> On 28 Nov 2013, at 6:14 pm, <pravin.pa...@accenture.com> wrote: > > Hi Ben, > > Thanks for your comment. > > We are using tomcat bundle which comes with JasperReports Server (v5.1.0).
Can you upgrade to 5.5? This uses Tomcat 7. Likely to have many of your patches covered. Upgrading a bundled Tomcat would require you taking on some testing effort, and may affect your product support from the vendor. Safer to follow the vendors upgrade path. Cheers, Ben > > Can you provide any alternative way to install the below mentioned patches > without upgrading it to the latest version. > > We are not sure that upgrading to the latest version will affect our > application server or not. > > Thanks, > Pravin Pawar > > -----Original Message----- > From: Ben Stringer [mailto:b...@burbong.com] > Sent: Thursday, November 28, 2013 12:06 PM > To: Tomcat Users List > Cc: Pawar, Pravin > Subject: Re: Patch information required > >> On Thu, November 28, 2013 5:15 pm, kanishk.se...@accenture.com wrote: >> Hi All, > > Hi Kanishhk, > >> We are using Apache tomcat version 6.0.26 and we need to install below >> patches on our servers to fix some Vulnerabilities. >> >> http://svn.apache.org/viewvc?view=revision&revision=958911 >> http://svn.apache.org/viewvc?view=revision&revision=958977 >> http://svn.apache.org/viewvc?view=revision&revision=959428 >> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID >> =c03298151 >> http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05 >> -584&actionBtn=Search > > Is the Apache tomcat instance you are using bundled with the applications > above (from HP, Juniper)? If so, you should get an updated release from those > vendors, as they should have bundled a higher version of Tomcat that resolves > the issues. > > You can cross-check your list of CVE vulnerabilities against Tomcat versions > at this page: > > http://tomcat.apache.org/security.html > > Looks like 6.0.37 is the latest version of Tomcat 6. > > Cheers, Ben > > > ________________________________ > > This message is for the designated recipient only and may contain privileged, > proprietary, or otherwise confidential information. If you have received it > in error, please notify the sender immediately and delete the original. Any > other use of the e-mail by you is prohibited. Where allowed by local law, > electronic communications with Accenture and its affiliates, including e-mail > and instant messaging (including content), may be scanned by our systems for > the purposes of information security and assessment of internal compliance > with Accenture policy. . > ______________________________________________________________________________________ > > www.accenture.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org