On 12/06/2024 10:54, Madhu Mitha (EXT-Nokia) wrote:
Hi,
I'm currently using Apache Tomcat 9.0.86, in my component(JOMA) that runs in
RHEL 8.6.
Customer has triggered security scan and found servlet-api.jar has reached EOL
in 2018 and the recommendation is to migrate to Jakarta-servelet-api.jar.
You need to get a better security scanner. That statement is nonsense
for Tomcat 9. The servlet-api.jar provided with Tomcat 9.0.x is
currently supported and will continue to be supported for as long as
Tomcat 9.0.x is supported.
So, when can we expect the changes from Tomcat. Unless or until you change
this, I cannot deploy in my component.
If you had bothered to do even a minimal amount of research you would
know that Tomcat 10.x is already available (and has been for over 3.5
years) with Jakarta EE support.
Please reply with the timeline on the availability of this, or any alternate
way to mitigate this.
See above.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org