Preloader image

Apache TomEE 8.0.9 has been released. It contains several bug fixes, enhancements and dependency upgrades. Notably, Apache TomEE 8.0.9 can now be run with Java 17.

In addition, it provides an upgrade of Geronimo Java Mail, which now allows configuring TLS/SSL protocol version as well as TLS/SSL ciphers for a given mail session.

Thank you to everyone who contributed to this release, including all of our users and the people who submitted bug reports, contributed code or documentation changes in this release.

Dependency upgrade


  • TOMEE-3791 Ajax JSF not provided in 8.0.8 builds

  • TOMEE-3792 Missing Public key in KEYS for Tomee

  • TOMEE-3794 javaVersion() in org.apache.openejb.arquillian.common.Setup breaks for version strings with length lower than 3

  • TOMEE-3795 Proxy class definition does not work in Java 17+

  • TOMEE-3796 myfaces-api-2.3.9.jar is modified.

  • TOMEE-3803 RES_NOT_FOUND in Plume 8.0.8 JSF 2.3

  • TOMEE-3818 Double url-decode of form parameters


  • TOMEE-3805 Website improvements - Release notes & CVEs

  • TOMEE-3000 Run BOM Generation in every build



  • TOMEE-3596 Update example 'injection-of-connectionfactory' to use Server/API Bom

  • TOMEE-3652 Update example 'quartz-app' to use Server/API Bom

  • TOMEE-3682 Update example 'simple-mdb-and-cdi' to use Server/API Bom

  • TOMEE-3683 Update example 'simple-mdb-with-descriptor' to use Server/API Bom

  • TOMEE-3684 Update example 'simple-mdb' to use Server/API Bom

Fixed Common Vulnerabilities and Exposures (CVEs)

  • TOMEE-3798 TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability