Default Tomcat version upgraded to 8.5.23

Change effective on 08 October 2017

Heroku’s support for Java now uses Apache Tomcat 8.5.23 as the default version when deploying WAR files with the Heroku Deploy CLI or Heroku Maven Plugin. This upgrade addresses CVE-2017-12617, which affects earlier versions of Tomcat.

To update your application to the latest version, please run heroku update and run the appropriate heroku war:deploy command to deploy your app. When deploying with Maven, update the heroku-maven-plugin to version “1.2.1” in your pom.xml and run mvn heroku:deploy-war.

If you require a version of Tomcat earlier than 8.5.x, you can specify Tomcat Webapp Runner version as per the documentation on WAR Deployment in the Dev Center. For more information, see the Dev Center article on Heroku’s support for Java.