we are upgrading our application from tomcat 9.0.22 to 9.0.43 version. but we are struggling with session leakage issue on tomcat 9.0.43. we have same configuration for JDBC connection but no idea why database sessions not releasing on tomcat 9.0.43. but application works fine on 9.0.22 version. kindly help upgradation must required as there is vulnerability find by InfoSec. below is configuration for JDBC connection. application hosted on windows server 2019 and SQL standard edition
<Resource name="jdbc/abcDb"
auth="Container"
type="javax.sql.DataSource"
driverClassName="net.sourceforge.jtds.jdbc.Driver"
url="jdbc:jtds:sqlserver://10.xxx.xxx.xx:1433/Prod"
username="xxxx"
password="XXXXXXXXX"
maxWaitMillis="40000"
maxTotal="1000"
maxIdle="233"
minIdle="89"
timeBetweenEvictionRunsMillis="68000"
minEvictableIdleTimeMillis="110000"
validationQuery="SELECT 1"
testWhileIdle="true"
testOnReturn="true"
testOnBorrow="false"
removeAbandonedOnBorrow="true"
removeAbandonedOnMaintenance ="true"
logAbandoned="false"
removeAbandonedTimeout="55" />
