Tomcat Updates in Lucee Patches

Relatively new to Lucee. Running 4.5.3.

In running some security scans on my system, it recommends upgrading Tomcat
to Version 8.0.36, for security reasons.

Will the patches periodically provided for Lucee ever include Tomcat
updates, or are Tomcat updates entirely my responsibility?

Thanks.

– Steve

It’s always all on you, as comforting as that sounds. :wink:

Seriously though, upgrading Tomcat and the JRE is pretty dang easy. You basically just download the jars of the latest Tomcat, replace the jars of the previous tomcat, restart, badda-bing you’re done.–
Kind regards,
Jordan Michaels
Vivio Technologies

----- Original Message -----
From: “Steve Lauen” <@Steve_Lauen>
To: “Lucee” lucee@googlegroups.com
Sent: Monday, September 12, 2016 2:53:05 PM
Subject: [Lucee] Tomcat Updates in Lucee Patches

Relatively new to Lucee. Running 4.5.3.

In running some security scans on my system, it recommends upgrading Tomcat
to Version 8.0.36, for security reasons.

Will the patches periodically provided for Lucee ever include Tomcat
updates, or are Tomcat updates entirely my responsibility?

Thanks.

– Steve


Get 10% off of the regular price for this years CFCamp in Munich, Germany (Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€ instead of 210€. Visit https://ti.to/cfcamp/cfcamp-2016/discount/Lucee@cfcamp

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/655ce3bc-199a-4e74-bc4b-e764ef8fafde%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thanks Jordan.

In looking through the Tomcat install on our system, it looks like most of
the jar files are in the lib subdirectory (/opt/lucee/tomcat/lib). But
there are also three jar files in the bin subdirectory (bootstrap.jar,
commons-daemon.jar, and tomcat-juli.jar).

Some of the documentation I’ve seen online refers to only needing to
install the jar files from the lib directory.

Is this sufficient, or would we need to install the jar files from the bin
directory as well?

– Steve

Imho it is not sufficient to update the lib folder.
I would also update some files in the bin folder and also compare the format of the new conf/* files with the old conf/* files.
e.g. check if new listeners were introduced in server.xml …

-HarryVon: lucee@googlegroups.com [mailto:lucee@googlegroups.com] Im Auftrag von Steve Lauen
Gesendet: Dienstag, 13. September 2016 15:43
An: Lucee lucee@googlegroups.com
Betreff: Re: [Lucee] Tomcat Updates in Lucee Patches

Thanks Jordan.

In looking through the Tomcat install on our system, it looks like most of the jar files are in the lib subdirectory (/opt/lucee/tomcat/lib). But there are also three jar files in the bin subdirectory (bootstrap.jar, commons-daemon.jar, and tomcat-juli.jar).

Some of the documentation I’ve seen online refers to only needing to install the jar files from the lib directory.

Is this sufficient, or would we need to install the jar files from the bin directory as well?

– Steve


Get 10% off of the regular price for this years CFCamp in Munich, Germany (Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€ instead of 210€. Visit https://ti.to/cfcamp/cfcamp-2016/discount/Lucee@cfcamp

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.commailto:lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.commailto:lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/99508aac-7ada-460b-b8a3-6fa32c4f9de2%40googlegroups.comhttps://groups.google.com/d/msgid/lucee/99508aac-7ada-460b-b8a3-6fa32c4f9de2%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Essentially, as long as you’re on the same major version number, i.e. 8, all you need to copy over are the jars from the lib folder.

I’ve had one time where I encountered and issue with updating just the lib folder and had to also update what’s in the bin as well. Not saying you should ignore it; just never ran into issues typically.

In my experience with updating the same major version number to newer minor update of the same major, I usually haven’t noticed much change, if any, to the conf files. Now if you were updating, say, Tomcat 8 to 9, I would def say replace everything and add in necessary config to wire everything else up.

Def not a bad idea covering /lib and /bin bith however. :slight_smile:

1 Like