https://community.esri.com/t5/developers-questions/tomcat-security-vulnerabilities/m-p/554761#M3732 <HTML><HEAD></HEAD><BODY><P>My question involves the version of Tomcat bundled into the latest versions of the ArcGIS Server and Portal products (7.x.x.x).</P><P>&nbsp;&nbsp;&nbsp; &nbsp; I am new to supporting ArcGIS for my employer, and have come into the picture after a failed attempt to update Tomcat on our ArcGIS server.&nbsp;&nbsp; This broke ArcGIS completely.&nbsp; Today, we are in process of reinstalling "Server" and "Portal", federation, and the whole enchilada - it has been a&nbsp;disaster.</P><P>&nbsp;&nbsp;&nbsp;&nbsp; My employer runs Qualys scans internally -&nbsp;scans which pick up vulverable software versions (windows patches needed or old versions of Java, even outdated versions of Tomcat!)</P><P>&nbsp;&nbsp;&nbsp;&nbsp; We try to make sure we are not running software which is known to have security problems.&nbsp; Here at the Bank, my job is to find ways to update everything to latest versions if possible.&nbsp; <STRONG>The lowest or oldest version of Tomcat that our bank will support is <SPAN style="font-size: 11pt;">8.5.15 </SPAN></STRONG></P><P><SPAN style="font-size: 11pt;">&nbsp;&nbsp;&nbsp;&nbsp; **MY QUESTION: Is it possible for the DEV team at ESRI to drop in (at least) Tomcat 8.5.15 into a TEST build (bundle or compile the installer with the latest -- or at least 8.5.15) and see if that would work just as well as 7.x.x.x?</SPAN></P><P><SPAN style="font-size: 11pt;">&nbsp;&nbsp;&nbsp; Please consider carving out some time to test&nbsp;out a modified installer package for me.&nbsp; I really would like to know if it would be that painful for the DEV team to&nbsp;give it a try.</SPAN></P><P></P><P><SPAN style="font-size: 11pt;">Thanks in advance,</SPAN></P><P><SPAN style="font-size: 11pt;">Greg Wei, Wells Fargo Bank (San Francisco)</SPAN></P></BODY></HTML> Thu, 04 May 2017 23:00:41 GMT GregoryWei 2017-05-04T23:00:41Z https://community.esri.com/t5/developers-questions/tomcat-security-vulnerabilities/m-p/554761#M3732 <HTML><HEAD></HEAD><BODY><P>My question involves the version of Tomcat bundled into the latest versions of the ArcGIS Server and Portal products (7.x.x.x).</P><P>&nbsp;&nbsp;&nbsp; &nbsp; I am new to supporting ArcGIS for my employer, and have come into the picture after a failed attempt to update Tomcat on our ArcGIS server.&nbsp;&nbsp; This broke ArcGIS completely.&nbsp; Today, we are in process of reinstalling "Server" and "Portal", federation, and the whole enchilada - it has been a&nbsp;disaster.</P><P>&nbsp;&nbsp;&nbsp;&nbsp; My employer runs Qualys scans internally -&nbsp;scans which pick up vulverable software versions (windows patches needed or old versions of Java, even outdated versions of Tomcat!)</P><P>&nbsp;&nbsp;&nbsp;&nbsp; We try to make sure we are not running software which is known to have security problems.&nbsp; Here at the Bank, my job is to find ways to update everything to latest versions if possible.&nbsp; <STRONG>The lowest or oldest version of Tomcat that our bank will support is <SPAN style="font-size: 11pt;">8.5.15 </SPAN></STRONG></P><P><SPAN style="font-size: 11pt;">&nbsp;&nbsp;&nbsp;&nbsp; **MY QUESTION: Is it possible for the DEV team at ESRI to drop in (at least) Tomcat 8.5.15 into a TEST build (bundle or compile the installer with the latest -- or at least 8.5.15) and see if that would work just as well as 7.x.x.x?</SPAN></P><P><SPAN style="font-size: 11pt;">&nbsp;&nbsp;&nbsp; Please consider carving out some time to test&nbsp;out a modified installer package for me.&nbsp; I really would like to know if it would be that painful for the DEV team to&nbsp;give it a try.</SPAN></P><P></P><P><SPAN style="font-size: 11pt;">Thanks in advance,</SPAN></P><P><SPAN style="font-size: 11pt;">Greg Wei, Wells Fargo Bank (San Francisco)</SPAN></P></BODY></HTML> Thu, 04 May 2017 23:00:41 GMT https://community.esri.com/t5/developers-questions/tomcat-security-vulnerabilities/m-p/554761#M3732 GregoryWei 2017-05-04T23:00:41Z