On 20/06/2013 19:22, Christopher Schultz wrote: > Bernd, > > On 6/20/13 12:45 PM, Lentes, Bernd wrote: >> i'm fairly new to tomcat. We have a SLES 10 SP4 64bit host, running >> Tomcat 5.5, which was provided as a rpm from the distributor. Our >> developers need now a more current version, 6 or prefered 7. I >> didn't find rpm's for these versions for my OS. So i have to >> install the binary version from the tomcat web page. > > You should complain to RedHat. It's embarrassing that so many > distributions are still holding on to Tomcat 5.5 and not supporting > newer versions. > > There's no really good reason to upgrade to Tomcat 6. Going from Tomcat > 5.5 -> 7.0 should not represent too much of a challenge. > >> I read that patches concerning security vulnerabilities are not >> provided for the binary version. > > The Apache Tomcat team does not release patches at all... instead, new > versions are released with the patches included. This includes both > source and binary bundles. > >> My question: what do i have to do if i read that version x.x has a >> security vulnerability which is closed by version x.y ? > > Upgrade, if you need to. Some vulnerabilities are only present under > certain configurations, etc. > >> Just install the new version over the old one ? > > I would not recommend installing a new version "on top of" an old one. > See below. > >> Uninstalling the old one before ? What is about my webapps ? Are >> they gone with the installation of the new version ? > > Since you are going through this process, I highly recommend that you > start thinking about using a "split install" where Tomcat itself is > installed one place and your webapp is installed elsewhere. To do > this, you set the CATALINA_HOME environment variable to point to your > Tomcat installation, and set CATALINA_BASE to where your webapp is > installed. See the RUNNING.txt file in the root of Tomcat's > installation for details -- you are looking for the section titled > "Advanced Configuration - Multiple Tomcat Instances". > > Once you have set up the environment for CATALINA_HOME/CATALINA_BASE, > it's fairly simple to upgrade to a new version of Tomcat: > > 1. Install the new version for example into /opt/apache-tomcat-x.y.z > 2. Re-customize /opt/apache-tomcat-x.y.z/conf/server.xml to include > any customizations you have made (usually just <Connector> elements, > perhaps clustering, etc.)
Um, no. server.xml should be in $CATALINA_BASE/conf Mark > 3. Change CATALINA_HOME to /opt/apache-x.y.z > 4. Re-start Tomcat > > If you are upgrading from x.y.z -> x.y.w (that is, a point-release), > you may be able to replace step #2 above with simply copying the > existing server.xml to the new CATALINA_HOME. YOU MUST NOT DO THIS > BETWEEN MAJOR RELEASES: server.xml changes significantly (mostly class > names) between major releases. You need to start from scratch with > each one. > > One of the many advantages of the above technique (i.e. using > CATALINA_BASE) is that rolling-back to a previous Tomcat version is > trivial: simply change CATALINA_HOME to point to the old release and > restart Tomcat. You'll be back where you started. > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org