I do not work for Rocket Software so this is just my personal opinion which is to advise customers to apply updates according to their own policies, especially for security purposes. The most important guideline is to remain on the same major version branch. 

Upgrading within the same Tomcat 10.1.x branch (for example, moving from 10.1.30 to 10.1.43) is considered a minor upgrade, and per Apache's own documentation, is expected to be compatible and generally straightforward 

Occasionally, a minor release may deprecate or change behaviour related to specific RFC implementations that your application relies on. In such cases, workarounds are typically possible such as temporarily restoring support for those legacy RFCs, while you update the application code. These situations are rare and usually well documented in the patch release notes. In the worst case you could rollback the Tomcat version which is simple.  

However, moving from Tomcat 9 to Tomcat 10 (for example) represents a major upgrade, which typically requires planning, testing, and possibly application changes, so that is a no-go.

I apply similar approach to Java too. In some cases you might find you must also upgrade Java to comply with newer Tomcat releases.

In an  ideal world , your customer would have a test system and apply and verify changes there before applying to production.

Hi Iain,

Tomcat is bundled with Uniface to provide an out-of-the-box development experience; however, we do not endorse or require any specific Tomcat version. Rather than supporting individual Tomcat releases, we align with specific versions of the Java Servlet API:

• WRD U7.0 supports Servlet API 6.0
• WRD U6.4 supports Servlet API 3.0

As long as the web server complies with the relevant Servlet API version, it can be used with Uniface.

Web Request Dispatcher (WRD)

Kind regards,
Mike