Skip to main content

Thanks for reaching out about our Apache Tomcat Support

A member of our support team — the same engineers who contribute to and maintain the code — will reach out within 1 business day to learn more about your environment and how we can help.

If you have a few free minutes.

Check out our latest blog posts on Tomcat

February 6, 2025 in Security, ActiveMQ, CVEs, Tomcat, TomEE

The Hidden Risk of Running End-of-Life Apache Tomcat, TomEE, and ActiveMQ

Understanding End-of-Life (EOL) Products If you’re a developer or manager, you’ve likely faced the challenge of maintaining legacy systems.  You know the delicate balance between keeping your software running, finding the resources for costly upgrades, and managing the expense of growing your team to support emerging issues. When a product like Apache Tomcat, TomEE, or ActiveMQ reaches its End-of-Life (EOL), it stops receiving critical updates and patches from the Open Source Community. This leaves your systems vulnerable to security breaches and compliance issues—a nightmare for developers maintaining these systems and managers responsible for avoiding business risks. Key Risks of Running…
Read More
January 8, 2025 in CVEs, Security, Tomcat, TomEE

Protect Your Tomcat & TomEE: Insights into CVE-2024-50379 & CVE-2024-56337 Vulnerabilities

Overview of CVE-2024-50379 and CVE-2024-56337 in Tomcat and TomEE You may have noticed a couple of new CVEs in Tomcat recently - CVE-2024-50379 and CVE-2024-56337. This vulnerability is rated as “important”, and could lead to remote code execution (RCE), if exploited. As TomEE is built using Tomcat, this will also be an issue for TomEE users. Let’s take a closer look so you can understand the impact and check whether your Tomcat/TomEE configuration may be affected. Detailed Analysis of the Vulnerability and Its Impact From the CVE description:  “If the default servlet is write enabled (readonly initialisation parameter set to…
Read More
October 12, 2023 in Java EE, ActiveMQ, Apache TomEE, Jakarta EE, MicroProfile, Open Source, Tomcat, TomEE

Moving from javax to jakarta namespace

This blog aims at giving some pointers in order to address the challenge related to the switch from `javax` to `jakarta` namespace. This is one of the biggest changes in Java of the latest 20 years. No doubt. The entire ecosystem is impacted. Not only Java EE or Jakarta EE Application servers, but also libraries of any kind (Jackson, CXF, Hibernate, Spring to name a few). For instance, it took Apache TomEE about a year to convert all the source code and dependencies to the new `jakarta` namespace. This blog is written from the user perspective, because the shift from…
Read More