Tomcat 7 upgrades open source Java middleware for security

From the ‘Time to Update‘ files:

Apache may no longer be a part of the Java Community Process, but that’s not slowing down development on the Apache Tomcat Java Server.

Tomcat 7.0.11 was recently released as a security update for 7.0.10. The Tomcat 7.0.10 update itself was mostly a bugfix and security update for Tomcat 7.0.8.

So why does that matter?

It matters because all this bug and security fix activity means that Tomcat 7 is settling into becoming a very stable Java server.

The first Tomcat 7 release debuted in July of 2010 after four years of development. At the time, Tomcat 7 was first released, it wasn’t considered ‘stable’ as there were still some known bugs. Additionally Tomcat is intended to be run in production environments, making the need for stability even more critical.

Back when Tomcat 7 was first released, Mark Thomas, a member of Apache Tomcat’s project management committee,  told me that major Tomcat releases typically take 6 to 12 months to reach stability.

While I’m not sure that Tomcat 7.0.10 is 100 percent stable at this point, it is clear to me that the pace of incremental fixes is solid. As such, Tomcat 7 is well on the path to being stable – if it isn’t already.

I personally haven’t seen many organizations move to Tomcat 7 quite yet, but I suspect as hardware gets refreshed in the next couple of years and as new virtual Tomcat servers need to get deployed – Tomcat 7 will likely get the call over the older 5.5 and 6.x branches.