tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Chaney <a...@compulsivecreative.com>
Subject Hints on upgrading from 6.0.14 to 6.0.18 on production server
Date Mon, 29 Dec 2008 17:54:56 GMT
Hi

I have a 6.0.14 running with Apr 1.1.10 and I seem to be seeing 
instances of CVE-2007-6286: Tomcat duplicate request processing 
vulnerability

(64-Bit Server VM (build 1.6.0_03-b05, mixed mode)
(Centos 5.0 - Linux 2.6.18-8.el5  x86_64 )


The obvious thing to do is to upgrade from 6.0.14 to 6.0.18. Firstly, 
are there any changes in server.xml and web.xml in 6.0.18 that mean I 
can't just use the existing ones in the new installation.

My current installation has $TOMCAT_HOME pointing to /usr/local/tomcat

My intended upgrade sequence is:

1. opy down 6.0.18 and untar it int /usr/local/tomcat18 (after checking 
signatures)

2. copy over the jars that I have placed in the old $TOMCAT_HOME/lib (eg 
postgres jdbc jar) to /usr/local/tomcat18/lib

3. copy over my webapp wars from $TOMCAT_HOME/webapps to the new webapps 
folder.

4. as I am using jsvc to control tomcat, copy over the 'tomcat' file 
from the $TOMCAT_HOME ('tomcat' is actually a shell script which sets up
all the environment variables for jsvc.) jsvc is in 
/usr/lib/tcnative/jsvc so it should be unaffected by the move. However
I do need to copy over the $TOMCAT_HOME/bin/commons-daemon.jar.

5. stop the old server and rename its directory to /usr/local/tomcat.old

6. rename the directory of the new server to that of the current the new 
server.

7. restart the server.


Am I missing anything? What have I overlooked? I need this to go as 
smoothly as possible as there is quite a lot of traffic on this site.

Thanks in advance

Alan Chaney


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message