Preloader image

Apache TomEE 9.1.1 has been released.

It is a maintenance release with some bug fixes and dependencies upgrades. The most notable change is dropping our own cxf-shade in favour of CXF 4.0.

It fixes the latest Tomcat vulnerabilities by back porting and patching Tomcat inside the TomEE build. This release still passes the EE9.1 TCK as well as the MicroProfile 5.0 TCK.

Dependency upgrade


  • TOMEE-4222 @LoginToContinue JSR-375 (JavaEE Security API) causes IllegalArgumentException

  • TOMEE-4225 Remove commons-net from TomEE distribution

  • TOMEE-4226 DataSource definition fails when @DataSourceDefinition doesn’t define url property


  • TOMEE-4031 Improve TomEE Jmx Mbean Support for Parameter Names

Fixed Common Vulnerabilities and Exposures (CVEs)