tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Williams, Nick" <nicholas.willi...@ul.com>
Subject RE: Tomcat Upgrade & Migration Questions
Date Wed, 06 Feb 2013 17:09:51 GMT
> On Feb 6, 2013, at 1:24 AM, Kirk Hoganson wrote:
>> I am currently in the middle of an upgrade from Apache (2.2)/Tomcat
>> (5.5.16) to Apache (2.2)/Tomcat (6.0.24).  The JVM is being upgraded
>> from
>> 1.5.0_09-b01 to 1.6.0_22-b22.  The new host servers will be RedHat 6.2.
>
>Why are you upgrading to 6.0.24 & Java 1.6.0_22?  These are already multiple versions
out of date.  Do yourself a favor and upgrade to the latest release of each, which at this
time is 6.0.36 and Java 1.6.0_39.

Just want to chime in here. Please note that Java 6 is 8 years old, as of February 2011 Oracle
ended public update notifications, and (most importantly) as of February 2013 (this month)
Java 6 will be END OF LIFE (http://www.oracle.com/technetwork/java/eol-135779.html). This
means that if some security issue is identified in Java 6 that could compromise your servers,
the only way you will be able to get a fix for it is to upgrade to Java 7. (Java 7 is approaching
its second birthday and Java 8 comes out later this year. The plan is for Java 7 to go end
of life in July 2014, but July 2012 was the plan for Java 6 and that got extended 7 months.
I think Java 7 has a little time left in it yet.)

Dan is right to encourage you to go to Java 1.6.0_39 instead of 1.6.0_22 and to go to Tomcat
6.0.36 instead of 6.0.24. The versions you are proposing to update to are out of date, potentially
insecure, and should not be used on production systems. However, I would take it a step further.
If you are already in the process of upgrading your systems, get a little more current and
save yourself some headache down the road. Get Java 1.7.0_13 and Tomcat 7.0.35. That should
last you for a couple more years before you'll need to update.

Just my $0.02.

Nick

This e-mail may contain privileged or confidential information. If you are not the intended
recipient: (1) you may not disclose, use, distribute, copy or rely upon this message or attachment(s);
and (2) please notify the sender by reply e-mail, and then delete this message and its attachment(s).
Underwriters Laboratories Inc. and its affiliates disclaim all liability for any errors, omissions,
corruption or virus in this message or any attachments.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message