August 11, 2022

Preparing for Your Next Tomcat Upgrade

Tomcat
Middleware

By

Planning a Tomcat upgrade or migrating to the latest version of Tomcat can pose challenges to unsuspecting enterprises. But Apache Tomcat upgrades and migrations are key to maintaining security and to unlocking the potential of newly-supported features and improvements found in new Tomcat versions.

In this blog, we look at how to prepare for your next Apache Tomcat upgrade, with details on the Tomcat community support lifecycle, considerations for migrating and upgrading (including how often enterprises should upgrade or migrate), and the basic steps needed to perform your next upgrade or migration.

Understanding the Apache Tomcat Lifecycle

When it comes to Apache Tomcat, there are three active branches at the time of this writing, 8.5, 9 and 10. While none of the three have an end of life date set yet, the Tomcat community typically does a good job of communicating end of life at least a year in advance for versions going end of life. These end of life announcements are typically accompanied by announcements regarding the next major version. (E.g., We'll likely see a Tomcat 8.5 EOL announcement around the same time as the announcement for Tomcat 10.5 or Tomcat 11)

Tomcat Version

Release Date

End of Community Support

6.0

February 28, 2007

December 31, 2012

7.0

January 14, 2011

March 31, 2021

8.0

June 25, 2014

June 30, 2018

8.5

June 13, 2016

TBD

9.0

January 18, 2018

TBD

10.0

February 2, 2021

TBD

Ultimately, which branch you choose is likely based on what version of Java you’re using along with it. The Tomcat website has a reference chart to help you figure out what versions of Java work with what versions of Tomcat.

Learn Industry Best Practices for Tomcat Performance, Security, and Resiliency

whitepaper-apache-tomcat-best-practices-600-400

In our Enterprise Guide to Apache Tomcat, our experts share their top tips and tricks for ensuring your Tomcat deployments are secure, stable, and performant. Download your free copy today via link below.

Get Your Copy

What to Consider Before Your Tomcat Upgrade or Migration

If you happen to be upgrading in the same major branch versions, your configuration file will likely transfer easily in between versions. This means your testing of minor releases should be relatively pain free and not take a lot of time and resources from your team.

Migrating from a major version to another, however, requires that you rewrite your configuration based around all the major changes incorporated into the new major version. Testing for this will take a greater amount of time and resources due to the nature of there being significant changes between major versions of Tomcat.

Reading the release notes is going to provide you with an overview of what to expect. Because of this, we advise you pick the newest version of Tomcat that you can, so that you get the longest range of time of support from the Apache community.

How Often Should You Upgrade Tomcat?

Some apps function so smoothly, we set them out in production and they do their job so well, that touching it becomes almost out of the question because if it isn’t broken, does it need fixing? That is a complicated question, because the answer can be circumstantial. If the app and infrastructure around it are all working soundly, you may not see any reason to do a minor upgrade. But then one day, you hear from the community that there is a CVE or more relating to a version that you’re currently using. Now, there’s a motivating factor to remediate the security issue. Keeping up with the security of Tomcat is important for anyone using it in a production environment, and the longer you wait to upgrade or migrate, the less smoothly things are likely to go.

How Often Should You Migrate to a New Tomcat Version?

Migrating to a newer Tomcat branch is a trickier task, since bringing over your configuration from the previous branch will not work. Migration will require significant testing to verify that your code will work with the app server. The more moving parts in play the greater the risk of older apps not being fully compatible.

Knowing the EOL dates ahead of time is going to give your organization the necessary heads up of when they will have a greater need to migrate.

Tomcat’s website states that on average a major release of Tomcat is good for 10 years. This is a significant window by comparison to other known application servers, giving your organization time to plan accordingly. Apache has also written specific documentation for migrating.

Preparing for Your Next Apache Tomcat Upgrade / Migration

The very first thing to do before migration is to take back ups of everything. Document what sort of changes you’re going to be making to the environment so that you have an accurate account for everything you’re going to do. Going over metrics of when the app is in use will allow you to know when the best time to perform the migration is. 

Step #1: Determine Your Migration / Upgrade Path

Determine which version of Tomcat you will be upgrading to, along with the required version of Java that Tomcat requires. Read the release notes to see what sort of major changes you’ll be dealing with, as it might also give you insight to the new features available as well.

Step #2: Complete a Test Install and Compare Configuration Files

Using the same OS that you will be deploying your app on, set up the version of Tomcat you will be upgrading to in a test environment. Testing is critical for migration and is still a good practice for upgrades as well. One of the tests that you can run is a git command that compares configuration files against one another. An example of this command would look something like:

git diff 10.1.0-M1 10.1.0-M2 -- conf/

Step #3: Configure Your Test Install and Deploy Your Application to Test Environment

Configure your Tomcat instance and see if you can deploy your application in the test environment. Once you have your app up and running, you’ll want to do some testing to make sure it can handle the standard work load it’ll be under in production. The method you use to generate traffic to the server will vary depending on the type of application you’re running. It’s advised you push your server past the point that it might hit in production to prepare for any upticks in traffic. 

Step #4: Bring Test Environment to Production and Gradually Transition Workloads

Once you’ve done thorough testing of workloads on the new server, you’ll want to schedule time to bring your environment to production. The best practice is to stand the new servers up alongside the production servers, allow traffic to the new environment while maintaining the older live environment. When you’ve established that the new servers can properly handle live workloads, you may then take down the older servers one at a time, making sure that the new live servers are able to handle the workload gradually.

Final Thoughts

With enough planning — and a proper test environment and traffic tools — you should be able to properly plan a fairly stress-free Tomcat upgrade or migration. While Tomcat versions are good for roughly ten years, there are performance gains and new features to be had when you decide to migrate or upgrade to a newer version. Upgrading and migrating should be a regular part of every organizations maintenance plan and is also critical for preventing exposure to security vulnerabilities.

Get Support for Your Tomcat Deployments

The work doesn't stop when you migrate to a new Tomcat version. Get the dependable technical support and services you need for your Tomcat deployments by talking with an OpenLogic expert today.

See What We Offer

Additional Resources

image-zend-blog-author-bio-andrew-pomponio

Andrew Pomponio

Associate Enterprise Architect, OpenLogic by Perforce

Andrew's areas of specialization include networking, Linux, network security including OpenSSL, and operational troubleshooting. He has been working in the industry for over seven years and is acquiring new skills every day.