tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Stringer <...@burbong.com>
Subject Re: Patch information required
Date Thu, 28 Nov 2013 07:49:01 GMT


> On 28 Nov 2013, at 6:14 pm, <pravin.pawar@accenture.com> wrote:
> 
> Hi Ben,
> 
> Thanks for your comment.
> 
> We are using tomcat bundle which comes with JasperReports Server (v5.1.0).

Can you upgrade to 5.5? This uses Tomcat 7. Likely to have many of your patches covered. 

Upgrading a bundled Tomcat would require you taking on some testing effort, and may affect
your product support from the vendor. Safer to follow the vendors upgrade path. 

Cheers, Ben
> 
> Can you provide any alternative way to install the below mentioned patches without upgrading
it to the latest version.
> 
> We are not sure that upgrading to the latest version will affect our application server
or not.
> 
> Thanks,
> Pravin Pawar
> 
> -----Original Message-----
> From: Ben Stringer [mailto:ben@burbong.com]
> Sent: Thursday, November 28, 2013 12:06 PM
> To: Tomcat Users List
> Cc: Pawar, Pravin
> Subject: Re: Patch information required
> 
>> On Thu, November 28, 2013 5:15 pm, kanishk.sethi@accenture.com wrote:
>> Hi All,
> 
> Hi Kanishhk,
> 
>> We are using Apache tomcat version 6.0.26 and we need to install below
>> patches on our servers to fix some Vulnerabilities.
>> 
>> http://svn.apache.org/viewvc?view=revision&revision=958911
>> http://svn.apache.org/viewvc?view=revision&revision=958977
>> http://svn.apache.org/viewvc?view=revision&revision=959428
>> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID
>> =c03298151
>> http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05
>> -584&actionBtn=Search
> 
> Is the Apache tomcat instance you are using bundled with the applications above (from
HP, Juniper)? If so, you should get an updated release from those vendors, as they should
have bundled a higher version of Tomcat that resolves the issues.
> 
> You can cross-check your list of CVE vulnerabilities against Tomcat versions at this
page:
> 
> http://tomcat.apache.org/security.html
> 
> Looks like 6.0.37 is the latest version of Tomcat 6.
> 
> Cheers, Ben
> 
> 
> ________________________________
> 
> This message is for the designated recipient only and may contain privileged, proprietary,
or otherwise confidential information. If you have received it in error, please notify the
sender immediately and delete the original. Any other use of the e-mail by you is prohibited.
Where allowed by local law, electronic communications with Accenture and its affiliates, including
e-mail and instant messaging (including content), may be scanned by our systems for the purposes
of information security and assessment of internal compliance with Accenture policy. .
> ______________________________________________________________________________________
> 
> www.accenture.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message