How can I verify a CVE is applied to tomcat server? - tomcat7

How can I verify a particular CVE is applied to a current installed Tomcat version? For ex: verify CVE-2016-3092 for Tomcat 7.0.70.B

7.0.70.B is not an Apache Tomcat version number. That looks like a version number for a tc Runtime, part of Pivotal's tc Server product. If you have questions about security fixes for tc Server and the information is not in the documentation, you'll need to contact Pivotal support.

Related

Tomcat Upgrading from 8.5 to 10/11 version

we are planning to migrate our Tomcat from 8.5 to 10/11 version.
at the moment we are using Java 8, we are planning to use Java 17 .
I wanted to know if any one has previously migrated and what were the concerns regarding that.
I am aware that javax needs to be changed to jakarta series.
in our 8.5 tomcat we are using following maven dependencies
spring - 4.3.25.RELEASE
jackson
googleapi
graph
aws amazon jdk
javax servlet
mysql connector 5.1.44
log4j
slf4j
jsoup
unirest
httpcomponents
should we also need to update these dependencies to latest version? to be compatible with latest Tomcat 10
any other issues I need to be aware of ? I will post more on the same thread as I face issues while miggrating, appreciate the feedback and support from you guys. Thanks
Solution/ best way to migrating and also any tools that does it automatically? issues faced be individuals and how they resolved while migrating.

How to connect SpringBoot (on Wildfly) to MySQL on openshift 3?

To put a SpringBoot application on openshift 3 the suggested route is by using the s2i of Wildfly. For the moment this is sufficient for me.
How can I conect SpringBoot (on Wildfly) to MySQL at openshift 3?
Please show how I can use environment variables and/ linking.
Do I need to prepare the maven file to produce SpringBoot as a war?
The free eBook at:
https://www.openshift.com/promotions/for-developers.html
Uses a Wildfly application and connects it to a database. See if that will work for your situation.

spring-boot tomcat security vulnerabilities patching

Since spring-boot comes with embedded tomcat containers, I was wondering how is the patching being done. If I decide to go for using embedded approach and a security vulnerability has been found out and the tomcat community has released a patch, how do I apply that patch to the embedded tomcat container which comes with the Spring-boot.
Any help would be greatly appreciated since it will help to decide to go the traditional route of standalone tomcats v's embedded.
According to this Spring blog post, you can specify any version of Tomcat you want. As long as it's released to the Maven repo, just add the following property to your Maven build properties specifying whatever version you like: <tomcat.version>8.0.3</tomcat.version>.
See http://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-core for versions currently available in Maven Central.

Enable OJDBC Logging on JBoss

I'm facing database connection issue when using ojdbc6.jar. Therefore, I would like to enable logging by using ojdbc6_g.jar.
I am using JBoss AS 7.1.
How to add these Java options:
-Doracle.jdbc.Trace=true
-Djava.util.logging.config.file
Do I have to add to Eclipse or JBoss or Oracle database ? My guess would be Eclipse.
Please help.
the JDBC driver has to be in the classpath of the JBOSS server otherwise JBOSS could not be able to find the oracle Server
this could also be a network issue
also you mix several concept in once line ; weird
so we need more details about your problem, for example errors ; logs etc.

Start glassfish at boot in windows

This must be a dumb question, but I don't see any obvious references. How can I get glassfish to start at boot on a windows box?
Install GlassFish as a service that starts automatically:
Check out How do I run GlassFish as a Windows service? in the GlassFish Wiki for GlassFish v2.
Use the Platform Services Support for GlassFish v3 (more on this in this thread just in case).
PS: It's often preferable to mention the version you are using...

Resources