Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Does a stand alone installation stops you from applying Tomcat security updates?

anatole farci
anatole farci July 30, 2013

Hi,

I'm new to JIRA and not a Tomcat person but I was told that one of the benefits of using WAR installations vs. Stand alone/installer is that if we have to deploy any Tomcat security updates, using the stand alone, it would be harder.

Working a little in the Websphere and WAR files on another application, my understanding is that it should in irrelevant. While I understand that the OS Tomcat installation vs. JIRA stand alone might place the binaries in different folders, etc. but does the stand alone really makes Tomcat updates that much harder? I figured in worst case, one would export/build a WAR file of the current JIRA, update tomcat and re-import the saved WAR file in case the Tomcat patch updated any JIRA data/binaries.

Thanks

Anatole

Answer
Watch
Like Be the first to like this
406 views

3 answers

1 accepted

0 votes
Answer accepted
LucasA
LucasA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 30, 2013

Hi Anatole,

Atlassian also ships the latest Tomcat version with JIRA standalone. Since we have a JIRA version every 2 weeks, in a worst case scenario you would have a 14 days gap between a new Tomcat version and a new JIRA release. If this is a problem for you, a EAR/WAR deployment would fit better for your needs, but it's a little bit more complex than the JIRA automatic installer. Since you are already experienced with WebSphere, the process shouldn't be that hard. :)

Best regards,
Lucas Timm

View More Comments
anatole farci
anatole farci July 30, 2013

Lucas,
we might not be able to upgrade as often but perhaps when a security patch comes along, we may take that option even if requires us additional testing of plug-ins and other functionality.But I'm not very clear from your answer and Timothy's if I have to have a WAR deployment in order to deploy Tomcat fixpacks or can I still go with Linux Installer and only update Tomcat as/when needed.
Does the Installer create special Tomcat folders that a generic Tomcat patch can't find and update OR is it that the Installer placed some JIRA files into Tomcat's folder and the patch would override it?
thanks

Like
Reply
0 votes
VitalyA
VitalyA August 5, 2013

While this is not a supported configuration, upgrading Tomcat for security patches never broke anything on my memory.

View More Comments
anatole farci
anatole farci August 5, 2013

Hi Vitaly, I'm asuming that you are using the Installer option since the WAR option works for one of our groups and doesn't break anything but I wanted to confirm that the installer option doesn't do anything special to make Tomcat patching a burden as our team is in favor of using the Installer. thx

Like
Reply
0 votes
Timothy
Timothy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 30, 2013

You should be able to apply the security updates for Tomcat. The release of JIRA is built into Tomcat and you can override the libs.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events