• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Need suggestion in upgrading Apache Tomcat due to security vulnerability in Apache Tomcat 7.0.61

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Recently we found there is security vulnerability in Apache Tomcat 7.0.61.Please note that now our application runs on Apache Tomcat 7.0.61.

Please advice me whether I can upgrade Apache Tomcat to latest Tomcat 7 version(v7.0.82)?

Also please let me know when it's expected End of Life for Apache Tomcat 7.0.x ?
 
Sheriff
Posts: 4632
300
IntelliJ IDE Clojure Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why do you think you couldn't update Tomcat to a newer version? The only way to find out if everything is ok is to try it yourself with your application, just like everybody else has to.

I would expect the EOL dates for the major versions of Tomcat would be published on the Apache Tomcat website. If not then I'd recommend contacting the Tomcat team directly and asking them.
 
Saloon Keeper
Posts: 5561
143
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my experience, upgrading to newer Tomcat versions has always been pretty painless, especially since Tomcat 5 from when on configurations have stayed pretty much the same. If you're upgrading anyway, you might as well go straight to the latest 8.5.x version. 8.5 needs Java 7, though, whereas 7.0 got by on Java 6. But you should probably be running on Java 8 anyway, so that might not make a difference.
 
Tim Cooke
Sheriff
Posts: 4632
300
IntelliJ IDE Clojure Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I had some difficulty a while back with an application that I wanted to run on Tomcat 8. The difficulty was an incompatibility with some old Spring 2.5 MVC code that was being used. It took me a few days to update all the Controllers to use the more current annotation driven setup rather than the old extend and override some Spring Controller class. Once done I was able to remove the dependency on the offending incompatible library.

Other than that it the transition from Tomcat 7 to Tomcat 8 was painless.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!