Re: Tomcat patch management and patching best practices
The Apache Tomcat project does not provide patches for individual issues and has no plans to change that. The simplest way to manage updates is to separate CATALINA_HOME and CATALINA_BASE as per http://tomcat.apache.org/tomcat-9.0-doc/introduction.html#CATALINA_HOME_and_CATALINA_BASE or https://tomcat.apache.org/tomcat-9.0-doc/RUNNING.txt Upgrades then become a case of: Unpack new binary distribution Stop Tomcat Update CATALINA_HOME environment variable Start Tomcat Mark On 07/02/2019 02:52, John Larsen wrote: > Thats a really good question. We've simply replaced the entire tomcat > installation and then rerun auto config. > > Be nice if apache provided patches. > > John > > > On Wed, Feb 6, 2019 at 7:39 PM Murtaza Doctor wrote: > >> Dear Support, >> >> We request your help/advice for the Tomcat Patch Management. We have >> installed Tomcat server to host an application which is internally used in >> our organisation. We donot have any current process/procedure to patch >> Tomcat. So we are looking for your advice on this. >> >> Please address my below queries: >> >> 1) What is the best procedure/practice to keep Tomcat up-to-date with >> patches? >> >> 2) How frequently does Tomcat releases patches/updates? If patches are >> available, please advice the link to access the patches and its details >> (including steps to apply it) >> >> 3) Are separate patches released for security vulnerabilities fixed and bug >> fixed in Tomcat application server? >> >> Kindly advice. Your suggestion will help us in building our internal >> processes. Thanks. >> >> Kind Regards, >> Murtaza Doctor. >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat patch management and patching best practices
Thats a really good question. We've simply replaced the entire tomcat installation and then rerun auto config. Be nice if apache provided patches. John On Wed, Feb 6, 2019 at 7:39 PM Murtaza Doctor wrote: > Dear Support, > > We request your help/advice for the Tomcat Patch Management. We have > installed Tomcat server to host an application which is internally used in > our organisation. We donot have any current process/procedure to patch > Tomcat. So we are looking for your advice on this. > > Please address my below queries: > > 1) What is the best procedure/practice to keep Tomcat up-to-date with > patches? > > 2) How frequently does Tomcat releases patches/updates? If patches are > available, please advice the link to access the patches and its details > (including steps to apply it) > > 3) Are separate patches released for security vulnerabilities fixed and bug > fixed in Tomcat application server? > > Kindly advice. Your suggestion will help us in building our internal > processes. Thanks. > > Kind Regards, > Murtaza Doctor. >
Re: Tomcat Patch Management
Mark Thomas wrote: Anand Gundanna wrote: Dear Support, I would request for your help in regards to Tomcat Patch Management. I hope you will be helpful in this regard. We have installed and configured an Tomcat web server on windows server platform for an application called Business Objects XI. Tomcat web servers will not be supported/maintained by our web services team as it is non strategic within our organisation. But still we have hosted the Tomcat servers as it is mandated by Business Objects application. Now the Tomcat Web server has been successfully installed and configured. We need to plan for Patch management for Tomcat. At the moment we do not have any external/third party tool to manage the patches automatically. So, could you please clarify the following queries.. 1) What is the best procedure/practice to keep Tomcat up-to-date with patches? There are no patches, only full releases. 2) How frequently does Tomcat releases patches/updates and how critical it is for an internal application? ~3 per year. How critical is your call. If it ain't broke... 3) Does Tomcat have any built in tool/feature to download and update patches automatically? Nope. Please let me know if you know any other easy option/solution for Tomcat Patch Management. There are commercial support provides that will provide simpler patch management options. Or safer bet, depending on how well the application is designed (and how critical it is)... install a staging server with the new Tomcat release, and copy the application over and test. I do not know of any 100% proof patch/upgrade for any software. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Regards Gabe Wong NGASI AppServer Manager JAVA AUTOMATION and SaaS Enablement for Cloud Computing http://www.ngasi.com NEW! FREE Developer account for Hosted version on Amazon EC2 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Patch Management
Anand Gundanna wrote: > Dear Support, > > I would request for your help in regards to Tomcat Patch Management. I > hope you will be helpful in this regard. > > We have installed and configured an Tomcat web server on windows server > platform for an application called Business Objects XI. Tomcat web servers > will not be supported/maintained by our web services team as it is non > strategic within our organisation. But still we have hosted the Tomcat > servers as it is mandated by Business Objects application. > > Now the Tomcat Web server has been successfully installed and configured. > We need to plan for Patch management for Tomcat. At the moment we do not > have any external/third party tool to manage the patches automatically. > So, could you please clarify the following queries.. > > 1) What is the best procedure/practice to keep Tomcat up-to-date with > patches? There are no patches, only full releases. > 2) How frequently does Tomcat releases patches/updates and how critical it > is for an internal application? ~3 per year. How critical is your call. If it ain't broke... > 3) Does Tomcat have any built in tool/feature to download and update > patches automatically? Nope. > Please let me know if you know any other easy option/solution for Tomcat > Patch Management. There are commercial support provides that will provide simpler patch management options. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
