cancel
Showing results for 
Search instead for 
Did you mean: 

Community 7 runs Tomcat 9.0.41 with multiple vulnerabilities (time to upgrade?)

michaelzietlow
Confirmed Champ
Confirmed Champ

Hello!   

  Scanning my newly installed community7, I noticed it includes Apache Tomcat 9.0.41.  This needs to be at least 9.0.43 due to remote code execution vulnerabilities present. Has anyone else has successfully upgraded Tomcat on their Community 6 or 7 installations?

 I installed /opt/apache-tomcat-9.0.43 and it looks like all I need to do is symlink it to /opt/tomcat?   I'll be stopping Community tonight, repointing /opt/tomcat to the 9.0.43 version, and wanted to be as prepared as possible. 

  Are there any configuration files that need to be copied over, or is this as straightforward as it seems?

1 ACCEPTED ANSWER

michaelzietlow
Confirmed Champ
Confirmed Champ

!SUCCESS! 
It appears that upgrading Apache Tomcat on the Community7 ansible installation is 'ALMOST'  as straightforward as it seems.  

The /etc/opt/alfresco/setenv.sh file deployed with community7.0 is not IDEMPOTENT.  It references software directories with version#, not their universal symlinks.  
This of course breaks Alfresco the second you remove /opt/apache-tomcat-9.0.41 so to correct this small oversite do the following.

EDIT:  /etc/opt/alfresco/setenv.sh

BEFORE:
export TOMCAT_HOME=/opt/apache-tomcat-9.0.41

AFTER:
export TOMCAT_HOME=/opt/tomcat

AFTER THIS THE TOMCAT UPGRADE PROCEDURE 9.041 to 9.043 IS EASY.

# cd /opt

# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz

# gunzip apache-tomcat-9.0.43.tar.gz

# tar vxf apache-tomcat-9.0.43.tar

# chown -R alfresco:alfresco /opt/apache-tomcat-9.0.43

# systemctl stop alfresco-content

# unlink /opt/tomcat

# ln -s /opt/apache-tomcat-9.0.43 /opt/tomcat

# systemctl start alfresco-content

View answer in original post

2 REPLIES 2

michaelzietlow
Confirmed Champ
Confirmed Champ

!SUCCESS! 
It appears that upgrading Apache Tomcat on the Community7 ansible installation is 'ALMOST'  as straightforward as it seems.  

The /etc/opt/alfresco/setenv.sh file deployed with community7.0 is not IDEMPOTENT.  It references software directories with version#, not their universal symlinks.  
This of course breaks Alfresco the second you remove /opt/apache-tomcat-9.0.41 so to correct this small oversite do the following.

EDIT:  /etc/opt/alfresco/setenv.sh

BEFORE:
export TOMCAT_HOME=/opt/apache-tomcat-9.0.41

AFTER:
export TOMCAT_HOME=/opt/tomcat

AFTER THIS THE TOMCAT UPGRADE PROCEDURE 9.041 to 9.043 IS EASY.

# cd /opt

# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz

# gunzip apache-tomcat-9.0.43.tar.gz

# tar vxf apache-tomcat-9.0.43.tar

# chown -R alfresco:alfresco /opt/apache-tomcat-9.0.43

# systemctl stop alfresco-content

# unlink /opt/tomcat

# ln -s /opt/apache-tomcat-9.0.43 /opt/tomcat

# systemctl start alfresco-content

EddieMay
World-Class Innovator
World-Class Innovator

Hi @michaelzietlow 

Yah! Well done,  & thanks for the extensive update - really useful to other users Heart

Cheers,

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!