Blog
May 27, 2025
Planning an Apache Tomcat upgrade (or migrating to the latest version of Tomcat) can pose challenges to unsuspecting enterprises. But Tomcat migrations and upgrades are key to maintaining security and to unlocking the potential of newly-supported features and improvements found in later versions of Tomcat.
In this blog, we look at how to prepare for your next Tomcat upgrade, with details on the Tomcat community support lifecycle, considerations like how often enterprises should be upgrading/migrating, and the basic steps of performing an Apache Tomcat migration or upgrade.
Understanding the Apache Tomcat Lifecycle
There are three active branches of Tomcat at the time of this writing: 9, 10, and 11. Tomcat 8.5 reached end of life (EOL) on March 31, 2024. The Tomcat community typically does a good job of communicating end of life at least a year in advance for versions going EOL. These EOL announcements are typically accompanied by news regarding the next major version; the Tomcat 8.5 EOL date was announced around the same time as information about Tomcat 11 first emerged.
| Tomcat Version | Release Date | End of Community Support |
| 6.0 | February 28, 2007 | December 31, 2012 |
| 7.0 | January 14, 2011 | March 31, 2021 |
| 8.0 | June 25, 2014 | June 30, 2018 |
| 8.5 | June 13, 2016 | March 31, 2024 |
| 9.0 | January 18, 2018 | March 31, 2027 (expected) |
| 10.0 | February 2, 2021 | October 31, 2022 |
| 10.1 | September 23, 2022 | March 31, 2030 (expected) |
| 11.0 | October 3, 2024 | TBD |
Ultimately, which branch you choose is likely based on what version of Java you’re using along with it. The Tomcat website has a reference chart to help you figure out what versions of Java work with what versions of Tomcat.
Back to topLearn Industry Best Practices for Tomcat Performance, Security, and Resiliency
In our Enterprise Guide to Apache Tomcat, our experts share their top tips and tricks for ensuring your Tomcat deployments are secure, stable, and performant. Download your free copy today via link below.
What to Consider Before Your Apache Tomcat Migration or Upgrade
If you happen to be upgrading in the same major branch versions, your configuration file will likely transfer easily in between versions. This means your testing of minor releases should be relatively pain free and not take a lot of time and resources from your team.
Migrating from a major version to another, however, requires that you rewrite your configuration based around all the major changes incorporated into the new major version. Testing for this will take a greater amount of time and resources due to the nature of there being significant changes between major versions of Tomcat.
Reading the release notes is going to provide you with an overview of what to expect. Because of this, we advise you pick the newest version of Tomcat that you can, so that you get the longest range of time of support from the Apache community.
How Often Should You Upgrade Tomcat?
Some apps function so smoothly, we set them out in production and they do their job so well, that touching it becomes almost out of the question because if it isn’t broken, does it need fixing? That is a complicated question, because the answer can be circumstantial. If the app and infrastructure around it are all working soundly, you may not see any reason to do a minor upgrade. But then one day, you hear from the community that there is a CVE or more relating to a version that you’re currently using. Now, there’s a motivating factor to remediate the security issue. Keeping up with the security of Tomcat is important for anyone using it in a production environment, and the longer you wait to upgrade or migrate, the less smoothly things are likely to go.
How Often Should You Migrate to a New Tomcat Version?
Migrating to a newer Tomcat branch is a trickier task, since bringing over your configuration from the previous branch will not work. Migration will require significant testing to verify that your code will work with the app server. The more moving parts in play the greater the risk of older apps not being fully compatible.
Knowing the EOL dates ahead of time is going to give your organization the necessary heads up of when they will have a greater need to migrate.
Tomcat’s website states that on average a major release of Tomcat is good for 10 years. This is a significant window by comparison to other known application servers, giving your organization time to plan accordingly. Apache has also written specific documentation for migrating.
Back to topHow to Prepare for Your Next Apache Tomcat Upgrade / Migration
The very first thing to do before migration is to take back ups of everything. Document what sort of changes you’re going to be making to the environment so that you have an accurate account for everything you’re going to do. Going over metrics of when the app is in use will allow you to know when the best time to perform the migration is.
Step #1: Determine Your Migration / Upgrade Path
Determine which version of Tomcat you will be upgrading to, along with the required version of Java that Tomcat requires. Read the release notes to see what sort of major changes you’ll be dealing with, as it might also give you insight to the new features available as well.
Step #2: Complete a Test Install and Compare Configuration Files
Using the same OS that you will be deploying your app on, set up the version of Tomcat you will be upgrading to in a test environment. Testing is critical for migration and is still a good practice for upgrades as well. One of the tests that you can run is a git command that compares configuration files against one another. An example of this command would look something like:
git diff 10.1.0-M1 10.1.0-M2 -- conf/Step #3: Configure Your Test Install and Deploy Your Application to Test Environment
Configure your Tomcat instance and see if you can deploy your application in the test environment. Once you have your app up and running, you’ll want to do some testing to make sure it can handle the standard work load it’ll be under in production. The method you use to generate traffic to the server will vary depending on the type of application you’re running. It’s advised you push your server past the point that it might hit in production to prepare for any upticks in traffic.
Step #4: Bring Test Environment to Production and Gradually Transition Workloads
Once you’ve done thorough testing of workloads on the new server, you’ll want to schedule time to bring your environment to production. The best practice is to stand the new servers up alongside the production servers, allow traffic to the new environment while maintaining the older live environment. When you’ve established that the new servers can properly handle live workloads, you may then take down the older servers one at a time, making sure that the new live servers are able to handle the workload gradually.
Back to topFinal Thoughts
With enough planning — and a proper test environment and traffic tools — you should be able to properly plan a fairly stress-free Tomcat upgrade or migration. While Tomcat versions are good for roughly ten years, there are performance gains and new features to be had when you decide to migrate or upgrade to a newer version. Upgrading and migrating should be a regular part of every organizations maintenance plan and is also critical for preventing exposure to security vulnerabilities.
Get Support for Your Tomcat Deployments
The work doesn't stop when you migrate to a new Tomcat version. Get the dependable technical support and services you need for your Tomcat deployments by talking with an OpenLogic expert today.
Additional Resources
- Resource Collection - Apache Tomcat Overview
- Blog - Planning Your Next Spring Boot Upgrade
- Blog - Tomcat 11 Features Preview
- Blog - Beginner's Guide to Apache Tomcat Memory Configuration
- Blog - 5 Apache Tomcat Performance Best Practices
- Blog - Apache Tomcat Security Best Practices
- Blog - How to Install Apache Tomcat
- Blog - Tomcat Patching Best Practices