Tomcat Version Update necessary?
Posted: Wed Apr 22, 2015 11:29 pm
The IT department of one of our customers recommended to update the current Tomcat 6.0.37 version, pointing to this documentation that lists some security issues that are fixed in higher versions:
https://tomcat.apache.org/security-6.html
Now there is also Tomcat 7.x and 8.x around, and what I know so far is that those have higher requirements for the Java Version they support, as is listed in the table here:
https://tomcat.apache.org/whichversion.html
Now there will always be security issues in future, and I currently wonder if an update is necessary at once when a new Tomcat version is released and the doc tells that there was another security issue fixed.
I have two questions regaring this:
- When you only run smart clients and no web clients, is a smart client as vulnerable as a web client regarding Tomcat security issues?
- Did you upgrade the Tomcat 6.0.37 version to any higher version, and how difficult is it and what were your experiences?
I mean, "Never change a running system" is a motto one has to think about here, I do not want to cripple a stable running Servoy solution.
https://tomcat.apache.org/security-6.html
Now there is also Tomcat 7.x and 8.x around, and what I know so far is that those have higher requirements for the Java Version they support, as is listed in the table here:
https://tomcat.apache.org/whichversion.html
Now there will always be security issues in future, and I currently wonder if an update is necessary at once when a new Tomcat version is released and the doc tells that there was another security issue fixed.
I have two questions regaring this:
- When you only run smart clients and no web clients, is a smart client as vulnerable as a web client regarding Tomcat security issues?
- Did you upgrade the Tomcat 6.0.37 version to any higher version, and how difficult is it and what were your experiences?
I mean, "Never change a running system" is a motto one has to think about here, I do not want to cripple a stable running Servoy solution.