPs with inner classes with ECJ 4.14 onwards (ASF commit: 94cbea7)
      • Includes CVE-2020-9484

What’s New in VMware tc Server 3.2.21

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:

    • 8.5.53.A.RELEASE, equivalent to Apache Tomcat 8.5.53
    • 7.0.103.A.RELEASE, equivalent to Apache Tomcat 7.0.103
  • Pivotal tc Server has been renamed to VMware tc Server.

What’s New in Pivotal tc Server 3.2.20

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:

  • The tc Runtimes in this release contain changes to the AJP Connector. Particular attention should be paid to the values used for the address, secret, secretRequired and allowedRequestAttributesPattern attributes. The ajp template in Pivotal tc Server versions 3.2.20+ default value for secretRequired is false. For untrusted networks the value of secretRequired should be true

What’s New in Pivotal tc Server 3.2.19

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.50.B.RELEASE, equivalent to Apache Tomcat 8.5.50
    • 7.0.99.B.RELEASE, equivalent to Apache Tomcat 7.0.99

What’s New in Pivotal tc Server 3.2.18

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.47.A.RELEASE, equivalent to Apache Tomcat 8.5.47
    • 7.0.96.A.RELEASE, equivalent to Apache Tomcat 7.0.96

What’s New in Pivotal tc Server 3.2.17

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.43.B.RELEASE, equivalent to Apache Tomcat 8.5.43 including the following fix:
      • Expand the HTTP/2 excessive overhead protection to cover various forms of abusive client behaviour and close the connection if any such behaviour is detected.
    • 7.0.96.A.RELEASE, equivalent to Apache Tomcat 7.0.96

What’s New in Pivotal tc Server 3.2.16

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.41.B.RELEASE, equivalent to Apache Tomcat 8.5.41 including the following fixes:
      • Fix concurrency issue that caused intermittent h2 test failures - ASF commit #50ea37e
  • Unmodified tc Runtime versions:
    • 7.0.94.A.RELEASE, equivalent to Apache Tomcat 7.0.94

What’s New in Pivotal tc Server 3.2.15

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.40.A.RELEASE, equivalent to Apache Tomcat 8.5.40
    • 7.0.94.A.RELEASE, equivalent to Apache Tomcat 7.0.94

What’s New in Pivotal tc Server 3.2.14

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.38.B.RELEASE, equivalent to Apache Tomcat 8.5.38 including the following fixes:
      • Switch default database connection pool to Apache Tomcat’s JDBC Pool
      • Revert the changes for BZ 53930 that added support for the CATALINA_OUT_CMD as they caused regressions - ASF Commit #r1853509
    • 7.0.93.A.RELEASE, equivalent to Apache Tomcat 7.0.93

What’s New in Pivotal tc Server 3.2.13

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.35.B.RELEASE, equivalent to Apache Tomcat 8.5.35 including the following fix:
      • Avoid an exception when using Tomcat Native built with a version of OpenSSL that does not support TLSv1.3 - ASF Commit #r1846513
    • 7.0.92.A.RELEASE, equivalent to Apache Tomcat 7.0.92

What’s New in Pivotal tc Server 3.2.12

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.34.A.RELEASE, equivalent to Apache Tomcat 8.5.34
    • 7.0.91.A.RELEASE, equivalent to Apache Tomcat 7.0.91

What’s New in Pivotal tc Server 3.2.11

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.32.A.RELEASE, equivalent to Apache Tomcat 8.5.32
    • 7.0.90.A.RELEASE, equivalent to Apache Tomcat 7.0.90

What’s New in Pivotal tc Server 3.2.10

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.30.B.RELEASE, equivalent to Apache Tomcat 8.5.30 including the following fixes:
    • 7.0.86.B.RELEASE, equivalent to Apache Tomcat 7.0.86 including the following fixes:
  • Added a new password encoder that uses PBKDF2 encoding
  • Updated 3rdpary jackson-bind library to address vulnerabilities
    • Note: These vulnerabilities did not affect the runtimes. It was only used in our on-demand tools for ‘get-runtime’ and 'get-template’.

What’s New in Pivotal tc Server 3.2.9

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
  • Java 9 is fully supported in this release and all future releases.

What’s New in Pivotal tc Server 3.2.8

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.23.A.RELEASE, equivalent to Apache Tomcat 8.5.23
    • 7.0.82.A.RELEASE, equivalent to Apache Tomcat 7.0.82

What’s New in Pivotal tc Server 3.2.7

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.20.C.RELEASE, equivalent to Apache Tomcat 8.5.20 including the following fixes:
      • Minor change to use XMLInputFactory.newInstance() instead of XMLInputFactory.newFactory()
      • Keystore Alias regression fix: 61450
      • Hardware keystore regression fix: 61451
    • 7.0.81.B.RELEASE, equivalent to Apache Tomcat 7.0.81 including the following fixes
      • WebDav regression fix: 61452

What’s New in Pivotal tc Server 3.2.6

This Pivotal tc Server release includes the following new features and changes:

What’s New in Pivotal tc Server 3.2.5

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:

What’s New in Pivotal tc Server 3.2.4

This Pivotal tc Server release includes the following new features and changes:

What’s New in Pivotal tc Server 3.2.3

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.9.B.RELEASE, equivalent to Apache Tomcat 8.5.9 including the following fixes:
    • 7.0.72.B.RELEASE, equivalent to Apache Tomcat 7.0.72 including the following fixes:
  • Other fixes:
    • Added versions for get-template listing
    • Manager template now allows administrator to assign username on install

What’s New in Pivotal tc Server 3.2.2

This Pivotal tc Server release includes the following new features and changes:

What’s New in Pivotal tc Server 3.2.1

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.5.B.RELEASE, equivalent to Apache Tomcat 8.5.5 including the following fixes:
      • Corrects a regression that prevents starting under a SecurityManager (ASF commit r1760305)
      • Fail earlier if the client closes the connection during SNI processing (ASF commit r1761423)
    • 7.0.72.A.RELEASE, equivalent to Apache Tomcat 7.0.72
  • Other Changes:
    • Enhanced error handling when using tcruntime-admin get-template and get-runtime

What’s New in Pivotal tc Server 3.2.0

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • 8.5.4.B.RELEASE, equivalent to Apache Tomcat 8.5.4 including the following fixes:
      • Apache Tomcat 8.5.x was created from Tomcat 9.0.0 M4 tag. It is compatible with Servlet 3.1, JSP 2.3, EL 3.0, WebSocket 1.1, and JASPIC 1.1.
        • You may require the migration guide when upgrading from Tomcat 8.0.x to Tomcat 8.5.x as there has been significant changes between the versions.
      • Additional fixes:
        • Paths passed to RequestDispatchers are decoded by default
    • 7.0.70.B.RELEASE, equivalent to Apache Tomcat 7.0.70 including the following fixes:
      • Paths passed to RequestDispatchers are decoded by default
  • Template Repository
    • User is now able to retrieve templates from our own repository on-demand by using our tcruntime-admin get-template command to list and download templates
    • GemFire HTTP session manager template has been upgraded to version 8.2.1.1
    • Redis Session Manager template has been upgraded to version 1.3.0
      • Added support for tc Runtime 8.5 and Apache Tomcat 8.5
    • Spring Insight templates have now been upgraded to version 1.9.2.SR8
      • Added support for tc Runtime 8.5 and Apache Tomcat 8.5
  • Other Changes and Enhancements:
    • tc Runtime 8.5.x is the default version used to create instances
    • NIO connector is the default connector
    • GemFire HTTP session manager, Redis HTTP session manager, and Spring Insight templates are no longer packaged in tc Server. They are now available via the Template Repository feature in tc Server 3.2.
    • Custom templates specifically for tc Runtime 8.5.x will now require the -tomcat-85 suffix when naming your template (i.e. mytemplate-tomcat-85 will only be listed for tc Runtime 8.5 instances
      • Note: -tomcat-8 templates will not work with tc Runtime 8.5
    • tcruntime-admin script provides option to install template and other runtimes in a user specified directory
    • Bash completion has been updated with new script commands
    • Tomcat Manager app is now included as a template and is configured to be secure out-of-the-box.
    • Hyperic Plugin for tc Server
      • Resolved auto-discovery issue caused by an attribute name change in the tc Server instance’s server.xml configuraton file
      • Resolved confusing livedata error message that appeared in logs

Security and Vulnerability Information

All CVEs (Common Vulnerabilities and Exposures) are registered with cve.mitre.org. Once the CVE information is released to the public, it can take some time before this site is updated with all the details. If you do not see the updated CVE information, please visit Apache Tomcat’s Security pages for more detailed information about the CVE.

Here are the links to Apache Tomcat security and vulnerability details per release:

Known Issues

Issue Number Description
N/A On upgrade to tc Runtime 8.5, any previous instances with cluster setup, GemFire HTTP session manager, Redis HTTP session manager, and Spring Insight will need to be recreated using the new templates.
N/A The default OpenJDK build of Java 9 on Ubuntu is a non-GA version and will cause issues when running tc Server. Upgrade to a GA version of OpenJDK to resolve the issues.
N/A As of tc Runtime versions 7.0.100 and 8.5.51 the AJP connector attributes have changed. Unmodified server.xml files may result in the following message in the catalina.log Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. Please see https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html for how to update the configuration. The ajp template in Pivotal tc Server 3.2.20+ default value for secretRequired is false. AJP Template documentation

tc Server Versioning

The tc Runtime version refers to the corresponding Apache Tomcat release. A letter is added to indicate whether additional patches not yet released by the Apache Software Foundation are applied.

For example:

  • tc Runtime 7.0.70.A.RELEASE is equivalent to Apache Tomcat 7.0.70.
  • tc Runtime 7.0.70.B.RELEASE is equivalent to Apache Tomcat 7.0.70 plus important bug fixes, enhancements, or security fixes. The letter could also refer to a pre-release of Apache Tomcat 7.0.71.

    The letter is incremented (7.0.70.C.RELEASE, 7.0.70.D.RELEASE, and so on) if additional patches or security fixes are applied after a release is named and released.

See the Apache Tomcat changelogs for a list of improvements introduced by release: