7.1.1 includes Tomcat 6.0.32 which has been noted as having vulnerabilities. Version 6.0.53 was included in GroundWork 7.2.0 for this reason. Customers running 7.1.1 that need to be compliant with PCI Net regulations, among others, need a patch.
Apply the attached update to receive the upgraded Tomcat 6.0.53. The new version is embedded in the Josso-1.8.4 subsystem.
|You must have applied TB7.1.1-11 before you may apply TB7.1.1-12.|
- Download the patch file tar archive to, for example the /tmp directory
- Decompress the install script and files and run the install script. They will appear in subdirectory TB7.1.1-12.tomcat6053. Go there and make sure to set ownership and permission.
The patch directory will be noted (in the production version of the updater) with the facts of this update, along with backup files to be used in the uninstall phase if necessary.
In the event that you had not previously installed TB7.1.1-11 this patch will detect the condition. It will require that you apply that patch first.
- Run the uninstall script, and respond to the prompts.
The patch directory will be processed to reflect the restoration of the files and uninstall steps. Note that uninstall will only be successful if you have not made configuration changes for LDAP and or SSL subsequent to applying the -12 patch, since the backup will have the default versions of the files in josso that control some of these capabilities.