TomcatExpert

Java 6 End of Life Impact for Apache Tomcat Users

posted by mthomas on January 30, 2013 09:08 AM

There has been some discussion on various forums and mailing lists about the End of Life for Java 6 and what it means for Apache Tomcat users. In response to these questions, we have put together this article that aims to summarize the key questions and give you some of the background and answers you need to plan how to best handle this transition in your deployments.

Here is a quick summary: If you want to run a supported version of Java—one with updates for bugs and security issues—then you will need to upgrade to Java 7. If this isn’t an option, you will have to purchase some form of support contract. Generally, upgrading to Java 7 will be the better long term option but the right decision for your business will depend on your circumstances.

What about Tomcat and Java—where are the risks?

For every Tomcat release, the formal build and testing is performed on the latest release of the minimum Java version required by the relevant specification. That means that the Tomcat 6 releases are built and tested with the latest Java 5 update and that the Tomcat 7 releases are built with the latest Java 6 update. There are also several continuous integration systems building and testing Tomcat with a variety of Java versions as well as all the local testing that the committers perform. In addition to all of this testing, the Apache Software Foundation (ASF) runs a number of services on Apache Tomcat—again using a variety of Java versions including the ASF Jira instance that runs on Java 7 and Tomcat 7. While I can recall several issues with running Tomcat on older, unsupported Java versions, I cannot recall a single reported problem that was traced to running Tomcat on a newer version of Java. Running Tomcat 6 or Tomcat 7 on Java 7 is very low risk.

For systems currently running reliably on Java 6 there is no immediate risk. The most likely thing to increase the risk of continuing to run on Java 6 is a security vulnerability. Not all Java security vulnerabilities impact server-side Java. The chances of being impacted by a Java security vulnerability are greater if the security manager is used as a number of vulnerabilities are related to ways to bypass the security manager. If a security vulnerability is announced in Java 6 that impacts your Tomcat deployment after Java 6 EOL has passed then upgrading to a new Java 6 release will not be an option unless you have purchased a support contract. It is likely to be lower risk to start the process of upgrading to Java 7 now rather than having to react at short notice to a vulnerability announcement.

Since the Java 5 EOL, there has been at least one case where a Java bug was identified that affected Apache Tomcat and, because of Java 5 had reached EOL, the bug was not fixed in Java 5. Rather than provide a workaround for this bug, the Tomcat developer community required users affected by this bug to upgrade to a newer Java version where the bug had already been fixed. The decision to provide a workaround or not depends on many factors including the severity of the bug, the number of users affected and the invasiveness of implementing the work-around. While there are no known issues with Tomcat and Java 6 at the moment, it is certainly possible that an issue may arise in the future and that the Tomcat developer community opts to require an upgrade to Java 7 to resolve the issue.

So, knowing that if you are on an unsupported version of Java and that there are circumstances that could occur that where you would be forced to take action to upgrade to Java 7, it’s better to plan an upgrade sooner than later. However, you are probably ok in the short term.

Will any support for Java 6 and Tomcat be expected?

Supported versions of Tomcat (currently 6.0.x and 7.0.x) are supported by the Tomcat community running on any Java version that version of Tomcat is designed for so Tomcat 6 is supported on Java 5 and higher and Tomcat 7 is supported on Java 6 and higher.

Should you encounter an issue where the root cause is a Java bug then, as described above, the Tomcat community may provide a workaround for the bug in Tomcat. If the Tomcat community elects not to provide a workaround then, in addition to upgrading to a newer version of Java, there is the option of purchasing support for your older version of Java and obtaining a fix from you JRE vendor. There is also the option to pay for commercial support for Tomcat from vendors like VMware. VMware recently announced that it will continue to provide commercial support for Java 6 for Apache Tomcat and its tc Server distribution. This does not mean that VMware will address fixes in Java 6 itself, but it will provide workarounds for Tomcat and tc Server.

How are Java upgrades going?

Experience to date is that upgrading to Java 7 is a smooth and painless process. In theory, web applications written using Java 6 should run the exact same way on Java 6 or 7. One thing to watch out for is to make sure you do not compile your application using a newer version of Java than is used by the application server. However, if an application directly accesses the internal classes of the JRE (e.g. something from the sun.* packages) then a Java upgrade may be more difficult and require changes to the application. If you are just using the standard public Java API, you should be fine. Of course, you should test your application on Java 7 before upgrading the live deployment.

How does Tomcat’s Versions and Upgrades work?

Two years ago, we published a post discussing the beginning of work on Tomcat 8. In it, we explained how the Tomcat community approaches support for versions. In short, at any time the Tomcat community supports 3 major version of Tomcat. Tomcat 8 is well under development and should be released later this year. As such, the community is actively working on just Tomcat 6, 7 and 8 right now.

The change in support is intentionally not a quick transition, as we try to give users adequate time to upgrade. Only once Tomcat 8 began active work did the community announce the End of Life for Tomcat 5.5, giving users at least 12 months to prepare for phasing out support. Support for Tomcat 5.5 was discontinued last fall, and finally removed from the website entirely in January of this year, nearly 16 months after the initial announcement. Documentation is still there and available from Apache archives. However, if a user reports a bug in Tomcat 5, we will suggest an upgrade to Tomcat 6 and look at the bug there. Tomcat 5 bugs are not going to be fixed from this point forward.

When will Tomcat 6 End of Life?

In trying to figure out how much longer Tomcat 6 will be supported, it is important to recognize that major versions of Tomcat are tied to major versions of the Java EE specification. Tomcat 8 is being developed and should be released later this year after Java EE 7 is finalized. Tomcat 9 will be aligned with Java EE 8 and that is a number of years away. Since the community supports 3 versions at any time, Tomcat 6 will continue to be supported until Tomcat 9 becomes active, so we should expect at least another two to three years of active support and development on Tomcat 6.

Upgrading Tomcat

For anyone upgrading Tomcat, there are various tools and migration documents on the Apache website including a list of the significant changes by major version. We highly recommend that you always start with a clean install and apply configuration changes you need. Don’t try to use earlier configuration files—they might work, but we also change, add, and remove default settings at times. So, it’s best to start with a clean install.

The general rule is—if something works on Tomcat 6, it should work on Tomcat 7. The only change I think you might see is in the additional scanning of web applications required by Servlet 3.0 that can lead to longer start times. To avoid this you need to do things. First add metadata-complete=true to your application’s main web.xml file and also add an empty absolute ordering element (i.e. < absolute-ordering >).

Other than that, an upgrade problem is either due to a Tomcat bug (unlikely) or a dependency on a Tomcat interface that has changed. These are all covered in detail in the migration guide. For example, if you have a custom realm or context, you would want to look at the guide. If you have an application written to the Servlet/JSP/EL specifications, it should just work.

Mark Thomas is a Senior Software Engineer for the SpringSource Division of VMware, Inc. (NYSE: VMW). Mark has been using and developing Tomcat for over six years. He first got involved in the development of Tomcat when he needed better control over the SSL configuration than was available at the time. After fixing that first bug, he started working his way through the remaining Tomcat bugs and is still going. Along the way Mark has become a Tomcat committer and PMC member, volunteered to be the Tomcat 4 & 7 release manager, created the Tomcat security pages, become a member of the ASF and joined the Apache Security Committee. He also helps maintain the ASF's Bugzilla instances. Mark has a MEng in Electronic and Electrical Engineering from the University of Birmingham, United Kingdom.

Comments

Since the Java 5 EOL, there

Since the Java 5 EOL, there has been at least one case where a Java bug was identified that affected Apache Tomcat and, because of Java 5 had reached EOL, the bug was not fixed in Java 5. Rather than provide a workaround for this bug, the Tomcat developer community required users affected by this bug to upgrade to a newer Java version where the bug had already been fixed. http://www.domainbuyingselling.com/

Make the most of mainly

Make the most of mainly premium substances - you will find him or her for: The Woman Men Adore Review

I also wrote an article on a

I also wrote an article on a similar subject will find it at write what you think. The Psystrology Method

Make the most of mainly

Make the most of mainly premium substances - you will find him or her for: Signs it is Time to end a Relationship

I invite you to the page

I invite you to the page where you can read with interesting information on similar topics. Obsession Phrases

sl786982

I have not weighed in here for quite a while since I thought it was getting exhausting, however the last few posts are awesome quality so I figure Entradas olimpiadas 2016

sl786982

It is fine, nonetheless

It is fine, nonetheless evaluate the information and facts around this correct. seguridadcomercios

In this case you will begin

In this case you will begin it is important, it again produces a web site a strong significant internet site: Obsession Phrases

Actually I read it yesterday

Actually I read it yesterday but I had some thoughts about it and today I wanted to read it again because it is very well written. Day Trader Salary

sl786982

it was a wonderful chance to visit this kind of site and I am happy to know. thank you so much for giving us a chance to have this opportunity.. michael spencer gilroy

sl786982

Since the Coffee 5 EOL, there

Since the Coffee 5 EOL, there has been at least one situation where a Coffee bug was recognized that impacted Apache Tomcat and, because of Coffee 5 had acquired EOL directory, the bug was not set in Coffee 5. Rather than offer a workaround for this bug, the Tomcat designer group needed customers struggling from this bug to update to a more newest Coffee edition where the bug had already been set.

The thought of contesting a

The thought of contesting a long judge fight may seem challenging but many mesothelioma attorneys are able to barter compensation out of judge making sure that your family members are not experienced with devastating expenses and failures due to your sickness the advantage.

Wedding photographers in Hyderabad

So, knowing that if you are on an unsupported version of Java and that there are circumstances that could occur that where you would be forced to take action to upgrade to Java 7, it’s better to plan an upgrade sooner than later. However, you are probably ok in the short term.
Wedding photographers in Hyderabad

Commercial Coffee Makers

new Java 6 release will not be an option unless you have purchased a support contract. It is likely to be lower risk to start the process of upgrading to Java 7 now rather than having to react at short notice to a vulnerability announcement.
Commercial Coffee Makers

new Java 6 release will not

new Java 6 release will not be a option unless you have developed support contract. It is likely to be decreased risk to begin the process of enhancing to Java 7 now rather than having to react at brief notice to a weeknesses declaration discover this info here.

Wines need a specific heat

Wines need a specific heat range to be held in. Bottles of wine also flavor better with age and so if you buy costly containers then you need to ensure that they are held in the heat range conditions most suitable to them Look At This .

If you are having today's,

If you are having today's, stylish wedding, vintage-looking therapies on the images are going to conflict with that riviera maya photographer !

jackson

subscribers youtube
May possibly fairly recently up and running an important web log, the data one offer you on this web site contains given a hand to all of us substantially. Bless you designed for your current precious time & get the job done.
youtube auto comment

i agree

designing was never so easy like here. I am really happy with your concept. I mostly use PHP for designing.but now thinking this way also now.
make assignment writing fun

You have made some good

You have made some good points there. I checked on the web to find out more about the issue and found most people will go along with your views on this website.
Mortgage Broker Calgary

All of these add shade, and

All of these add shade, and detail to your audio. As we mentioned previously, it is essential to keep these alerts as real as possible on their way to your firm Look At This.

GAME HACK

hungry shark evolution cheat You should mainly superior together with well-performing material, which means that see it: cheat clash of clans android

Very nice post. I just bookmark your blog

Very nice post. I just bookmark your blog and want to says that I have truly enjoyed surfing your weblog posts. Thanks obat herbal hiv
obat ginjal bocor pada anak
obat jantung bengkak alami

nice post

Mark Really You are genius.
Nice think.Great Post.Thanks for sharing this meaningful information.
Austin MLS search

i agree

May possibly fairly recently up and running an important web log, the data one offer you on this web site contains given a hand to all of us substantially. Bless you designed for your current precious time & get the job done.
write my essay

I am very happy to read this

I am very happy to read this article .. thanks for giving us go through info.Fantastic nice. I appreciate this post. text your ex back review

oh Thanks you it is really

oh Thanks you it is really beneficial i got this issue once and i had to hit my head to fix it and lastly i could view the issue regards the country info is information about the country that are fantastic and awesome and interesting weblink.

download game

Game Network was a European online game and television network company. It was initially owned by Digital Bros. group, but was later sold to Cellcast Group. Game Network was, during its broadcast, the only television channel in Europe dedicated to covering multimedia entertainment, and generally focused on video games.

Play GTA Vice City Online
Play GTA San Andreas Online
Jugar Vice City
Jugar San Andreas
pes 2007 download
pes 2010 pc
Telecharger Minecraft Gratuit
Telecharger Subway Surfers Gratuit
Telecharger FIFA 12 PC
Telecharger IDM Gratuit
I am very happy to read this article .. thanks for giving us go through info.Fantastic nice. I appreciate this post.

I recently came across your

I recently came across your article and have been reading along. I want to express my admiration of your writing skill and ability to make readers read from the beginning to the end. I would like to read newer posts and to share my thoughts with you. Diabetes Destroyer

I lately came across your

I lately came across your content and have been learning along BottleFairyDVD. I want to show my appreciation of your capability as a copywriter and capability to build up visitors research the beginning to the end. I would like to evaluate more recent content and to discuss my ideas with you.

I lately came across your

I lately came across your content and have been studying along click site. I want to convey my appreciation of your composing expertise and capability to create visitors study from the starting to the end. I would like to study more recent content and to discuss my ideas with you.

I lately came across your

I lately came across your content and have been studying along sell. I want to convey my appreciation of your composing expertise and capability to create visitors study from the starting to the end. I would like to study more recent content and to discuss my ideas with you.

Cool you inscribe, the info

Cool you inscribe, the info is really salubrious further fascinating, I'll give you a connect to my scene. computer classes in houston

It is somewhat fantastic, and

It is somewhat fantastic, and yet check out the advice at this treat. houston bakery

First You got a great blog .I

First You got a great blog .I will be interested in more similar topics. i see you got really very useful topics, i will be always checking your blog thanks. Rocket Spanish

Actually I read it yesterday

Actually I read it yesterday but I had some thoughts about it and today I wanted to read it again because it is very well written. Language of Desire

It's superior, however ,

It's superior, however , check out material at the street address. What Men Secretly Want

I can give you the address

I can give you the address Here you will learn how to do it correctly. Read and write something good. The Instant Switch

I have a similar interest

I have a similar interest this is my page read everything carefully and let me know what you think. Talk To His Heart Review

I propose merely very good

I propose merely very good along with reputable data, consequently visualize it: The Woman Men Adore and Never Leave

Amazing, this is great as you

Amazing, this is great as you want to learn more, I invite to This is my page. Ex Factor Guide Review

In this particular article,

In this particular article, you will see a summary, satisfy browse this post. The Red Smoothie Detox Factor Review

It is somewhat fantastic, and

It is somewhat fantastic, and yet check out the advice at this treat. Wrap Him Around Your Finger Review

It is rather very good,

It is rather very good, nevertheless glance at the data with this handle. Language of lust review

I should say only that its

I should say only that its awesome! The blog is informational and always produce amazing things. The Respect Principle

This is very significant, and

This is very significant, and yet necessary towards just click this unique backlink: Law of Devotion Review

I would recommend my profile

I would recommend my profile is important to me, I invite you to discuss this topic. film cameras

oh thanak you it is really

oh thanak you it is really helpful i got this problem once and i had to bang my head to solve it and finally i could understand the problem regards spain facts are facts about spain that are really cool and amazing and interesting

A lot of your time and

A lot of your time and attempt and attempt I work out a web page advanced-writers, Hopefully that I wo n't be unsuccessful by it around that one. In the end, Yes, it had been my choice to see through at Google, nevertheless I truly considered you'd have anything useful displaying. All I observe is just a several of moaning about anything you are able to fix should you were not too nonproductive trying to figure out attention.

The very next time I read a

The very next time I read a blog, I hope that it won't fail me as much as this one. After all, Yes, it was my choice to read through, however I genuinely thought you would have something helpful to say. All I hear is a bunch of moaning about something you can fix if you weren't too busy searching for attention.
Edmonton Mortgage Broker
Life Insurance Vancouver
Life Insurance Calgary

Post new comment

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.