Apache Tomcat · Vulnerability Disclosure

Tomcat Vulnerability Disclosure

Vulnerability disclosure

Apache Tomcat publishes a vulnerability disclosure policy for reporting security issues. A machine-readable /.well-known/security.txt is served. A dedicated security contact is published.

Application ServerJavaServlet ContainerWeb ServerOpen SourceApache
Program: security.txt present

Disclosure Policy

Security Contact

Contact
https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_with_Apache_Tomcat
Contact
security@tomcat.apache.org

Source

Vulnerability Disclosure

Raw ↑
generated: '2026-07-11'
method: searched
probe: true
source: https://tomcat.apache.org/.well-known/security.txt
contact:
- https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_with_Apache_Tomcat
- security@tomcat.apache.org
evidence:
- source: https://tomcat.apache.org/.well-known/security.txt
  kind: security.txt (live probe)