Apache only talks to mod_jk, not Tomcat, so the version of Apache you need is whatever is compatible with your version of mod_jk.
I use Debian Linux, so what I would do first is use Google to work out whether the version of Tomcat I want to use requires a specific version of mod_jk. If so, I would use Debian's apt-get to ensure I had at least that version of mod_jk, and apt-get would automatically ensure I had a compatible version of Apache. Of course, if you don't use a package manager such as apt-get, then you'll have to read the release notes for the version you want to use. However the documentation for these is usually pretty good at telling you if there's some restriction with what version works with what. I suspect that doesn't answer all of your question, but hopefully it gives you a starting point, and maybe someone else can fill in the gaps. i don't use Apache/mod_jk these days, having switched to nginx. Cheers, Anne. On 11 October 2011 01:22, Soon Won Park <[email protected]> wrote: > Hello, > > I'd like to know what I should upgrade - tomcat or apache httpd? > > CVE pointed out that some of the Tomcat versions on Linux have vulnerability. > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729 > > I have opentaps 1.0.3(include tomcat 5.5.20) version running on apache > 2.2.3 by using mod_jk. Do you think I need to upgrade tomcat or > apache? It's little bit difficult to upgrade opentaps version itself. > > It might not be so difficult to upgrade both, but I'd like to make > sure what's real problem before taking next step. > > My doube is, if tomcat is being used through mod_jk, then, the tomcat > version itself might not be matter. And this mean I do not need to > upgrade tomcat, but rather need to upgrade apache httpd which would be > the interface of the server. According to CVE posting, it says I need > to upgrade to tomcat which include vulnerable version of jsvc. Thus I > need to upgrade to jsvc 1.0.7 or later(I guess it's being used in > tomcat & apache both). But I couldn't find what version of jsvc is > being used on apache httpd 2.2.3. So I'm not sure I need to upgrade > apache httpd itself as well or not. > > Any help would be appreciated. Thank you for reading. > > Thank you. > Soon-Won Park > -- Coherent Software Australia Pty Ltd PO Box 2773 Cheltenham Vic 3192 Phone: (03) 9585 6788 Fax: (03) 9585 1086 Web: http://www.cohsoft.com.au/ Email: [email protected] Bonsai ERP, the all-inclusive ERP system http://www.bonsaierp.com.au/
