Hi
I have a 6.0.14 running with Apr 1.1.10 and I seem to be seeing
instances of CVE-2007-6286: Tomcat duplicate request processing
vulnerability
(64-Bit Server VM (build 1.6.0_03-b05, mixed mode)
(Centos 5.0 - Linux 2.6.18-8.el5 x86_64 )
The obvious thing to do is to upgrade from 6.0.14 to 6.0.18. Firstly,
are there any changes in server.xml and web.xml in 6.0.18 that mean I
can't just use the existing ones in the new installation.
My current installation has $TOMCAT_HOME pointing to /usr/local/tomcat
My intended upgrade sequence is:
1. opy down 6.0.18 and untar it int /usr/local/tomcat18 (after checking
signatures)
2. copy over the jars that I have placed in the old $TOMCAT_HOME/lib (eg
postgres jdbc jar) to /usr/local/tomcat18/lib
3. copy over my webapp wars from $TOMCAT_HOME/webapps to the new webapps
folder.
4. as I am using jsvc to control tomcat, copy over the 'tomcat' file
from the $TOMCAT_HOME ('tomcat' is actually a shell script which sets up
all the environment variables for jsvc.) jsvc is in
/usr/lib/tcnative/jsvc so it should be unaffected by the move. However
I do need to copy over the $TOMCAT_HOME/bin/commons-daemon.jar.
5. stop the old server and rename its directory to /usr/local/tomcat.old
6. rename the directory of the new server to that of the current the new
server.
7. restart the server.
Am I missing anything? What have I overlooked? I need this to go as
smoothly as possible as there is quite a lot of traffic on this site.
Thanks in advance
Alan Chaney
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
