search

irods-contrib / metalnx-web

Metalnx Web Application
https://metalnx.github.io/
BSD 3-Clause "New" or "Revised" License
36 stars 36 forks source link

tomcat version #359

Open DOC-MEX opened 2 months ago

DOC-MEX commented 2 months ago

Hi It is is possible to update apache tomcat on my metalnx installation? I got a report from IT about a vulnerability in the current I have: docker exec -it c63c819668d4 /usr/local/tomcat/bin/version.sh Using CATALINA_BASE: /usr/local/tomcat Using CATALINA_HOME: /usr/local/tomcat ... Server version: Apache Tomcat/9.0.52 Server built: Jul 31 2021 04:12:17 UTC

DOC-MEX commented 2 months ago

I guess I have to rebuild metalnx,

I can see this line on the Dockerfile: FROM tomcat:jdk11-adoptopenjdk-hotspot,

Could it possible to update tomcat from 9.0.52 to the recent version 9.0.88?

trel commented 2 months ago

Please try it out and let us know if you have any trouble. PRs welcome, of course.

DOC-MEX commented 2 months ago

OK, so in theory changing that line would be enough to change the source of the tomcat image that docker would use to build metalnx. I cannot find one that includes "-adoptopenjdk-hotspot", but I can see in the this one: "9.0.88-jdk11-temurin-focal" which has the latest version and keeps the jdk11. I'll try that one.

DOC-MEX commented 2 months ago

it seems work OK, I think. At least on my local installation!

docker exec -it 29e2fea7ba19 /usr/local/tomcat/bin/version.sh Using CATALINA_BASE: /usr/local/tomcat Using CATALINA_HOME: /usr/local/tomcat Using CATALINA_TMPDIR: /usr/local/tomcat/temp Using JRE_HOME: /opt/java/openjdk Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar Using CATALINA_OPTS:
NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Server version: Apache Tomcat/9.0.88 Server built: Apr 9 2024 13:22:30 UTC Server number: 9.0.88.0 OS Name: Linux OS Version: 5.15.0-105-generic Architecture: amd64 JVM Version: 11.0.22+7 JVM Vendor: Eclipse Adoptium

trel commented 2 months ago

Ah, very good. Thanks.

@korydraughn should we update the Dockerfile to 9.0.88-jdk11-temurin-focal?

korydraughn commented 2 months ago

That is listed as a supported tag by the Apache Tomcat image on Docker Hub. I think that's fine assuming the version number follows similar rules as semver.

We need to review the following page to be absolutely sure though.

I've been looking for documentation about their versioning scheme, but I'm not having much success.

Regardless, the page I linked includes the following statement under Tomcat 9.0.x noteable changes:

The Tomcat developers aim for each patch release to be fully backwards compatible with the previous release. Occasionally, it is necessary to break backwards compatibility in order to fix a bug. In most cases, these changes will go unnoticed. This section lists changes that are not fully backwards compatible and might cause breakage when upgrading.

All of that to say, it's probably okay, but we should confirm Metalnx works before bumping the version/tag.

korydraughn commented 2 months ago

Re-opening so we don't lose this.