VMware tc Server 4.0 Release Notes

VMware tc Server 4.0.16 | 25 SEP 2020

VMware tc Server 4.0.15 | 01 JUL 2020

VMware tc Server 4.0.14 | 14 JUN 2020

VMware tc Server 4.0.13 | 06 MAR 2020

VMware tc Server 4.0.12 | 13 APR 2020

Pivotal tc Server 4.0.11 | 21 FEB 2020

Pivotal tc Server 4.0.10 | 23 DEC 2019

Pivotal tc Server 4.0.9 | 12 NOV 2019

Pivotal tc Server 4.0.8 | 13 AUG 2019

Pivotal tc Server 4.0.7 | 15 MAY 2019

Pivotal tc Server 4.0.6 | 29 APR 2019

Pivotal tc Server 4.0.5 | 01 MAR 2019

Pivotal tc Server 4.0.4 | 06 DEC 2018

Pivotal tc Server 4.0.3 | 05 OCT 2018

Pivotal tc Server 4.0.2 | 13 JUL 2018

Pivotal tc Server 4.0.1 | 27 APR 2018

Pivotal tc Server 4.0.0 | 26 MAR 2018

Last Document Update: 25 SEP 2020

What’s in the Release Notes

These release notes cover the following topics:

What’s New in VMware tc Server 4.0.16

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • Bundled tc Runtime:
      • 9.0.38.B.RELEASE, equivalent to Apache Tomcat 9.0.38 including the following fixes:
    • On-demand tc Runtimes:
      • 8.5.58.B.RELEASE, equivalent to Apache Tomcat 8.5.58 including the following fixes:
      • 7.0.106.A.RELEASE, equivalent to Apache Tomcat 7.0.106

What’s New in VMware tc Server 4.0.15

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • Bundled tc Runtime:
    • On-demand tc Runtimes:
      • 8.5.56.B.RELEASE, equivalent to Apache Tomcat 8.5.56 including the following fixes:
      • 7.0.104.B.RELEASE, equivalent to Apache Tomcat 7.0.104 including the following fixes:

What’s New in VMware tc Server 4.0.14

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • Bundled tc Runtime:
      • 9.0.36.A.RELEASE, equivalent to Apache Tomcat 9.0.36
    • On-demand tc Runtimes:
      • 8.5.56.A.RELEASE, equivalent to Apache Tomcat 8.5.56
      • 7.0.104.A.RELEASE, equivalent to Apache Tomcat 7.0.104

What’s New in VMware tc Server 4.0.13

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime Versions:

    • Bundled tc Runtime:
      • 9.0.34.B.RELEASE, equivalent to Apache Tomcat 8.5.54, including the following fixes:
        • Rework the fix for BZ 64021 for better custom class loader support (ASF commit: 47edccf)
        • Fix compilation of JSPs with inner classes with ECJ 4.14 onwards (ASF commit: 85e93fb)
        • Includes CVE-2020-9484
    • On-demand tc Runtimes:
      • 8.5.54.B.RELEASE, equivalent to Apache Tomcat 8.5.54, including the following fixes:
        • Rework the fix for BZ 64021 for better custom class loader support (ASF commit: 33074db)
        • Fix compilation of JSPs with inner classes with ECJ 4.14 onwards (ASF commit: 5bc5ed2)
        • Includes CVE-2020-9484
      • 7.0.103.B.RELEASE, equivalent to Apache Tomcat 7.0.103, including the following fixes:
        • Rework the fix for BZ 64021 for better custom class loader support (ASF commit: b732c45)
        • Fix compilation of JSPs with inner classes with ECJ 4.14 onwards (ASF commit: 94cbea7)
        • Includes CVE-2020-9484

What’s New in VMware tc Server 4.0.12

This VMware tc Server release includes the following new features and changes:

  • New tc Runtime versions:

    • Bundled tc Runtime:
      • 9.0.33.A.RELEASE, equivalent to Apache Tomcat 9.0.33
    • On-demand tc Runtimes:
      • 8.5.53.A.RELEASE, equivalent to Apache Tomcat 8.5.53
      • 7.0.103.A.RELEASE, equivalent to Apache Tomcat 7.0.103
  • Pivotal tc Server has been renamed to VMware tc Server

What’s New in Pivotal tc Server 4.0.11

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
  • The tc Runtimes in this release contain changes to the AJP Connector. Particular attention should be paid to the values used for the address, secret, secretRequired and allowedRequestAttributesPattern attributes. The ajp template in Pivotal tc Server versions 3.2.20+ default value for secretRequired is false. For untrusted networks the value of secretRequired should be true

What’s New in Pivotal tc Server 4.0.10

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:

    • Bundled tc Runtime:
      • 9.0.30.B.RELEASE, equivalent to Apache Tomcat 9.0.30
    • On-demand tc Runtimes:
      • 8.5.50.B.RELEASE, equivalent to Apache Tomcat 8.5.50
      • 7.0.99.B.RELEASE, equivalent to Apache Tomcat 7.0.99
  • New features:

What’s New in Pivotal tc Server 4.0.9

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:

    • Bundled tc Runtime:
      • 9.0.27.A.RELEASE, equivalent to Apache Tomcat 9.0.27
    • On-demand tc Runtimes:
      • 8.5.47.A.RELEASE, equivalent to Apache Tomcat 8.5.47
      • 7.0.96.A.RELEASE, equivalent to Apache Tomcat 7.0.96
  • New features:

What’s New in Pivotal tc Server 4.0.8

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:

    • Bundled tc Runtime:
      • 9.0.22.B.RELEASE, equivalent to Apache Tomcat 9.0.22 including the following fix:
        • Expand the HTTP/2 excessive overhead protection to cover various forms of abusive client behaviour and close the connection if any such behaviour is detected.
    • On-demand tc Runtimes:
      • 8.5.43.B.RELEASE, equivalent to Apache Tomcat 8.5.43 including the following fix:
        • Expand the HTTP/2 excessive overhead protection to cover various forms of abusive client behaviour and close the connection if any such behaviour is detected.
      • 7.0.96.A.RELEASE, equivalent to Apache Tomcat 7.0.96
  • Fix the decode command which stopped working in 4.0.7.

What’s New in Pivotal tc Server 4.0.7

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • Bundled tc Runtime:
      • 9.0.20.B.RELEASE, equivalent to Apache Tomcat 9.0.20 including the following fix:
        • Fix concurrency issue behind intermittent HTTP/2 test failures
    • On-demand tc Runtimes:
      • 8.5.41.B.RELEASE, equivalent to Apache Tomcat 8.5.41 including the following fix:
        • Fix concurrency issue that caused intermittent h2 test failures
      • 7.0.94.A.RELEASE, equivalent to Apache Tomcat 7.0.94

What’s New in Pivotal tc Server 4.0.6

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • Bundled tc Runtime:
      • 9.0.19.A.RELEASE, equivalent to Apache Tomcat 9.0.19
    • On-demand tc Runtimes:
      • 8.5.40.A.RELEASE, equivalent to Apache Tomcat 8.5.40
      • 7.0.94.A.RELEASE, equivalent to Apache Tomcat 7.0.94
  • Deprecated features:
    • This release deprecates the use of s2enc and tcenc encoding methods. Please use pbkdf2 instead.

What’s New in Pivotal tc Server 4.0.5

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • Bundled tc Runtime:
      • 9.0.16.B.RELEASE, equivalent to Apache Tomcat 9.0.16 including the following fix:
        • Switch default database connection pool to Apache Tomcat’s JDBC Pool
        • Revert the changes for BZ 53930 that added support for the CATALINA_OUT_CMD as they caused regressions - ASF Commit #r1853509
    • On-demand tc Runtimes:
      • 8.5.38.B.RELEASE, equivalent to Apache Tomcat 8.5.38 including the following fixes:
        • Switch default database connection pool to Apache Tomcat’s JDBC Pool
        • Revert the changes for BZ 53930 that added support for the CATALINA_OUT_CMD as they caused regressions - ASF Commit #r1853509
      • 7.0.93.A.RELEASE, equivalent to Apache Tomcat 7.0.93

What’s New in Pivotal tc Server 4.0.4

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • Bundled tc Runtime:
      • 9.0.13.B.RELEASE, equivalent to Apache Tomcat 9.0.13 including the following fix:
        • Fix a file descriptor leak in the code that monitors tomcat-users.xml for changes - Bug 62924
    • On-demand tc Runtimes:
      • 8.5.35.B.RELEASE, equivalent to Apache Tomcat 8.5.35 including the following fix:
        • Avoid an exception when using Tomcat Native built with a version of OpenSSL that does not support TLSv1.3 - ASF Commit #r1846513
      • 7.0.92.A.RELEASE, equivalent to Apache Tomcat 7.0.92

What’s New in Pivotal tc Server 4.0.3

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • Bundled tc Runtime:
      • 9.0.12.A.RELEASE, equivalent to Apache Tomcat 9.0.12
    • On-demand tc Runtimes:
      • 8.5.34.A.RELEASE, equivalent to Apache Tomcat 8.5.34
      • 7.0.91.A.RELEASE, equivalent to Apache Tomcat 7.0.91

What’s New in Pivotal tc Server 4.0.2

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • Bundled tc Runtime:
      • 9.0.10.A.RELEASE, equivalent to Apache Tomcat 9.0.10
    • On-demand tc Runtimes:
      • 8.5.32.A.RELEASE, equivalent to Apache Tomcat 8.5.32
      • 7.0.90.A.RELEASE, equivalent to Apache Tomcat 7.0.90

What’s New in Pivotal tc Server 4.0.1

This Pivotal tc Server release includes the following new features and changes:

  • New tc Runtime versions:
    • Bundled tc Runtime:
      • 9.0.7.B.RELEASE, equivalent to Apache Tomcat 9.0.7 including the following fixes:
    • On-demand tc Runtimes:
      • 8.5.30.B.RELEASE, equivalent to Apache Tomcat 8.5.30 including the following fixes:
      • 7.0.86.B.RELEASE, equivalent to Apache Tomcat 7.0.86 including the following fixes:
  • Added a new password encoder that uses PBKDF2 encoding

What’s New in Pivotal tc Server 4.0.0

This Pivotal tc Server release includes the following new features and changes:

  • Features Highlights:
    • Introduction of our Apache Tomcat 9.0 compatible runtime
      • Updated Specifications: Servlet 4.0, JSP 2.3, EL 3.0, WebSocket 1.1, and JASPIC 1.1
      • Requires Java 8 to use
      • Add support for HTTP/2
      • Adds support for OpenSSL for TLS support with JSSE connectors
      • Add support for TLS virtual hosting, or Server Name Indication (SNI)
    • Command Consolidation
      • Simplified command line interface only requires one script, tcserver
      • All commands are available in one location
    • Added support for Java versions 9 and 10
    • On-demand access to tc Runtimes and custom templates
    • Separation of tc Server installation package from the tc Runtimes, instances, and custom templates.
    • Added a customizable central configuration file with the ability to set the runtimes, instances, templates directories, along with other configuration options.
    • Separated RPMs into a tc Server installation package and an RPM for each tc Runtime version.
    • tc Server 4.0 RPMs are available on the Pivotal download site and no longer distributed via Pivotal RPM Repository
  • tc Runtimes:
    • Our bundled tc Runtime version:
      • 9.0.6.B.RELEASE, equivalent to Apache Tomcat 9.0.6 including the following fixes:
        • Fix to ensure MBean names for TLS components are correctly formed when the connector is bound to an explicit IPv6 address
        • Fix to avoid a potential loop in the APR/Native poller
    • On-demand tc Runtime versions:
      • 8.5.29.B.RELEASE, equivalent to Apache Tomcat 8.5.29 including the following fixes:
        • Fix to ensure MBean names for TLS components are correctly formed when the connector is bound to an explicit IPv6 address
        • Fix to avoid a potential loop in the APR/Native poller
      • 7.0.85.B.RELEASE, equivalent to Apache Tomcat 7.0.85 including the following fixes:
        • Fix programmatic login regression as the NonLoginAuthenticator has to be set for it to work (if no login method is specified). Bug 62104

Security and Vulnerability Information

All CVEs (Common Vulnerabilities and Exposures) are registered with cve.mitre.org. Once the CVE information is released to the public, it can take some time before this site is updated with all the details. If you do not see the updated CVE information, please visit Apache Tomcat’s Security pages for more detailed information about the CVE.

Here are the links to Apache Tomcat security and vulnerability details per release:

Known Issues

Issue Number Description
N/A The default OpenJDK build of Java 9 on Ubuntu is a non-GA version and will cause issues when running tc Server. Upgrade to a GA version of OpenJDK to resolve the issues.
N/A As of tc Runtime versions 7.0.100.A.RELEASE, 8.5.51.A.RELEASE, and 9.0.31.A.RELEASE the AJP connector attributes have changed. Unmodified server.xml files may result in the following message in the catalina.log Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. Please see https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html for how to update the configuration. AJP Template documentation
N/A In tc Server 4.0.7 the decode command is not working. It is fixed in 4.0.8

Glossary

Term Definition
tc Runtime tc Runtime is the Apache Tomcat runtime binaries packaged for use by tc Server. See tc Server Versioning to understand the naming scheme.
Bundled tc Runtime This is a tc Runtime that is packaged with the tc Server installation. For example tc Server 4.0.0 has tc Runtime 9.0.6.B.RELEASE bundled in the distribution.
On-demand tc Runtime This is a tc Runtime that is available for download by using the tcserver get-runtime command or by manually downloading the tc Runtime from VMware Tanzu Network. You can see the available tc Runtimes by calling the tcserver list-runtimes command.

tc Server Versioning

The tc Runtime version refers to the corresponding Apache Tomcat release. A letter is added to indicate whether additional patches not yet released by the Apache Software Foundation are applied.

For example:

  • tc Runtime 9.0.6.A.RELEASE is equivalent to Apache Tomcat 9.0.6.
  • tc Runtime 9.0.6.B.RELEASE is equivalent to Apache Tomcat 9.0.6 plus important bug fixes, enhancements, or security fixes. The letter could also refer to a pre-release of Apache Tomcat 9.0.7.

    The letter is incremented (9.0.6.C.RELEASE, 9.0.6.D.RELEASE, and so on) if additional patches or security fixes are applied after a release is named and released.

See the Apache Tomcat changelogs for a list of improvements introduced by release: