tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: binary distribution - how to upgrade ?
Date Thu, 20 Jun 2013 18:22:21 GMT
Hash: SHA256


On 6/20/13 12:45 PM, Lentes, Bernd wrote:
> i'm fairly new to tomcat. We have a SLES 10 SP4 64bit host, running
>  Tomcat 5.5, which was provided as a rpm from the distributor. Our
>  developers need now a more current version, 6 or prefered 7. I 
> didn't find rpm's for these versions for my OS. So i have to
> install the binary version from the tomcat web page.

You should complain to RedHat. It's embarrassing that so many
distributions are still holding on to Tomcat 5.5 and not supporting
newer versions.

There's no really good reason to upgrade to Tomcat 6. Going from Tomcat
5.5 -> 7.0 should not represent too much of a challenge.

> I read that patches concerning security vulnerabilities are not 
> provided for the binary version.

The Apache Tomcat team does not release patches at all... instead, new
versions are released with the patches included. This includes both
source and binary bundles.

> My question: what do i have to do if i read that version x.x has a 
> security vulnerability which is closed by version x.y ?

Upgrade, if you need to. Some vulnerabilities are only present under
certain configurations, etc.

> Just install the new version over the old one ?

I would not recommend installing a new version "on top of" an old one.
See below.

> Uninstalling the old one before ? What is about my webapps ? Are
> they gone with the installation of the new version ?

Since you are going through this process, I highly recommend that you
start thinking about using a "split install" where Tomcat itself is
installed one place and your webapp is installed elsewhere. To do
this, you set the CATALINA_HOME environment variable to point to your
Tomcat installation, and set CATALINA_BASE to where your webapp is
installed. See the RUNNING.txt file in the root of Tomcat's
installation for details -- you are looking for the section titled
"Advanced Configuration - Multiple Tomcat Instances".

Once you have set up the environment for CATALINA_HOME/CATALINA_BASE,
it's fairly simple to upgrade to a new version of Tomcat:

1. Install the new version for example into /opt/apache-tomcat-x.y.z
2. Re-customize /opt/apache-tomcat-x.y.z/conf/server.xml to include
any customizations you have made (usually just <Connector> elements,
perhaps clustering, etc.)
3. Change CATALINA_HOME to /opt/apache-x.y.z
4. Re-start Tomcat

If you are upgrading from x.y.z -> x.y.w (that is, a point-release),
you may be able to replace step #2 above with simply copying the
existing server.xml to the new CATALINA_HOME. YOU MUST NOT DO THIS
BETWEEN MAJOR RELEASES: server.xml changes significantly (mostly class
names) between major releases. You need to start from scratch with
each one.

One of the many advantages of the above technique (i.e. using
CATALINA_BASE) is that rolling-back to a previous Tomcat version is
trivial: simply change CATALINA_HOME to point to the old release and
restart Tomcat. You'll be back where you started.

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message