We have received a Cat 1 vulnerability for the current version of tomcat. We have other products using Tomcat and wanted to try to keep them all on the same version of Apache Tomcat. We just upgrade one product to apache 9.0.44 and wanted to know if Jira and Confluence can both be upgraded the same version without breaking the application.
In theory, yes, you could pull the Jira or Confluence out of the Tomcat and push it into another one.
But I'm afraid Atlassian don't support that and it's not a simple redeployment, it is quite a lot of work.
I also have a couple of third-hand reports from people who have tried to redeploy Jira on to Tomcat 9 have met with simple failure - the application won't start (Tomcat runs, but can't start Jira)
So, we're stuck on Jira. But there's better news on Confluence - later versions are bundled with Tomcat 9, so a standard upgrade will make the problem go away.
For Jira, upgrading might fix it, if the vulnerability is limited to specific 8.5.x versions - see https://confluence.atlassian.com/jiracore/bundled-tomcat-and-java-versions-1013854250.html but for Confluence, an upgrade to 6.10 or higher takes the Tomcat up to 9. Similar page for Confluence is https://confluence.atlassian.com/doc/bundled-tomcat-and-java-versions-1005786018.html
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events