search icon

How can we help you?

cross

close

Please type your search query, then press Enter or click the search button.

icon image
hamburger menu

Products

arrow down icon
Submit support request
DocumentationELS for ApplicationsApache Tomcat
sidebar hamburger menu

Apache Tomcat

TuxCare's Endless Lifecycle Support (ELS) for Apache Tomcat provides security patches, and selected bug fixes, that are integral to the stable operation of applications running on these versions of Apache Tomcat core components such as Coyote, Catalina, Jasper etc.. These components have either reached their end of standard support from vendors or have reached End of Life (EOL). Our ELS for Apache Tomcat service is designed to provide solutions for organizations that are not yet ready to migrate to newer versions and that are seeking long-term stability for their legacy Apache Tomcat applications.

Supported Versions

  • Apache Tomcat 9.0.75, 9.0.83, 8.5.100

Connection to ELS for Apache Tomcat Repository

This guide outlines the steps needed to integrate the TuxCare ELS for Apache Tomcat repository into your Java application. The repository provides trusted Java libraries that can be easily integrated into your Maven and Gradle projects.

Step 1: Get user credentials

You need username and password in order to use TuxCare ELS Apache Tomcat repository. Anonymous access is disabled. To receive username and password please contact sales@tuxcare.com.

Step 2: Configure Registry

  1. Navigate to the directory depending on your operating system.

    • Windows
    Maven: C:\Users\{username}\.m2
Gradle: C:\Users\{username}\.gradle
    • macOS
    Maven: /Users/{username}/.m2
Gradle: /Users/{username}/.gradle
    • Linux
    Maven: /home/{username}/.m2
Gradle: /home/{username}/.gradle

  2. Add the TuxCare repository and plugin repository to your build configuration.

    For Maven, you may choose any valid <id> value instead of tuxcare-tomcat-registry, but the same value must be used in both settings.xml and pom.xml.

    <?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0">
    <servers>
        <server>
          <id>tuxcare-tomcat-registry</id>
          <username>USERNAME</username>
          <password>PASSWORD</password>
        </server>
    </servers>
</settings>

Here USERNAME and PASSWORD are your credentials mentioned in the Step 1.

Step 3: Update Build Configuration

Add the TuxCare Apache Tomcat repository and plugins to your build configuration:

<repositories>
  <repository>
      <id>tuxcare-tomcat-registry</id>
      <url>https://nexus.repo.tuxcare.com/repository/els_tomcat/</url>
  </repository>
</repositories>
  • To fully switch from the official Apache Tomcat repository, replace it with the TuxCare repository.
  • To keep both, add TuxCare after the official one.

Example Maven and Gradle projects are available on GitHub. Remember to set the required environment variables.

Step 4: Update Dependencies

Replace the Apache Tomcat dependencies in your build file with the TuxCare-maintained versions to cover both direct and transitive dependencies.

<dependencies>
    <dependency>
        <groupId>org.apache.tomcat</groupId>
        <artifactId>tomcat-catalina</artifactId>
        <version>9.0.75-tuxcare.1</version>
    </dependency>
    <dependency>
        <groupId>org.apache.tomcat</groupId>
        <artifactId>tomcat-coyote</artifactId>
        <version>9.0.75-tuxcare.1</version>
    </dependency>
</dependencies>

You can find a specific artifact version in your TuxCare account on Nexus (anonymous access is restricted).

Step 5: Verify and Build

  1. To confirm the TuxCare Apache Tomcat repository is set up correctly, use your build tool to list the project's dependencies. It shows both direct and transitive dependencies in the classpath.

    mvn dependency:tree -Dverbose

  2. After reviewing the dependencies, include any library from the repository into your project and then run a build:

    mvn clean install

The build tool you're using should be able to identify and resolve dependencies from the TuxCare ELS for Apache Tomcat repository.

Conclusion

You've successfully integrated the TuxCare ELS for Apache Tomcat repository into your project. You can now benefit from the secure and vetted Apache Tomcat libraries it provides.

Vulnerability Exploitability eXchange (VEX)

VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives, helps prioritize real risks.

TuxCare provides VEX for Apache Tomcat ELS versions: security.tuxcare.com/vex/cyclonedx/els_lang_java/.

How to Upgrade to a Newer Version of TuxCare Packages

If you have already installed a package with a tuxcare.1 suffix and want to upgrade to a newer release (for example, tuxcare.3), you need to update version strings in your Maven or Gradle build file.

icon penEdit this page
Scroll up
2025. Cloud Linux Software Inc
×
Need help?
I'm a multilingual AI chatbot, trained to answer all your questions!