Hi, This morning we apply the security patch on our debian 7 servers, and ALL our tomcat7 crash !
Exactly the same problem, the patch overwrite the owner of ALL /etc/tomcat7 file, includind jmxremote.password to root:tomcat7. I see in the bug that you should have change this configuration. Here is the aptitude historly.log for this morning : Start-Date: 2016-06-27 06:35:57 Upgrade: libtomcat7-java:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), tomcat7-common:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), tomcat7:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), java-common:amd64 (0.47+deb7u1, 0.47+deb7u2), tomcat7-admin:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), libservlet3.0-java:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), tomcat7-docs:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), tomcat7-user:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5) End-Date: 2016-06-27 06:36:07 Repair actions : Start-Date: 2016-06-27 06:35:57 Upgrade: libtomcat7-java:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), tomcat7-common:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), tomcat7:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), java-common:amd64 (0.47+deb7u1, 0.47+deb7u2), tomcat7-admin:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), libservlet3.0-java:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), tomcat7-docs:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5), tomcat7-user:amd64 (7.0.28-4+deb7u4, 7.0.28-4+deb7u5) End-Date: 2016-06-27 06:36:07 Please take this problem quickly, now i'm forced to stop all future security patch and remove unattended-upgrade. Ask if need more info or tests. David
