Secure drop-in replacements for Tomcat version 8.5
NEVER-ENDING SUPPORT FOR
Apache Tomcat
Legacy Apache Tomcat versions still power mission-critical apps — but internal SLAs, CVE disclosures, and security audits don’t care.
Never-Ending Support (NES) for Apache Tomcat keeps you compliant, secure, and audit-ready without an unplanned migration or risky patchwork.
Patch CVEs, Meet Internal SLAs, Pass Audits — in Minutes.
NES for Apache Tomcat
is a secure drop-in replacement for
Apache Tomcat
CVE Protection
0 Security Issues Fixed in NES for Apache Tomcat
(and always looking for more)
By purchasing HeroDevs’ Never-Ending Support for Apache Tomcat, you ensure that your Apache Tomcat applications stay secure and mitigate these vulnerabilities. As more CVEs are discovered, you can rest easy knowing HeroDevs will fix them.
If you’re currently using Apache Tomcat in your application’s tech stack, your application is vulnerable to the CVEs listed below.
Switch to Never-Ending Support for Apache Tomcat in minutes to immediately mitigate these vulnerabilities.
If you’re currently using Apache Tomcat in your application’s tech stack, your application is vulnerable to the CVEs listed below.
Switch to Never-Ending Support for Apache Tomcat in minutes to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Apache Tomcat
Apache Tomcat
Remote Code Execution
>=9.0.0.M1 <9.0.98, >=10.1.0-M1 <10.1.34, >=11.0.0-M1 <11.0.2
May 28, 2025
Medium
Apache Tomcat
Apache Tomcat
Denial of Service
>=9.0.0.M1 <9.0.98, >=10.1.0-M1 <10.1.34, >=11.0.0-M1 <11.0.2
May 28, 2025
Medium
Apache Tomcat
Apache Tomcat
Information Exposure
>=9.0.92 <9.0.96, >=10.1.27 <10.1.31, >=11.0.0-M23 <11.0.0
May 28, 2025
Critical
Apache Tomcat
Apache Tomcat
Authorization Bypass
<9.0.96, >=10.1.0-M1 <10.1.30, >=11.0.0-M1 <11.0.1
May 28, 2025
High
Apache Tomcat
Apache Tomcat
Remote Code Execution
>=9.0.0.M1 <9.0.98, >=10.1.0-M1 <10.1.34, >=11.0.0-M1 <11.0.2
May 28, 2025
High
Apache Tomcat
Apache Tomcat
Denial of Service
>=9.0.13 <9.0.90, >=10.1.0-M1 <10.1.25, >=11.0.0-M1 <11.0.0.M21
May 28, 2025
High
Apache Tomcat
Apache Tomcat
Denial of Service
>=9.0.0.M1 <9.0.90, >=10.1.0-M1 <10.1.25, >=11.0.0-M1 <11.0.0-M21
May 28, 2025
For more details on CVEs found in end-of-life software, visit our vulnerability directory.
Critical Challenges We Solve
Evolving Security Threats
Recent vulnerabilities can target servlet processing and can lead to remote code execution. NES delivers timely patches for these emerging threats that would otherwise remain unaddressed in end-of-life Tomcat versions.
Spring Dependencies
Spring Boot applications can be particularly vulnerable when running on outdated Tomcat versions, creating compound security risks. NES addresses vulnerabilities at the servlet container level, protecting your Spring applications from underlying threats.
Compliance Violations
Running unsupported software increasingly results in audit findings and regulatory penalties. NES helps maintain compliance with SOC 2, PCI DSS, HIPAA, and FedRAMP by providing ongoing security updates and documentation.
Custom Configuration Preservation
Years of tuning and customization make Tomcat migrations particularly risky. NES secures your existing implementation without requiring changes to your carefully crafted configurations.
Who Relies on NES for Apache Tomcat
Financial Services
Maintaining secure banking platforms and payment processing systems
Healthcare Organizations
Ensuring HIPAA-compliant patient portals and claims systems
Government Agencies
Supporting mission-critical citizen service applications
Retail & E-commerce
Preserving stable inventory and order management systems
Manufacturing
Maintaining reliable supply chain and production applications
What is Never-Ending Support?
Security Fixes
A new version of NES for Apache Tomcat will be released each time we find, validate, and fix a security issue.
Drop-In Compatibility
A direct replacement for your framework—no migrations, no rewrites, just ongoing support.
SLA Compliance
HeroDevs provides SLAs that ensure compliance by providing incident response and remediation in accordance with industry-standard regulations, including SOC 2, FedRAMP, PCI, and HIPAA.
Learn more.
Team of Experts
NES for Apache Tomcat is built by dedicated senior-level Java and security engineers.
Easy to Install
Our simple drop-in replacement means all you have to do is update your Maven/Gradle files and rebuild your project. No code changes or find & replace required.
Intellectual Property Protection
NES for Apache Tomcat is not only secure; HeroDevs also offers enterprise-level protection for all products.
Learn more.Why Choose HeroDevs for Apache Tomcat?
Apache Tomcat is integral to enterprises in e-commerce, finance, media, and more due to its scalability, lightweight design, and robust Java support. However, open vulnerabilities demonstrate the need for continuous security updates.
With HeroDevs' expertise in Java frameworks and security engineering, organizations can confidently deploy scalable, secure web applications without the operational burden of managing vulnerabilities. Additionally, HeroDevs helps businesses adhere to strict compliance requirements by ensuring that their software remains up-to-date with the latest security patches and meets regulatory standards like SOC 2, PCI DSS, HIPAA, and FedRAMP.
With HeroDevs' expertise in Java frameworks and security engineering, organizations can confidently deploy scalable, secure web applications without the operational burden of managing vulnerabilities. Additionally, HeroDevs helps businesses adhere to strict compliance requirements by ensuring that their software remains up-to-date with the latest security patches and meets regulatory standards like SOC 2, PCI DSS, HIPAA, and FedRAMP.
SUPPORT
Frequently Asked Questions
Below are common questions our customers have. Of course, we’re happy to meet with you and answer these and other questions you might have.
I got an error like "EOL/Obsolete Software: Apache Tomcat 8.5 Detected." What can I do?
Does HeroDevs have an SLA for NES for Apache Tomcat?
What Apache Tomcat versions does NES support?
Does NES for Apache Tomcat help with compliance?
Why do I need NES for Apache Tomcat?
How does licensing work?
What happens if we do nothing now that our Tomcat version is end-of-life?
How are Spring applications affected by Tomcat vulnerabilities?
How does NES for Apache Tomcat compare to upgrading to newer Tomcat versions?
Related Products
If you're leveraging this technology, chances are you're also using complementary systems that face similar end-of-life (EOL) challenges.
Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.
Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.
HeroDevs Blog
Latest News
.png)
.png)
Leaping over technology stacks in a single bound!
Defeat Your Technical Villains
Whether it's continuous support through our Never-Ending Support (NES) library or our unparalleled professional services to get you migrated and moving forward, HeroDevs is to the rescue!
Contact Us
Got questions about Never-Ending Support for your open-source library? We're here to help!
%201.svg){kind=small}
Discover how HeroDevs NES Products can keep your systems secure and compliant.
Learn how our solutions can deliver value to your organization.
Get detailed pricing information tailored to your needs.
Trusted by industry leaders such as
Talk to an Expert