-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Bernd,
On 6/20/13 12:45 PM, Lentes, Bernd wrote: > i'm fairly new to tomcat. We have a SLES 10 SP4 64bit host, running > Tomcat 5.5, which was provided as a rpm from the distributor. Our > developers need now a more current version, 6 or prefered 7. I > didn't find rpm's for these versions for my OS. So i have to > install the binary version from the tomcat web page. You should complain to RedHat. It's embarrassing that so many distributions are still holding on to Tomcat 5.5 and not supporting newer versions. There's no really good reason to upgrade to Tomcat 6. Going from Tomcat 5.5 -> 7.0 should not represent too much of a challenge. > I read that patches concerning security vulnerabilities are not > provided for the binary version. The Apache Tomcat team does not release patches at all... instead, new versions are released with the patches included. This includes both source and binary bundles. > My question: what do i have to do if i read that version x.x has a > security vulnerability which is closed by version x.y ? Upgrade, if you need to. Some vulnerabilities are only present under certain configurations, etc. > Just install the new version over the old one ? I would not recommend installing a new version "on top of" an old one. See below. > Uninstalling the old one before ? What is about my webapps ? Are > they gone with the installation of the new version ? Since you are going through this process, I highly recommend that you start thinking about using a "split install" where Tomcat itself is installed one place and your webapp is installed elsewhere. To do this, you set the CATALINA_HOME environment variable to point to your Tomcat installation, and set CATALINA_BASE to where your webapp is installed. See the RUNNING.txt file in the root of Tomcat's installation for details -- you are looking for the section titled "Advanced Configuration - Multiple Tomcat Instances". Once you have set up the environment for CATALINA_HOME/CATALINA_BASE, it's fairly simple to upgrade to a new version of Tomcat: 1. Install the new version for example into /opt/apache-tomcat-x.y.z 2. Re-customize /opt/apache-tomcat-x.y.z/conf/server.xml to include any customizations you have made (usually just <Connector> elements, perhaps clustering, etc.) 3. Change CATALINA_HOME to /opt/apache-x.y.z 4. Re-start Tomcat If you are upgrading from x.y.z -> x.y.w (that is, a point-release), you may be able to replace step #2 above with simply copying the existing server.xml to the new CATALINA_HOME. YOU MUST NOT DO THIS BETWEEN MAJOR RELEASES: server.xml changes significantly (mostly class names) between major releases. You need to start from scratch with each one. One of the many advantages of the above technique (i.e. using CATALINA_BASE) is that rolling-back to a previous Tomcat version is trivial: simply change CATALINA_HOME to point to the old release and restart Tomcat. You'll be back where you started. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRw0hdAAoJEBzwKT+lPKRYEw4P/iYzprGZZt9C+kMSOjOW2pYC b2xB7IgS1KhY+6ayQkkjyL3ByJFhrCVIXLbkKuQbGNmk+76R4aFxoueLxkT5m0+u yMFbwrnlAPx/+3UdCRmw9dVRROakQrdevYzm0bJskw1gu6Vneq2Bxq9zJCi4bKF4 B8EwzcjAdo6oX4UZX7U3um9g+yxGFAC6kM2n6t/MVbhF/stq+R6r0JY4Kmz9LP77 uC9WDr73op33spHXkxX2oMkhksuyUtgl3ZmCwxe6VUU1c0BloGfTy5hBrB5WMBAS F/KryJMiTeMexnKv4QcDE8qz0w3BgzHGI6XSuhvK2FUbeCe6OyD1JdOzFSHRA0M0 aPdLJyDdsnzjjS88rorv4dfBYl7KJelx2N/51H7GUeX1ipVsrq4vgYNafjLbMUpl J/yu1OJ9cBhKntuDuMrEIduoZ/WsKcl8hSK6hy/87+dkyw6eKfHj76Io8cP7/uPh mLiuhmatQ6AT5eFg8BYltxImAVfXpbuUO6d428awy4EWa9tWARokhghsmfmlJmg2 Z1zp1gwxMAdiShaAaxRmFF/Kw18rWPvMoZ6M8pdykGqFw8YZk1FEvQ1pYzoTzcv0 XeiZU3qPUd9rBYkhvzgOEfS9XvZuL/46/4jNTDDh78DoVz2ZAEFBKX6CrZGrPF0u N+uMi9itiRrdD6BcVmbv =m+/N -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org