I work on a team that has an application using Lucee 5 on Windows Servers (2012 R2 and above). Recently, a new vulnerability came to light which requires an update to Tomcat 9.0.37. As this is my first post here, just a note: I personally am just making the jump from tech support to dev. Much to learn
Our product used to use Lucee 4.5. At that time, our process for updating Tomcat was to update the files in lucee/tomcat/lib with the files from the corresponding folder in the Tomcat core zip file (downloaded from the Tomcate website). That process doesn’t seem to work at our current version of Lucee, as neither our application site, nor the Lucee web/server admin pages come up afterwards. The request just spins forever.
I did not see any errors in the Lucee logs that jumped out at me.
I’d like to learn the best process for updating Tomcat in this kind of environment.
Has anybody had any experience making the update of Tomcat for Lucee 5.x on Windows servers? If so, what is your process?
Generally it works just fine if you update the lib and bin directories with the files from new version as long as you stick to the same major version of Tomcat. For example you don’t want to switch from Tomcat 7 to Tomcat 9 as you will likely require additional configuration changes. But going from 9.0.x to 9.0.y should generally be an easy upgrade.
Another possibility for error here is that one of the more recent Tomcat updates made a potentially breaking change to the default configuration if you are using AJP (look in your server.xml and see if you have the AJP protocol enabled). If so then a shared secret is required to be configured by default.
@Northwest Thanks for posting back. Glad you worked it out. A little reminder, just in case you are also getting hit by the same issue of tomcat 9 I had with Windows Server 2012, here is a post regarding that and @Zackster awesome solution to resolve it.