I work on a team that has an application using Lucee 5 on Windows Servers (2012 R2 and above). Recently, a new vulnerability came to light which requires an update to Tomcat 9.0.37. As this is my first post here, just a note: I personally am just making the jump from tech support to dev. Much to learn
Here is a reference to the vulnerability:
Our product used to use Lucee 4.5. At that time, our process for updating Tomcat was to update the files in lucee/tomcat/lib with the files from the corresponding folder in the Tomcat core zip file (downloaded from the Tomcate website). That process doesn’t seem to work at our current version of Lucee, as neither our application site, nor the Lucee web/server admin pages come up afterwards. The request just spins forever.
I did not see any errors in the Lucee logs that jumped out at me.
I’d like to learn the best process for updating Tomcat in this kind of environment.
Has anybody had any experience making the update of Tomcat for Lucee 5.x on Windows servers? If so, what is your process?