Default Tomcat version upgraded to 8.5.23
Change effective on 08 October 2017
Heroku’s support for Java now uses Apache Tomcat 8.5.23 as the default version when deploying WAR files with the Heroku Deploy CLI or Heroku Maven Plugin. This upgrade addresses CVE-2017-12617, which affects earlier versions of Tomcat.
To update your application to the latest version, please run heroku update
and run the appropriate heroku war:deploy
command to deploy your app. When deploying with Maven, update the heroku-maven-plugin
to version “1.2.1” in your pom.xml
and run mvn heroku:deploy-war
.
If you require a version of Tomcat earlier than 8.5.x, you can specify Tomcat Webapp Runner version 8.0.47.0 as per the documentation on WAR Deployment in the Dev Center. For more information, see the Dev Center article on Heroku’s support for Java.