Hello Nick Yes that should work just fine, however is there a upgrade document on what needs to go where,
So far I see Tomcat in these locations /var/lib/tomcat9 /usr/share/tomcat9 /etc/tomcat9 I have downloaded apache-tomcat-9.0.71.tar.gz binary; can I simply stop tomcat and replace the files with the binary or is there a procedure? As usual nothing is easy as apt-get --upgrade Any information on upgrading tomcat for guacamole will be appreciated. Thank You Sean Hulbert -----Original Message----- From: Nick Couchman [mailto:[email protected]] Sent: Tuesday, January 31, 2023 1:57 PM To: [email protected] Subject: Re: Tomcat 10 On Tue, Jan 31, 2023 at 4:34 PM Sean Hulbert <[email protected]> wrote: > > Hello, > > > > Are there any special requirements for Guacamole 1.4.0 to update Tomcat > 9.0.31 to Tomcat 10 or reasons not to do this? > Yes, Tomcat 10 makes some servlet API changes that require code changes to Guacamole. It's documented, here: https://issues.apache.org/jira/browse/GUACAMOLE-1325 > To resolve the CVE below, and are there any procedural steps documented? WIthout looking at each individual CVE you mentioned, I would say that most, if not all, are probably also fixed in a version of Tomcat 9.0, which will still work with Guacamole. For example, CVE-2021-43980 only impacts 9.0.47 to 9.0.60, and is fixed in current 9.0 releases. I would venture a guess that many/most/all of the rest are the same. So, updating to the latest version of Tomcat 9.x should be a perfectly acceptable procedural step. -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
