top button
Flag Notify
    Connect to us
      Facebook Login
      Site Registration Why to Join

Facebook Login
Site Registration
Print Preview

Tomcat binary distribution - how to upgrade?

0 votes
24 views

I'm fairly new to tomcat. We have a SLES 10 SP4 64bit host, running Tomcat 5.5, which was provided as a rpm from the distributor. Our developers need now a more current version, 6 or prefered 7.
I didn't find rpm's for these versions for my OS. So i have to install the binary version from the tomcat web page.

I read that patches concerning security vulnerabilities are not provided for the binary version.
My question: what do i have to do if i read that version x.x has a security vulnerability which is closed by version x.y ?
Just install the new version over the old one ? Uninstalling the old one before ? What is about my webapps ? Are they gone with the installation of the new version ?

posted Jun 20, 2013 by anonymous

Share this question
Facebook Share Button Twitter Share Button Google+ Share Button LinkedIn Share Button Multiple Social Share Button

2 Answers

+1 vote

I think, that the best solution is to 'install' Tomcat manually from binaries available on Tomcat project.
I do not use repositories on my CentOS/Debian machines, because Tomcat versions available there are a bit outdated (I need 7.X while in official repos you will not find such).
In addition, read this before upgrade: http://tomcat.apache.org/migration.html .

answer Jun 20, 2013 by anonymous
+1 vote

As a side note: general support for SLES10 ends with july 2013. If you don't want to buy extended support you should switch to SLES11 as soon as possible. This includes tomcat6 instead of tomcat5. SUSE uses version 6.0.18 but backports security patches.

Though I would still recommend the official tomcat binaries from the apache website. It's much easier to support a well known state that your developers can also install on their workstation.

answer Jun 20, 2013 by anonymous
Similar Questions
0 votes

I am just trying upgrade tomcat 7 to latest GA 8 for my application, I am seeing quite lots of change in web dav functionality.

The org.apache.naming.resources.ProxyDirContext do not exists do anybody know where I can find the alternative? in the past we got use resource to lookup something but now is not this one, can anybody know any doc?

0 votes

If one servlet fails to initialize, meaning that ServletContextListener.contextInitialized() throws exception, then Tomcat still starts (but without the servlet).
I found out that if servlet calls System.exit(1), then Tomcat dies. Is this the only way to make this happen?

This does not work:
- Dorg.apache.catalina.startup.EXIT_ON_INIT_FAILURE=true

+2 votes

I am looking for a way to add the X-XSS-Protection header (*) to the response from Tomcat.

I am currently using the Tomcat's HttpHeaderSecurityFilter that allows to setup other useful security related headers but it doesn't seem to support the X-XSS-Protection header (**).

Do you think that HttpHeaderSecurityFilter should be enhanced to support this (I could provide a patch for this)? Is there another way?


Useful Links with Similar Problem
Contact Us
+91 9880187415
sales@queryhome.net
support@queryhome.net
#470/147, 3rd Floor, 5th Main,
HSR Layout Sector 7,
Bangalore - 560102,
Karnataka INDIA.
QUERY HOME
...