Upgrading Apache Tomcat Because of Known Security Threats (Avalanche 5.x)

Version 1

    Verified Product Versions

    Avalanche 5.3Avalanche SE 5.3

    Apache Issues Document


    Avalanche comes with Apache Tomcat v7.0.11 which has been reported to have some security vulnerabilities. This document covers some steps that will resolve these security threats by upgrading Apache Tomcat.


    *Here is a snippet from Apache Tomcat regarding the Security Threat:


    pic 1.png



    Follow these steps to upgrade Apache Tomcat:


    *First Confirm Apache Tomcat version by going to http://localhost:8080



    Upgrade Step 1: Stop Apache Tomcat Service

    pic 3.png








    Step 2: Copy and Replace all files in the \AvalancheMC\webutilities\Tomcat folder with the new ones from the ‘apache-tomcat-7.0.34-windows-x86.zip’.





    Step 3: Start Apache Tomcat for Wavelink Service

    Step 4: Confirm Upgrade by going to http://localhost:8080





    Even though I am using a 64bit OS, I had to use the files from the x86 download for Apache Tomcat in order for the service to start correctly. I believe this is because we are not coded to work with the 64bit version.