Community 7 runs Tomcat 9.0.41 with multiple vulnerabilities (time to upgrade?)

cancel
Showing results for 
Search instead for 
Did you mean: 
michaelzietlow
Active Member II

Community 7 runs Tomcat 9.0.41 with multiple vulnerabilities (time to upgrade?)

Jump to solution

Hello!   

  Scanning my newly installed community7, I noticed it includes Apache Tomcat 9.0.41.  This needs to be at least 9.0.43 due to remote code execution vulnerabilities present. Has anyone else has successfully upgraded Tomcat on their Community 6 or 7 installations?

 I installed /opt/apache-tomcat-9.0.43 and it looks like all I need to do is symlink it to /opt/tomcat?   I'll be stopping Community tonight, repointing /opt/tomcat to the 9.0.43 version, and wanted to be as prepared as possible. 

  Are there any configuration files that need to be copied over, or is this as straightforward as it seems?

 

1 Solution

Accepted Solutions
michaelzietlow
Active Member II

Re: Community 7 runs Tomcat 9.0.41 with multiple vulnerabilities (time to upgrade?)

Jump to solution

!SUCCESS! 
It appears that upgrading Apache Tomcat on the Community7 ansible installation is 'ALMOST'  as straightforward as it seems.  

The /etc/opt/alfresco/setenv.sh file deployed with community7.0 is not IDEMPOTENT.  It references software directories with version#, not their universal symlinks.  
This of course breaks Alfresco the second you remove /opt/apache-tomcat-9.0.41 so to correct this small oversite do the following.

 

EDIT:  /etc/opt/alfresco/setenv.sh

BEFORE:
export TOMCAT_HOME=/opt/apache-tomcat-9.0.41

AFTER:
export TOMCAT_HOME=/opt/tomcat

 

AFTER THIS THE TOMCAT UPGRADE PROCEDURE 9.041 to 9.043 IS EASY.

# cd /opt

# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz

# gunzip apache-tomcat-9.0.43.tar.gz

# tar vxf apache-tomcat-9.0.43.tar

# chown -R alfresco:alfresco /opt/apache-tomcat-9.0.43

# systemctl stop alfresco-content

# unlink /opt/tomcat

# ln -s /opt/apache-tomcat-9.0.43 /opt/tomcat

# systemctl start alfresco-content

 

View solution in original post

2 Replies
michaelzietlow
Active Member II

Re: Community 7 runs Tomcat 9.0.41 with multiple vulnerabilities (time to upgrade?)

Jump to solution

!SUCCESS! 
It appears that upgrading Apache Tomcat on the Community7 ansible installation is 'ALMOST'  as straightforward as it seems.  

The /etc/opt/alfresco/setenv.sh file deployed with community7.0 is not IDEMPOTENT.  It references software directories with version#, not their universal symlinks.  
This of course breaks Alfresco the second you remove /opt/apache-tomcat-9.0.41 so to correct this small oversite do the following.

 

EDIT:  /etc/opt/alfresco/setenv.sh

BEFORE:
export TOMCAT_HOME=/opt/apache-tomcat-9.0.41

AFTER:
export TOMCAT_HOME=/opt/tomcat

 

AFTER THIS THE TOMCAT UPGRADE PROCEDURE 9.041 to 9.043 IS EASY.

# cd /opt

# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz

# gunzip apache-tomcat-9.0.43.tar.gz

# tar vxf apache-tomcat-9.0.43.tar

# chown -R alfresco:alfresco /opt/apache-tomcat-9.0.43

# systemctl stop alfresco-content

# unlink /opt/tomcat

# ln -s /opt/apache-tomcat-9.0.43 /opt/tomcat

# systemctl start alfresco-content

 

EddieMay
Alfresco Employee

Re: Community 7 runs Tomcat 9.0.41 with multiple vulnerabilities (time to upgrade?)

Jump to solution

Hi @michaelzietlow 

Yah! Well done,  & thanks for the extensive update - really useful to other users Heart

Cheers,

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!