https://connect.hyland.com/t5/alfresco-forum/community-7-runs-tomcat-9-0-41-with-multiple-vulnerabilities/m-p/121639#M33366 <P>Hi&nbsp;<A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/85891">@michaelzietlow</A>&nbsp;</P> <P>Yah! Well done,&nbsp; &amp; thanks for the extensive update - really useful to other users&nbsp;<img id="heart" class="emoticon emoticon-heart" src="https://connect.hyland.com/i/smilies/16x16_heart.png" alt="Heart" title="Heart" /></P> <P>Cheers,</P> Fri, 30 Jul 2021 09:20:52 GMT EddieMay 2021-07-30T09:20:52Z https://connect.hyland.com/t5/alfresco-forum/community-7-runs-tomcat-9-0-41-with-multiple-vulnerabilities/m-p/121637#M33364 <P>Hello!&nbsp; &nbsp;</P><P>&nbsp; Scanning my newly installed community7, I noticed it includes Apache Tomcat 9.0.41.&nbsp; This needs to be at least 9.0.43 due to <SPAN>remote code execution vulnerabilities present. Has anyone&nbsp;</SPAN>else has successfully upgraded Tomcat on their Community 6 or 7 installations?<BR /><BR />&nbsp;I installed /opt/apache-tomcat-9.0.43 and it looks like all I need to do is symlink it to /opt/tomcat?&nbsp; &nbsp;I'll be stopping Community tonight, repointing /opt/tomcat to the 9.0.43 version, and wanted to be as prepared as possible.&nbsp;<BR /><BR />&nbsp; Are there any configuration files that need to be copied over, or is this as straightforward as it seems?</P> Wed, 28 Jul 2021 18:41:43 GMT https://connect.hyland.com/t5/alfresco-forum/community-7-runs-tomcat-9-0-41-with-multiple-vulnerabilities/m-p/121637#M33364 michaelzietlow 2021-07-28T18:41:43Z https://connect.hyland.com/t5/alfresco-forum/community-7-runs-tomcat-9-0-41-with-multiple-vulnerabilities/m-p/121638#M33365 <P>!SUCCESS!&nbsp;<BR />It appears that upgrading Apache Tomcat on the Community7 ansible installation is 'ALMOST'&nbsp; as <SPAN>straightforward as it seems.&nbsp;&nbsp;<BR /><BR />The&nbsp;<STRONG>/etc/opt/alfresco/setenv.sh</STRONG> file deployed with community7.0 is not IDEMPOTENT.&nbsp; It references software directories with version#, not their universal symlinks.&nbsp;&nbsp;</SPAN><SPAN>This of course breaks Alfresco the second you remove&nbsp;</SPAN><SPAN>/opt/apache-tomcat-9.0.41 so to correct this small oversite do the following.</SPAN><SPAN><BR /></SPAN></P><P><SPAN>EDIT:&nbsp; /<SPAN><STRONG>etc/opt/alfresco/setenv.sh</STRONG></SPAN></SPAN></P><PRE>BEFORE:<BR />export TOMCAT_HOME=/opt/apache-tomcat-9.0.41<BR /><BR />AFTER:<BR />export TOMCAT_HOME=/opt/tomcat</PRE><P><SPAN>AFTER THIS THE TOMCAT UPGRADE PROCEDURE 9.041 to 9.043 IS EASY.</SPAN></P><PRE># cd /opt # wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz # gunzip apache-tomcat-9.0.43.tar.gz # tar vxf apache-tomcat-9.0.43.tar # chown -R alfresco:alfresco /opt/apache-tomcat-9.0.43 # systemctl stop alfresco-content # unlink /opt/tomcat # ln -s /opt/apache-tomcat-9.0.43 /opt/tomcat # systemctl start alfresco-content</PRE> Wed, 28 Jul 2021 19:47:33 GMT https://connect.hyland.com/t5/alfresco-forum/community-7-runs-tomcat-9-0-41-with-multiple-vulnerabilities/m-p/121638#M33365 michaelzietlow 2021-07-28T19:47:33Z https://connect.hyland.com/t5/alfresco-forum/community-7-runs-tomcat-9-0-41-with-multiple-vulnerabilities/m-p/121639#M33366 <P>Hi&nbsp;<A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/85891">@michaelzietlow</A>&nbsp;</P> <P>Yah! Well done,&nbsp; &amp; thanks for the extensive update - really useful to other users&nbsp;<img id="heart" class="emoticon emoticon-heart" src="https://connect.hyland.com/i/smilies/16x16_heart.png" alt="Heart" title="Heart" /></P> <P>Cheers,</P> Fri, 30 Jul 2021 09:20:52 GMT https://connect.hyland.com/t5/alfresco-forum/community-7-runs-tomcat-9-0-41-with-multiple-vulnerabilities/m-p/121639#M33366 EddieMay 2021-07-30T09:20:52Z