Apache Tomcat End of Life: Tomcat 9 is EOL — Migration Guide to Tomcat 10/11
Apache Tomcat 9 has reached its end of life as of December 31, 2025, meaning it will no longer receive security patches or CVE fixes. Many production servers continue to run Tomcat 9 due to the complexities involved in migrating to newer versions. The migration from Tomcat 9 to Tomcat 10 or 11 requires significant changes to application code, making it a challenging process for many teams.
- ▪Tomcat 9 is the last version to use the javax.* namespace, while Tomcat 10 and later use the jakarta.* namespace.
- ▪The Apache Tomcat project has stopped backporting fixes for vulnerabilities after Tomcat 9's EOL date.
- ▪Migrating directly to Tomcat 11 is recommended as it has no defined EOL date, unlike Tomcat 10.1 which reaches EOL in December 2026.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3921242) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } endoflife-ai Posted on May 30 • Originally published at endoflife.ai Apache Tomcat End of Life: Tomcat 9 is EOL — Migration Guide to Tomcat 10/11 #java #security #devops #opensource Apache Tomcat 9 reached end of life on December 31, 2025. No more security patches. No more CVE fixes. Every vulnerability disclosed from January 1, 2026 onward is permanently unpatched on Tomcat 9. And yet — tens of thousands of production servers are still running it today. This isn't negligence.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
