[JRASERVER-59887] Upgrade Tomcat to the latest 8.0.x release

Type: Bug
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 7.1.7
Affects Version/s: 7.1.0, 7.1.1
Component/s: Installation
Labels:

Introduced in Version:
7.01
Bug Fix Policy:
View Atlassian Server bug fix policy

Summary

We are currently on 8.0.17 and have already been bitten by a bug in it:

https://bz.apache.org/bugzilla/show_bug.cgi?id=57476

We should upgrade to the latest to get the latest bugfixes.

Also, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager, which I believe we do not currently use.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763

However, these are related to other aspects of Tomcat:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351 (probably doesn't affect us)

Updating Tomcat to one of these versions would appear to patch all of the above CVEs:

Apache Tomcat 9.0.0.M3
Apache Tomcat 8.0.32
Apache Tomcat 7.0.68
Apache Tomcat 6.0.45

causes

JRASERVER-61179 Importing issues from CSV fails with blank screen

Closed

is related to

JRASERVER-60435 Tomcat upgrade (8.0.26+) needed for Apache commons pool EvictionPolicy error

Closed

GHS-41767 You do not have permission to view this issue

mentioned in: Page Failed to load; Page Failed to load

relates to: ICE-499 Loading...

(1 relates to)

Dieter Greiner added a comment - 18/May/2016 4:17 PM

Why is still "soaking" after JIRA 7.1.7 has been released today?

Dieter Greiner added a comment - 18/May/2016 4:17 PM Why is still "soaking" after JIRA 7.1.7 has been released today?

Pawel Farid (Inactive) added a comment - 06/May/2016 10:23 AM

ohernandez@atlassian.com hey Os any progress here ?

Pawel Farid (Inactive) added a comment - 06/May/2016 10:23 AM ohernandez@atlassian.com hey Os any progress here ?

MichaelL added a comment - 14/Mar/2016 8:23 PM

There are numerous bug fixes and SSL (Coyote) updates within Apache Tomcat 8 since version 8.0.17. see http://tomcat.apache.org/tomcat-8.0-doc/changelog.html.

A fresher version of Tomcat 8 in the Atlassian installers would make it easier for admins configure SSL using optimal protocols and cipher suites.

MichaelL added a comment - 14/Mar/2016 8:23 PM There are numerous bug fixes and SSL (Coyote) updates within Apache Tomcat 8 since version 8.0.17. see http://tomcat.apache.org/tomcat-8.0-doc/changelog.html . A fresher version of Tomcat 8 in the Atlassian installers would make it easier for admins configure SSL using optimal protocols and cipher suites.

Assignee:: Pawel Bugalski (Inactive)

Reporter:: Oswaldo Hernandez (Inactive)

Affected customers:: 4 This affects my team

Watchers:: 11 Start watching this issue

Created:: 19/Feb/2016 12:04 AM

Updated:: 28/Mar/2019 12:20 AM

Resolved:: 18/May/2016 11:42 PM

Jira Data Center

Details

Description

Summary

Attachments

Issue Links

Forms

Activity

Collapse comment: Dieter Greiner added a comment - 18/May/2016 4:17 PM

Expand comment: Dieter Greiner added a comment - 18/May/2016 4:17 PM

Collapse comment: Pawel Farid (Inactive) added a comment - 06/May/2016 10:23 AM

Expand comment: Pawel Farid (Inactive) added a comment - 06/May/2016 10:23 AM

Collapse comment: MichaelL added a comment - 14/Mar/2016 8:23 PM

Expand comment: MichaelL added a comment - 14/Mar/2016 8:23 PM

People

Dates