Hi Akila, Instead of uplifting the webapp.mgt.feature version, you might be able to use security patch WSO2-CARBON-PATCH-4.2.0-1262 from [1 <http://wso2.com/products/identity-server/#Security-Patches>] which upgrades embedded tomcat version from 7.0.34 to 7.0.55.
[1] http://wso2.com/products/identity-server/#Security-Patches Thanks, On Tue, Aug 18, 2015 at 9:22 AM, Akila Ravihansa Perera <raviha...@wso2.com> wrote: > Hi, > > I've been working on applying Carbon kernel patches up to patch0011 to > Stratos. These kernel patches provides various bug fixes and security fixes > for Carbon which is the underlying platform of Stratos. While testing with > the patches I observed that webapp mgt features are broken after patch0010. > This is because patch0010 contains a upgraded Tomcat version (embedded > Tomcat for Carbon) which was released to fix a security vulnerability [1]. > This newer Tomcat version contains some API changes, hence webapp mgt ver. > 4.2.2 feature currently installed in Stratos is not compatible with kernel > patch0010. > > The fix would be to uplift webapp mgt feature to ver. 4.2.3 which I have > already done and tested basic functionality in REST API and console app. > But we will have to do extensive testing of Carbon UI and other webapps > (api, metadata, console, mockiaas, oauth2) before we release it. I've all > the changes done in my fork and ready to be pushed to master. Are we going > with this for next patch release? What are your thoughts? > > Changes made to p2 profile: > - uplifted org.wso2.carbon.webapp.mgt.feature to 4.2.3 > - uplifted org.wso2.carbon.logging.mgt.feature.group to 4.2.2 > > [1] https://wso2.org/jira/browse/CARBON-15181 > > Thanks. > > > -- > Akila Ravihansa Perera > WSO2 Inc.; http://wso2.com/ > > Blog: http://ravihansa3000.blogspot.com > -- *Lasindu Charith* Software Engineer, WSO2 Inc. Committer & PMC Member, Apache Stratos Mobile: +94714427192 | Web: blog.lasindu.com