Upgrading Apache Tomcat Because of Known Security Threats (Avalanche 5.x)

Version 1

    Verified Product Versions

    Avalanche 5.3Avalanche SE 5.3

    Apache Issues Document

     

    Avalanche 5.3.1.50 comes with Apache Tomcat v7.0.11 which has been reported to have some security vulnerabilities. This document covers some steps that will resolve these security threats by upgrading Apache Tomcat.

     

    *Here is a snippet from Apache Tomcat regarding the Security Threat:

     

    pic 1.png

     

     

    Follow these steps to upgrade Apache Tomcat:

     

    *First Confirm Apache Tomcat version by going to http://localhost:8080

    pic2.png


     

    Upgrade Step 1: Stop Apache Tomcat Service

    pic 3.png

     

     

     

     

     

     

     

    Step 2: Copy and Replace all files in the \AvalancheMC\webutilities\Tomcat folder with the new ones from the ‘apache-tomcat-7.0.34-windows-x86.zip’.

     

    pic4.png

     

     

    Step 3: Start Apache Tomcat for Wavelink Service

    Step 4: Confirm Upgrade by going to http://localhost:8080

     

    pic5.png

     

    NOTES

    Even though I am using a 64bit OS, I had to use the files from the x86 download for Apache Tomcat in order for the service to start correctly. I believe this is because we are not coded to work with the 64bit version.