Apache Tomcat End of Life (EOL) Dates & Support Timeline
Complete end-of-life dates, support windows, and security status for all Apache Tomcat versions. Data sourced from endoflife.date and official vendor documentation. Updated at every deploy.
✓Apache Tomcat 11.0.23 is actively supported. Next EOL: version 9.0 on March 31, 2027.
📅 Get reminded before Apache Tomcat 9.0 reaches EOL on March 31, 2027 — alerts 90, 30 & 7 days out.
EOL Risk Score™ — proprietary methodology by endoflife.ai. Factors: EOL recency, attack surface breadth, CISA KEV catalog presence, extended support availability. Updated at every build. Methodology →
Release Cycle Timeline
■ EOL
■ Warning
■ Active
┊ Today
All Versions
Version
Latest Release
Release Date
EOL Date
Days
Status
5
5.5.36
Sep 6, 2003
Sep 30, 2012
5014 days past EOL
EOL
6
6.0.53
Oct 21, 2006
Dec 31, 2016
3461 days past EOL
EOL
7
7.0.109
Jan 10, 2013
Mar 31, 2021
1910 days past EOL
EOL
8.0
8.0.53
Jan 29, 2014
Jun 30, 2018
2915 days past EOL
EOL
8.5
8.5.100
Mar 17, 2016
Mar 31, 2024
814 days past EOL
EOL
9.0
9.0.119
Sep 27, 2017
Mar 31, 2027
281 days remaining
Active
10.0
10.0.27
Dec 3, 2020
Oct 31, 2022
1331 days past EOL
EOL
10.1
10.1.56
Sep 23, 2022
TBD
Supported
Active
11.0
11.0.23
Oct 3, 2024
TBD
Supported
Active
What does Apache Tomcat end of life mean for your organization?
When a version of Apache Tomcat reaches end of life, the maintainers stop issuing security patches. Vulnerabilities discovered after this date are publicly disclosed on the National Vulnerability Database, exploit code appears on GitHub, and your systems remain permanently exposed.
The CVE blind spot: Most vulnerability scanners check for known CVEs but do not flag the accumulation of unpatched vulnerabilities in EOL software. With a zero-day, nobody knows about the vulnerability. With EOL software, the vulnerability is public — listed, rated, and often weaponized — but no patch will ever exist. This is the most dangerous gap in enterprise security posture.
Organizations running EOL Apache Tomcat should treat it as a vulnerability class in their risk register, apply compensating controls (network segmentation, enhanced monitoring, access restriction), and prioritize migration to a supported version.
Extended Support Options
If you cannot migrate immediately, extended support vendors provide continued security patches for EOL Apache Tomcat versions. This is a bridge, not a permanent solution — plan your migration in parallel.
endoflife.ai
Need Extended Support?
We work with vetted extended support vendors. Tell us what you need and we'll connect you with the right provider.
The next Apache Tomcat version reaching EOL is 9.0 on March 31, 2027. See the full table above for all version EOL dates.
When is the Apache Tomcat support end date?
The next Apache Tomcat support end date is March 31, 2027, when version 9.0 reaches end of support. Each version has its own support end date — see the table above for every version's date.
What is the latest supported version of Apache Tomcat?
The latest active version of Apache Tomcat is 11.0.23. Always verify against the table above as support windows can change.
What happens when Apache Tomcat reaches end of life?
When Apache Tomcat reaches end of life, the vendor stops issuing security patches. Any CVEs disclosed after the EOL date accumulate indefinitely with no patch path — creating an ever-growing attack surface that most vulnerability scanners do not flag.
How do I check if I'm running an EOL version of Apache Tomcat?
Check your current version against the table above. If your version's EOL date has passed, you are running unsupported software. You can also use the endoflife.ai Stack Scanner to check your entire dependency file at once.
Is there extended support available for EOL Apache Tomcat versions?
Some vendors offer extended support for EOL software. Contact the original vendor or check with enterprise support providers for options.