Hi Akila,

Instead of uplifting the webapp.mgt.feature version, you might be able to
use security patch WSO2-CARBON-PATCH-4.2.0-1262 from [1
<http://wso2.com/products/identity-server/#Security-Patches>]
which upgrades embedded tomcat version from 7.0.34 to 7.0.55.

[1] http://wso2.com/products/identity-server/#Security-Patches

Thanks,

On Tue, Aug 18, 2015 at 9:22 AM, Akila Ravihansa Perera <raviha...@wso2.com>
wrote:

> Hi,
>
> I've been working on applying Carbon kernel patches up to patch0011 to
> Stratos. These kernel patches provides various bug fixes and security fixes
> for Carbon which is the underlying platform of Stratos. While testing with
> the patches I observed that webapp mgt features are broken after patch0010.
> This is because patch0010 contains a upgraded Tomcat version (embedded
> Tomcat for Carbon) which was released to fix a security vulnerability [1].
> This newer Tomcat version contains some API changes, hence webapp mgt ver.
> 4.2.2 feature currently installed in Stratos is not compatible with kernel
> patch0010.
>
> The fix would be to uplift webapp mgt feature to ver. 4.2.3 which I have
> already done and tested basic functionality in REST API and console app.
> But we will have to do extensive testing of Carbon UI and other webapps
> (api, metadata, console, mockiaas, oauth2) before we release it. I've all
> the changes done in my fork and ready to be pushed to master. Are we going
> with this for next patch release? What are your thoughts?
>
> Changes made to p2 profile:
>  - uplifted org.wso2.carbon.webapp.mgt.feature to 4.2.3
>  - uplifted org.wso2.carbon.logging.mgt.feature.group to 4.2.2
>
> [1] https://wso2.org/jira/browse/CARBON-15181
>
> Thanks.
>
>
> --
> Akila Ravihansa Perera
> WSO2 Inc.;  http://wso2.com/
>
> Blog: http://ravihansa3000.blogspot.com
>



-- 
*Lasindu Charith*
Software Engineer, WSO2 Inc.
Committer & PMC Member, Apache Stratos
Mobile: +94714427192 | Web: blog.lasindu.com

Reply via email to