Preloader image

Apache TomEE 9.0.0 has been released.

We are very proud to release Apache TomEE 9.0.0 It’s been almost a year since we certified TomEE using a bytecode enhancement approach. Even though it worked, it introduced a lot of restrictions especially with tooling such as IDE, Arquillian, Embedded container, etc.

Thus, we started migrating the entire TomEE codebase to the new jakarta namespace and 9.0.0 is the result of this work.

We fully pass the entire TCK for the Jakarta EE 9.1 Web Profile and - as a cherry on the cake - we decided to address a long time request to support a newer version of MicroProfil. Thus, we are pleased to announce that TomEE 9.0.0 is fully MicroProfile 5.0 compliant.

In addition, we fixed a couple of bugs and did some dependency upgrades.

Thank you to everyone who contributed to this release, including all of our users and the people who submitted bug reports, contributed code or documentation enhancements.

Dependency upgrade

New Feature


  • TOMEE-4065 LoginToContinue interceptor fails on custom auth mechanism

  • TOMEE-4119 TomEEJsonbProvider triggered for / mime types

  • TOMEE-4135 Unable to see TomEE version in Tomcat home page with Java 17

  • TOMEE-4117 MicroProfile OpenAPI not generating model


  • TOMEE-4124 Remove timing of timing just for logging

  • TOMEE-4080 Improved Logging for Public and Private Key resolution


  • TOMEE-4104 Documentation Website: XA DataSource Configuration: Bug in MySQL Sample Code

  • TOMEE-3733 TCK Results page for website


Fixed Common Vulnerabilities and Exposures (CVEs)

  • TOMEE-4125 Update Apache CXF versions to mitigate CVE-2022-46364 and CVE-2022-46363

  • TOMEE-4103 Update woodstox-core to mitigate CVE-2022-40153

  • TOMEE-4111 Upgrade bcel component in TomEE