Hello Sebastian, The Apache Tomcat version we are on (9.0.16) shows as having Critical CVE's. Back when our vendor was communicating with us, I notified him and he said that we could go to Tomcat 10. He sent me instructions to download and install Tomcat 10.1.8, Java 11, Firebird 3, and the latest version of his program. He was going to do all of the conversion.
So I have no need to be on Tomcat 10 if 9.0.115 will work. I will try your suggestions below of installing to match the existing server, test it, then install Tomcat 9.0.115. Thanks and I will reply back once I am at that point. Bill -----Original Message----- From: Sebastian Trost via users <[email protected]> Sent: Monday, March 2, 2026 1:16 PM To: [email protected] Cc: Sebastian Trost <[email protected]> Subject: Re: Apache Tomcat 10 Issue (Sorry for the previous empty mail) On 2/27/26 15:49, Short, William J. wrote: > Moving it to a new Windows Server and upgrading because of vulnerabilities in > Apache Tomcat 9.0.16. > > Java 8 to Microsoft JDK with Hotspot 11.0.23+9 > > Apache Tomcat 9.0.16 to 10.1.8 > Bill, why are you moving to Tomcat 10 when Tomcat 9 isn't end of life yet? Did the vendor recommend Tomcat 10 with their application? My advice would be to only change one thing at a time and then test it. In your case: 1. Move your old working software stack to the new machine (old java, old tomcat, old everything) -> test it 2. Create a second tomcat 9 (download the latest one) directory next to the old working one, stop the old tomcat and copy everything from old-tomcat9/webapps to new-tomcat9/webapps. Also, check if any other file is present in the old tomcat (you already mentioned you a files.xml, etc). Also copy these files to the new tomcat directory. Maybe even check contents of files, they may have been changed in the old tomcat directory. Test it! 3. Update to java 11. Test it! And so on. Sebastian --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast, a leader in email security and cyber resilience. Mimecast integrates email defenses with brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast helps protect large and small organizations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world. To find out more, visit our website.
