Re: Tomcat patch management and patching best practices
The Apache Tomcat project does not provide patches for individual issues and has no plans to change that. The simplest way to manage updates is to separate CATALINA_HOME and CATALINA_BASE as per http://tomcat.apache.org/tomcat-9.0-doc/introduction.html#CATALINA_HOME_and_CATALINA_BASE or https://tomcat.apache.org/tomcat-9.0-doc/RUNNING.txt Upgrades then become a case of: Unpack new binary distribution Stop Tomcat Update CATALINA_HOME environment variable Start Tomcat Mark On 07/02/2019 02:52, John Larsen wrote: > Thats a really good question. We've simply replaced the entire tomcat > installation and then rerun auto config. > > Be nice if apache provided patches. > > John > > > On Wed, Feb 6, 2019 at 7:39 PM Murtaza Doctor wrote: > >> Dear Support, >> >> We request your help/advice for the Tomcat Patch Management. We have >> installed Tomcat server to host an application which is internally used in >> our organisation. We donot have any current process/procedure to patch >> Tomcat. So we are looking for your advice on this. >> >> Please address my below queries: >> >> 1) What is the best procedure/practice to keep Tomcat up-to-date with >> patches? >> >> 2) How frequently does Tomcat releases patches/updates? If patches are >> available, please advice the link to access the patches and its details >> (including steps to apply it) >> >> 3) Are separate patches released for security vulnerabilities fixed and bug >> fixed in Tomcat application server? >> >> Kindly advice. Your suggestion will help us in building our internal >> processes. Thanks. >> >> Kind Regards, >> Murtaza Doctor. >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat patch management and patching best practices
Thats a really good question. We've simply replaced the entire tomcat installation and then rerun auto config. Be nice if apache provided patches. John On Wed, Feb 6, 2019 at 7:39 PM Murtaza Doctor wrote: > Dear Support, > > We request your help/advice for the Tomcat Patch Management. We have > installed Tomcat server to host an application which is internally used in > our organisation. We donot have any current process/procedure to patch > Tomcat. So we are looking for your advice on this. > > Please address my below queries: > > 1) What is the best procedure/practice to keep Tomcat up-to-date with > patches? > > 2) How frequently does Tomcat releases patches/updates? If patches are > available, please advice the link to access the patches and its details > (including steps to apply it) > > 3) Are separate patches released for security vulnerabilities fixed and bug > fixed in Tomcat application server? > > Kindly advice. Your suggestion will help us in building our internal > processes. Thanks. > > Kind Regards, > Murtaza Doctor. >
Tomcat patch management and patching best practices
Dear Support, We request your help/advice for the Tomcat Patch Management. We have installed Tomcat server to host an application which is internally used in our organisation. We donot have any current process/procedure to patch Tomcat. So we are looking for your advice on this. Please address my below queries: 1) What is the best procedure/practice to keep Tomcat up-to-date with patches? 2) How frequently does Tomcat releases patches/updates? If patches are available, please advice the link to access the patches and its details (including steps to apply it) 3) Are separate patches released for security vulnerabilities fixed and bug fixed in Tomcat application server? Kindly advice. Your suggestion will help us in building our internal processes. Thanks. Kind Regards, Murtaza Doctor.