Synced 17 Jun 2026 22:27 UTC Account
← All products

Apache Tomcat

Apache · Web / Runtime
↻ RSS feed
Monitors Apache Tomcat and tailors your dashboard to that exact version.
11.0.22 · latest cycle/100 Unknown

Summary iPlain-English security verdict for Apache Tomcat, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Apache Tomcat's security status could not be assessed at the last sync — vulnerability data was unavailable.

Disclosure trend iNew CVEs published for Apache Tomcat each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

No urgent unpatched issues identified. ✓

Get alerted about Apache Tomcat

Be emailed the moment Apache Tomcat gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Apache Tomcat — no marketing, no sharing, and we never know what you run. Track your whole stack →

Monitor up to 200 products — freeHit ☆ Monitor on anything you run, then sign in (no password) to sync your stack across devices and unlock smart insights, risk history & CSV/JSON exports. Sign in free →

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Apache Tomcat release line is supported — and when it sunsets. Select a line for its full report.

Mar31'27 Apache Tomcat 9.0EOL 2027-03-31
Mar31'24 Apache Tomcat 8.5ended 2024-03-31
Oct31'22 Apache Tomcat 10.0ended 2022-10-31
Mar31'21 Apache Tomcat 7ended 2021-03-31
Jun30'18 Apache Tomcat 8.0ended 2018-06-30
Dec31'16 Apache Tomcat 6ended 2016-12-31
Sept30'12 Apache Tomcat 5ended 2012-09-30

Full Apache Tomcat end-of-life dates & support timeline →

11.0 latest 11.0.22 Supported 11.0.22 → 10.1 latest 10.1.55 Supported 10.1.55 → 10.0 latest 10.0.27 End of life ended 2022-10-3110.0.27 → 9.0 latest 9.0.118 Supported until 2027-03-319.0.118 → 8.5 latest 8.5.100 End of life ended 2024-03-318.5.100 → 8.0 latest 8.0.53 End of life ended 2018-06-308.0.53 → 7 latest 7.0.109 End of life ended 2021-03-317.0.109 → 6 latest 6.0.53 End of life ended 2016-12-316.0.53 → 5 latest 5.5.36 End of life ended 2012-09-305.5.36 → See all upcoming end-of-life dates →

Frequently asked

Is Apache Tomcat safe and patched?

Apache Tomcat's security status could not be assessed at the last sync — vulnerability data was unavailable.

What should I do about Apache Tomcat now?

Upgrade Apache Tomcat to the latest supported release (11.0.22) or later and apply available security updates, then confirm against Apache's official advisory.

When does Apache Tomcat reach end-of-life?

The latest supported Apache Tomcat release is 11.0.22. After end-of-life a release no longer receives security patches.

Which versions of Apache Tomcat are still receiving security updates?

Supported Apache Tomcat release lines (latest 11.0.22): 11.0, 10.1, 9.0. End-of-life releases no longer receive security patches.

Latest security news for Apache Tomcat BETA

Attributed third-party reporting linked to Apache Tomcat — newest first. We surface and link the source; we don’t assert our own findings. About Emerging →

Reported SVD-2026-0516: Third-Party Package Updates in Splunk Add-on for Tomcat App - May 2026Splunk · 20 May 2026 · medium confidence

More across all tracked software on the Emerging feed →

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Apache's official advisory before you patch or upgrade — Apache Tomcat official site ↗