tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Chaney <>
Subject Hints on upgrading from 6.0.14 to 6.0.18 on production server
Date Mon, 29 Dec 2008 17:54:56 GMT

I have a 6.0.14 running with Apr 1.1.10 and I seem to be seeing 
instances of CVE-2007-6286: Tomcat duplicate request processing 

(64-Bit Server VM (build 1.6.0_03-b05, mixed mode)
(Centos 5.0 - Linux 2.6.18-8.el5  x86_64 )

The obvious thing to do is to upgrade from 6.0.14 to 6.0.18. Firstly, 
are there any changes in server.xml and web.xml in 6.0.18 that mean I 
can't just use the existing ones in the new installation.

My current installation has $TOMCAT_HOME pointing to /usr/local/tomcat

My intended upgrade sequence is:

1. opy down 6.0.18 and untar it int /usr/local/tomcat18 (after checking 

2. copy over the jars that I have placed in the old $TOMCAT_HOME/lib (eg 
postgres jdbc jar) to /usr/local/tomcat18/lib

3. copy over my webapp wars from $TOMCAT_HOME/webapps to the new webapps 

4. as I am using jsvc to control tomcat, copy over the 'tomcat' file 
from the $TOMCAT_HOME ('tomcat' is actually a shell script which sets up
all the environment variables for jsvc.) jsvc is in 
/usr/lib/tcnative/jsvc so it should be unaffected by the move. However
I do need to copy over the $TOMCAT_HOME/bin/commons-daemon.jar.

5. stop the old server and rename its directory to /usr/local/tomcat.old

6. rename the directory of the new server to that of the current the new 

7. restart the server.

Am I missing anything? What have I overlooked? I need this to go as 
smoothly as possible as there is quite a lot of traffic on this site.

Thanks in advance

Alan Chaney

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message