Secure drop-in replacements for Tomcat version 8.5
Apache Tomcat NES
Legacy Apache Tomcat versions still power mission-critical apps — but internal SLAs, CVE disclosures, and security audits don’t care.
Apache Tomcat Never-Ending Support (NES) keeps you compliant, secure, and audit-ready without an unplanned migration or risky patchwork.
Patch CVEs, Meet Internal SLAs, Pass Audits — in Minutes.
Talk to our Experts
Apache Tomcat NES
is a secure drop-in replacement for
Apache Tomcat
CVE Protection
0 Security Issues Fixed in
Apache Tomcat NES
(and always looking for more)
By purchasing HeroDevs’ Apache Tomcat Never-Ending Support, you ensure that your Apache Tomcat applications stay secure and mitigate these vulnerabilities. As more CVEs are discovered, you can rest easy knowing HeroDevs will fix them.
If you’re currently using Apache Tomcat in your application’s tech stack, your application is vulnerable to the CVEs listed below.
Switch to Apache Tomcat Never-Ending Support in minutes to immediately mitigate these vulnerabilities.
If you’re currently using Apache Tomcat in your application’s tech stack, your application is vulnerable to the CVEs listed below.
Switch to Apache Tomcat Never-Ending Support in minutes to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Apache Tomcat
Apache Tomcat
Remote Code Execution
>=9.0.0.M1 <9.0.98, >=10.1.0-M1 <10.1.34, >=11.0.0-M1 <11.0.2
May 28, 2025
Medium
Apache Tomcat
Apache Tomcat
Denial of Service
>=9.0.0.M1 <9.0.98, >=10.1.0-M1 <10.1.34, >=11.0.0-M1 <11.0.2
May 28, 2025
Medium
Apache Tomcat
Apache Tomcat
Information Exposure
>=9.0.92 <9.0.96, >=10.1.27 <10.1.31, >=11.0.0-M23 <11.0.0
May 28, 2025
Critical
Apache Tomcat
Apache Tomcat
Authorization Bypass
>=9.0.0.M1 <9.0.96, >=10.1.0-M1 <10.1.31, >=11.0.0-M1 <11.0.0
May 28, 2025
High
Apache Tomcat
Apache Tomcat
Remote Code Execution
>=9.0.0.M1 <9.0.98, >=10.1.0-M1 <10.1.34, >=11.0.0-M1 <11.0.2
May 28, 2025
High
Apache Tomcat
Apache Tomcat
Denial of Service
>=9.0.13 <9.0.90, >=10.1.0-M1 <10.1.25, >=11.0.0-M1 <11.0.0.M21
May 28, 2025
High
Apache Tomcat
Apache Tomcat
Denial of Service
>=9.0.0.M1 <9.0.90, >=10.1.0-M1 <10.1.25, >=11.0.0-M1 <11.0.0-M21
May 28, 2025
For more details on CVEs found in end-of-life software, visit our vulnerability directory.
Critical Challenges We Solve
Evolving Security Threats
Recent vulnerabilities can target servlet processing and can lead to remote code execution. NES delivers timely patches for these emerging threats that would otherwise remain unaddressed in end-of-life Tomcat versions.
Spring Dependencies
Spring Boot applications can be particularly vulnerable when running on outdated Tomcat versions, creating compound security risks. NES addresses vulnerabilities at the servlet container level, protecting your Spring applications from underlying threats.
Compliance Violations
Running unsupported software increasingly results in audit findings and regulatory penalties. NES helps maintain compliance with SOC 2, PCI DSS, HIPAA, and FedRAMP by providing ongoing security updates and documentation.
Custom Configuration Preservation
Years of tuning and customization make Tomcat migrations particularly risky. NES secures your existing implementation without requiring changes to your carefully crafted configurations.
Who Relies on Apache Tomcat NES
Financial Services
Maintaining secure banking platforms and payment processing systems
Healthcare Organizations
Ensuring HIPAA-compliant patient portals and claims systems
Government Agencies
Supporting mission-critical citizen service applications
Retail & E-commerce
Preserving stable inventory and order management systems
Manufacturing
Maintaining reliable supply chain and production applications
What is Never-Ending Support?
Security Fixes
A new version of Apache Tomcat NES will be released each time we find, validate, and fix a security issue.
Drop-In Compatibility
A direct replacement for your framework—no migrations, no rewrites, just ongoing support.
SLA Compliance
HeroDevs provides SLAs that ensure compliance by providing incident response and remediation in accordance with industry-standard regulations, including SOC 2, FedRAMP, PCI, and HIPAA.
Learn more.
Team of Experts
Apache Tomcat NES is built by dedicated senior-level Java and security engineers.
Easy to Install
Our simple drop-in replacement means all you have to do is update your Maven/Gradle files and rebuild your project. No code changes or find & replace required.
Intellectual Property Protection
Apache Tomcat NES is not only secure; HeroDevs also offers enterprise-level protection for all products.
Learn more.Why Choose HeroDevs for Apache Tomcat?
Apache Tomcat is integral to enterprises in e-commerce, finance, media, and more due to its scalability, lightweight design, and robust Java support. However, open vulnerabilities demonstrate the need for continuous security updates.
With HeroDevs' expertise in Java frameworks and security engineering, organizations can confidently deploy scalable, secure web applications without the operational burden of managing vulnerabilities. Additionally, HeroDevs helps businesses adhere to strict compliance requirements by ensuring that their software remains up-to-date with the latest security patches and meets regulatory standards like SOC 2, PCI DSS, HIPAA, and FedRAMP.
With HeroDevs' expertise in Java frameworks and security engineering, organizations can confidently deploy scalable, secure web applications without the operational burden of managing vulnerabilities. Additionally, HeroDevs helps businesses adhere to strict compliance requirements by ensuring that their software remains up-to-date with the latest security patches and meets regulatory standards like SOC 2, PCI DSS, HIPAA, and FedRAMP.
SUPPORT
Frequently Asked Questions
Below are common questions our customers have. Of course, we’re happy to meet with you and answer these and other questions you might have.
What happens if we do nothing now that our Tomcat version is end-of-life?
How are Spring applications affected by Tomcat vulnerabilities?
How does Apache Tomcat NES compare to upgrading to newer Tomcat versions?
Related Products
If you're leveraging this technology, chances are you're also using complementary systems that face similar end-of-life (EOL) challenges.
Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.
Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.
Related Blog Posts
.png)
.png)
.png)
Leaping over technology stacks in a single bound!
Defeat Your Technical Villains
Whether it's continuous support through our Never-Ending Support (NES) library or our unparalleled professional services to get you migrated and moving forward, HeroDevs is to the rescue!
Contact Us
Got questions about Never-Ending Support for your open-source library? We're here to help!
%201.svg){kind=small}
Discover how HeroDevs NES Products can keep your systems secure and compliant.
Learn how our solutions can deliver value to your organization.
Get detailed pricing information tailored to your needs.
Trusted by industry leaders such as
Talk to an Expert