From c83f7a169ba5f021ce67b7834852f53036354f56 Mon Sep 17 00:00:00 2001 From: Sofia Boldyreva Date: Wed, 26 Nov 2025 14:20:07 +0100 Subject: [PATCH 1/3] Update Apache Tomcat libraries and application pages --- .../apache-tomcat/README.md | 345 +++++++++++------- .../els-for-libraries/apache-tomcat/README.md | 177 +++++++++ 2 files changed, 390 insertions(+), 132 deletions(-) create mode 100644 docs/els-for-libraries/apache-tomcat/README.md diff --git a/docs/els-for-applications/apache-tomcat/README.md b/docs/els-for-applications/apache-tomcat/README.md index 4684c161d..6235001ed 100644 --- a/docs/els-for-applications/apache-tomcat/README.md +++ b/docs/els-for-applications/apache-tomcat/README.md @@ -3,175 +3,256 @@ TuxCare's Endless Lifecycle Support (ELS) for Apache Tomcat provides security patches, and selected bug fixes, that are integral to the stable operation of applications running on these versions of Apache Tomcat core components such as Coyote, Catalina, Jasper etc.. These components have either reached their end of standard support from vendors or have reached End of Life (EOL). Our ELS for Apache Tomcat service is designed to provide solutions for organizations that are not yet ready to migrate to newer versions and that are seeking long-term stability for their legacy Apache Tomcat applications. +This guide outlines the steps needed for Apache Tomcat server setup and configuration. + +:::tip +Apache Tomcat is also available for installation as a library for Maven and Gradle projects. See [ELS for Apache Tomcat Libraries](/els-for-libraries/apache-tomcat/) for integration instructions. +::: + ## Supported Versions -* Apache Tomcat 9.0.75, 9.0.83, 8.5.100 +* Apache Tomcat 8.5.100, 9.0.75, 9.0.83 -## Connection to ELS for Apache Tomcat Repository +## Prerequisities -This guide outlines the steps needed to integrate the TuxCare ELS for Apache Tomcat repository into your Java application. The repository provides trusted Java libraries that can be easily integrated into your **Maven** and **Gradle** projects. +* **Java Development Kit (JDK)** -### Step 1: Get user credentials + Ensure you have a compatible version of Java Development Kit (JDK) installed. Apache Tomcat 8.5.x and 9.0.x require JDK 8 or later. To verify if JDK is already installed on your system, open a terminal or command prompt and run: -You need username and password in order to use TuxCare ELS Apache Tomcat repository. Anonymous access is disabled. To receive username and password please contact [sales@tuxcare.com](mailto:sales@tuxcare.com). + -### Step 2: Configure Registry + ```text + java -version + ``` -1. Navigate to the directory depending on your operating system. - * Windows - ```text - Maven: C:\Users\{username}\.m2 - Gradle: C:\Users\{username}\.gradle - ``` - * macOS - ```text - Maven: /Users/{username}/.m2 - Gradle: /Users/{username}/.gradle - ``` - * Linux - ```text - Maven: /home/{username}/.m2 - Gradle: /home/{username}/.gradle - ``` + -2. Add the TuxCare repository and plugin repository to your build configuration. + If JDK is installed, you should see version information. If not, you'll need to install it. - :::tip - For Maven, you may choose any valid `` value instead of `tuxcare-tomcat-registry`, but the same value must be used in both `settings.xml` and `pom.xml`. - ::: +* **Repository Access** - + You need username and password to access the TuxCare ELS Apache Tomcat repository. Anonymous access is disabled. + To obtain credentials, please contact [sales@tuxcare.com](mailto:sales@tuxcare.com). Once you have credentials, you can access the repository at: [https://nexus.repo.tuxcare.com/repository/els_tomcat/](https://nexus.repo.tuxcare.com/repository/els_tomcat/) -Here `USERNAME` and `PASSWORD` are your credentials mentioned in the [Step 1](#step-1-get-user-credentials). +## Installation -### Step 3: Update Build Configuration +### Create Tomcat User (Linux Only) -Add the TuxCare Apache Tomcat repository and plugins to your build configuration: +* For security purposes, create a dedicated tomcat group: - + -* To fully switch from the official Apache Tomcat repository, replace it with the TuxCare repository. -* To keep both, add TuxCare after the official one. + ```text + sudo groupadd tomcat + ``` -Example Maven and Gradle projects are available on GitHub. Remember to set the required environment variables. -* [Maven](https://github.com/cloudlinux/securechain-java/tree/main/examples/maven) -* [Gradle](https://github.com/cloudlinux/securechain-java/tree/main/examples/gradle) + -### Step 4: Update Dependencies +* And a new tomcat user as a member of the tomcat group, with a home directory of `/opt/tomcat` and with a shell of `/bin/false`: -Replace the Apache Tomcat dependencies in your build file with the TuxCare-maintained versions to cover both direct and transitive dependencies. + - + ```text + sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat + ``` -You can find a specific artifact version in your TuxCare account on [Nexus](https://nexus.repo.tuxcare.com/repository/els_tomcat/) (anonymous access is restricted). + -### Step 5: Verify and Build +### Download Apache Tomcat -1. To confirm the TuxCare Apache Tomcat repository is set up correctly, use your build tool to list the project's dependencies. It shows both direct and transitive dependencies in the classpath. +Download the archive file from the TuxCare repository manually or via terminal using your credentials: - + -2. After reviewing the dependencies, include any library from the repository into your project and then run a build: +```text +curl -u USERNAME:PASSWORD -O https://nexus.repo.tuxcare.com/repository/els_tomcat/org/apache/tomcat/tomcat/8.5.100-tuxcare.3/apache-tomcat-8.5.100-tuxcare.3.tar.gz +``` - + -The build tool you're using should be able to identify and resolve dependencies from the TuxCare ELS for Apache Tomcat repository. +Replace `USERNAME` and `PASSWORD` with your actual credentials, and adjust the version number as needed. -### Conclusion +### Extract the Archive -You've successfully integrated the TuxCare ELS for Apache Tomcat repository into your project. You can now benefit from the secure and vetted Apache Tomcat libraries it provides. +**Linux/macOS:** -## Vulnerability Exploitability eXchange (VEX) +Unpack the downloaded file into a directory of your choice (e.g., `/opt/tomcat`). -VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives, helps prioritize real risks. + -TuxCare provides VEX for Apache Tomcat ELS versions: [security.tuxcare.com/vex/cyclonedx/els_lang_java/](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/). +```text +sudo tar -xvzf ~/v8.5.100-tuxcare.3/bin/apache-tomcat-8.5.100-tuxcare.3.tar.gz -C /opt/tomcat --strip-components=1 +``` + + + +**Windows:** + +Extract the downloaded `.zip` file to your desired location (e.g., `C:\Tomcat`). + +### Update Permissions + +The tomcat user that we set up needs to have access to the Tomcat installation. We’ll set that up now. + +Change to the directory where we unpacked the Tomcat installation: + + + +```text +cd /opt/tomcat +``` + + + +Give the tomcat group ownership over the entire installation directory: + + + +```text +sudo chgrp -R tomcat /opt/tomcat +``` + + + +Next, give the tomcat group read access to the conf directory and all of its contents, and execute access to the directory itself: + + + +```text +sudo chmod -R g+r conf +sudo chmod g+x conf +``` + + + +Make the tomcat user the owner of the webapps, work, temp, and logs directories: + + + +```text +sudo chown -R tomcat webapps/ work/ temp/ logs/ +``` + + + +### Configure Environment Variables + +**Linux/macOS:** + +Add the following to your `~/.bashrc` or `~/.bash_profile`: + + + +```text +export CATALINA_HOME=/opt/tomcat +export JAVA_HOME=/usr/lib/jvm/java-11-openjdk +``` + + + +Then reload: + + + +```text +source ~/.bashrc +``` + + -## How to Upgrade to a Newer Version of TuxCare Packages +**Windows:** -If you have already installed a package with a `tuxcare.1` suffix and want to upgrade to a newer release (for example, `tuxcare.3`), you need to update version strings in your Maven or Gradle build file. +1. Right-click *This PC* → *Properties* → *Advanced system settings* → *Environment Variables* +2. Add new system variable: + - Variable name: `CATALINA_HOME` + - Variable value: `C:\Tomcat` (or your installation path) + +### Start Tomcat + +**Linux/macOS:** + + + +```text +sudo -u tomcat /opt/tomcat/bin/startup.sh +``` + + + +**Windows:** + +Double-click `startup.bat` in the `bin` directory. + +### Verify Installation + +Open a web browser and visit `http://localhost:8080/`. You should see the default Tomcat homepage. + +Alternatively, use curl: + + + +```text +curl http://localhost:8080 +``` + + + +You should see HTML output containing: + + + +```text +

If you're seeing this, you've successfully installed Tomcat. Congratulations!

+``` + + + +### Stop Tomcat + +**Linux/macOS:** + + + +```text +sudo -u tomcat /opt/tomcat/bin/shutdown.sh +``` + + + +**Windows:** + +Double-click `shutdown.bat` in the `bin` directory. + +## Upgrading to a Newer TuxCare Version + +To upgrade to a newer TuxCare release (e.g., from `tuxcare.1` to `tuxcare.3`): + +1. **Download and extract new version** following Steps 2-3 in the Installation section. + +2. **Start Tomcat:** + + + + ```text + sudo -u tomcat /opt/tomcat/bin/startup.sh + ``` + + + +### Logs Location + +Check logs for detailed error information: +- **Linux/macOS:** `/opt/tomcat/logs/catalina.out` +- **Windows:** `C:\Tomcat\logs\catalina.[date].log` + +## Vulnerability Exploitability eXchange (VEX) + +VEX is a machine-readable format that indicates whether a known vulnerability is actually exploitable in your product. It reduces false positives and helps prioritize real risks. + +TuxCare provides VEX for Apache Tomcat ELS versions: [security.tuxcare.com/vex/cyclonedx/els_lang_java/](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/). ## Resolved CVEs in ELS for Apache Tomcat - - - - \ No newline at end of file diff --git a/docs/els-for-libraries/apache-tomcat/README.md b/docs/els-for-libraries/apache-tomcat/README.md new file mode 100644 index 000000000..4684c161d --- /dev/null +++ b/docs/els-for-libraries/apache-tomcat/README.md @@ -0,0 +1,177 @@ +# Apache Tomcat + +TuxCare's Endless Lifecycle Support (ELS) for Apache Tomcat provides security patches, and selected bug fixes, that are integral to the stable operation of applications running on these versions of Apache Tomcat core components such as Coyote, Catalina, Jasper etc.. These components have either reached their end of standard support from vendors or have reached End of Life (EOL). +Our ELS for Apache Tomcat service is designed to provide solutions for organizations that are not yet ready to migrate to newer versions and that are seeking long-term stability for their legacy Apache Tomcat applications. + +## Supported Versions + +* Apache Tomcat 9.0.75, 9.0.83, 8.5.100 + +## Connection to ELS for Apache Tomcat Repository + +This guide outlines the steps needed to integrate the TuxCare ELS for Apache Tomcat repository into your Java application. The repository provides trusted Java libraries that can be easily integrated into your **Maven** and **Gradle** projects. + +### Step 1: Get user credentials + +You need username and password in order to use TuxCare ELS Apache Tomcat repository. Anonymous access is disabled. To receive username and password please contact [sales@tuxcare.com](mailto:sales@tuxcare.com). + +### Step 2: Configure Registry + +1. Navigate to the directory depending on your operating system. + * Windows + ```text + Maven: C:\Users\{username}\.m2 + Gradle: C:\Users\{username}\.gradle + ``` + * macOS + ```text + Maven: /Users/{username}/.m2 + Gradle: /Users/{username}/.gradle + ``` + * Linux + ```text + Maven: /home/{username}/.m2 + Gradle: /home/{username}/.gradle + ``` + +2. Add the TuxCare repository and plugin repository to your build configuration. + + :::tip + For Maven, you may choose any valid `` value instead of `tuxcare-tomcat-registry`, but the same value must be used in both `settings.xml` and `pom.xml`. + ::: + + + +Here `USERNAME` and `PASSWORD` are your credentials mentioned in the [Step 1](#step-1-get-user-credentials). + +### Step 3: Update Build Configuration + +Add the TuxCare Apache Tomcat repository and plugins to your build configuration: + + + +* To fully switch from the official Apache Tomcat repository, replace it with the TuxCare repository. +* To keep both, add TuxCare after the official one. + +Example Maven and Gradle projects are available on GitHub. Remember to set the required environment variables. +* [Maven](https://github.com/cloudlinux/securechain-java/tree/main/examples/maven) +* [Gradle](https://github.com/cloudlinux/securechain-java/tree/main/examples/gradle) + +### Step 4: Update Dependencies + +Replace the Apache Tomcat dependencies in your build file with the TuxCare-maintained versions to cover both direct and transitive dependencies. + + + +You can find a specific artifact version in your TuxCare account on [Nexus](https://nexus.repo.tuxcare.com/repository/els_tomcat/) (anonymous access is restricted). + +### Step 5: Verify and Build + +1. To confirm the TuxCare Apache Tomcat repository is set up correctly, use your build tool to list the project's dependencies. It shows both direct and transitive dependencies in the classpath. + + + +2. After reviewing the dependencies, include any library from the repository into your project and then run a build: + + + +The build tool you're using should be able to identify and resolve dependencies from the TuxCare ELS for Apache Tomcat repository. + +### Conclusion + +You've successfully integrated the TuxCare ELS for Apache Tomcat repository into your project. You can now benefit from the secure and vetted Apache Tomcat libraries it provides. + +## Vulnerability Exploitability eXchange (VEX) + +VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives, helps prioritize real risks. + +TuxCare provides VEX for Apache Tomcat ELS versions: [security.tuxcare.com/vex/cyclonedx/els_lang_java/](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/). + +## How to Upgrade to a Newer Version of TuxCare Packages + +If you have already installed a package with a `tuxcare.1` suffix and want to upgrade to a newer release (for example, `tuxcare.3`), you need to update version strings in your Maven or Gradle build file. + +## Resolved CVEs in ELS for Apache Tomcat + + + + + + + + \ No newline at end of file From 5d12b5862e14fbc2035b3467c9a05b6271131627 Mon Sep 17 00:00:00 2001 From: Sofia Boldyreva Date: Thu, 27 Nov 2025 20:22:14 +0100 Subject: [PATCH 2/3] updates --- docs/.vuepress/components/ELSTechnology.vue | 5 + docs/.vuepress/config-client/sidebar.ts | 4 + .../apache-tomcat/README.md | 299 ++++++++++-------- .../els-for-libraries/apache-tomcat/README.md | 2 +- 4 files changed, 179 insertions(+), 131 deletions(-) diff --git a/docs/.vuepress/components/ELSTechnology.vue b/docs/.vuepress/components/ELSTechnology.vue index 6ee37dcd2..260f04f15 100644 --- a/docs/.vuepress/components/ELSTechnology.vue +++ b/docs/.vuepress/components/ELSTechnology.vue @@ -114,6 +114,11 @@ const techData = [ versions: "2.4.8", link: "./apache-spark/", }, + { + name: "Apache Tomcat", + versions: "8.5.100 | 9.0.75 | 9.0.83", + link: "./apache-tomcat/", + }, { name: "Okio", versions: "2.8.0", diff --git a/docs/.vuepress/config-client/sidebar.ts b/docs/.vuepress/config-client/sidebar.ts index e43275635..2353f1117 100644 --- a/docs/.vuepress/config-client/sidebar.ts +++ b/docs/.vuepress/config-client/sidebar.ts @@ -128,6 +128,10 @@ export default { path: '/els-for-libraries/apache-spark/', icon: '/images/apache-spark.webp', }, + { + path: '/els-for-libraries/apache-tomcat/', + icon: '/images/tomcat.webp', + }, { path: '/els-for-libraries/apache-kafka/', icon: '/images/apache-kafka.webp', diff --git a/docs/els-for-applications/apache-tomcat/README.md b/docs/els-for-applications/apache-tomcat/README.md index 6235001ed..77aa67227 100644 --- a/docs/els-for-applications/apache-tomcat/README.md +++ b/docs/els-for-applications/apache-tomcat/README.md @@ -13,11 +13,11 @@ Apache Tomcat is also available for installation as a library for Maven and Grad * Apache Tomcat 8.5.100, 9.0.75, 9.0.83 -## Prerequisities +## Prerequisites -* **Java Development Kit (JDK)** +* Ensure you have a compatible version of **Java Development Kit (JDK)** installed. JDK 7 or later is required. - Ensure you have a compatible version of Java Development Kit (JDK) installed. Apache Tomcat 8.5.x and 9.0.x require JDK 8 or later. To verify if JDK is already installed on your system, open a terminal or command prompt and run: + To verify if JDK is already installed on your system, open a terminal or command prompt and run: @@ -28,228 +28,267 @@ Apache Tomcat is also available for installation as a library for Maven and Grad If JDK is installed, you should see version information. If not, you'll need to install it. + +* Make sure the `JAVA_HOME` environment variable is properly set to point to your JDK installation directory. -* **Repository Access** +## Repository Access - You need username and password to access the TuxCare ELS Apache Tomcat repository. Anonymous access is disabled. - To obtain credentials, please contact [sales@tuxcare.com](mailto:sales@tuxcare.com). Once you have credentials, you can access the repository at: [https://nexus.repo.tuxcare.com/repository/els_tomcat/](https://nexus.repo.tuxcare.com/repository/els_tomcat/) +You need username and password to access the TuxCare ELS Apache Tomcat repository. Anonymous access is disabled. +To obtain credentials, please contact [sales@tuxcare.com](mailto:sales@tuxcare.com). -## Installation +Once you have credentials, you can access the repository at: [https://nexus.repo.tuxcare.com/repository/els_tomcat/](https://nexus.repo.tuxcare.com/repository/els_tomcat/) -### Create Tomcat User (Linux Only) +## Linux Installation -* For security purposes, create a dedicated tomcat group: +### Step 1: Create User and Group - +1. For security purposes, create a `tomcat` group: - ```text - sudo groupadd tomcat - ``` + - + ```text + sudo groupadd tomcat + ``` -* And a new tomcat user as a member of the tomcat group, with a home directory of `/opt/tomcat` and with a shell of `/bin/false`: + - +2. Create a new `tomcat` user as a member of this `tomcat` group, with a home directory of `/opt/tomcat`, which will be used to install Tomcat, and set the user's login shell to `/bin/false` so that no one can log in directly as this user: - ```text - sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat - ``` + - + ```text + sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat + ``` + + + +### Step 2: Download and Install Apache Tomcat + +1. Open the terminal and download Apache Tomcat from TuxCare using your credentials. For example, Apache Tomcat 8.5.100: + + + + ```text + curl -u USERNAME:PASSWORD -O https://nexus.repo.tuxcare.com/repository/els_tomcat/org/apache/tomcat/tomcat/8.5.100-tuxcare.3/apache-tomcat-8.5.100-tuxcare.3.tar.gz + ``` -### Download Apache Tomcat + + + Replace `USERNAME` and `PASSWORD` with your actual credentials. + +2. The archive provided by TuxCare contains a container archive with metadata and the actual Tomcat package. Extract the container archive: + + + + ```text + tar -xvzf v8.5.100-tuxcare.3.tar.gz + ``` + + + +3. Create the `/opt/tomcat` directory and extract the Apache Tomcat archive into it: -Download the archive file from the TuxCare repository manually or via terminal using your credentials: + - + ```text + sudo mkdir -p /opt/tomcat + sudo tar -xvzf v8.5.100-tuxcare.3/bin/apache-tomcat-8.5.100-tuxcare.3.tar.gz -C /opt/tomcat --strip-components=1 + ``` -```text -curl -u USERNAME:PASSWORD -O https://nexus.repo.tuxcare.com/repository/els_tomcat/org/apache/tomcat/tomcat/8.5.100-tuxcare.3/apache-tomcat-8.5.100-tuxcare.3.tar.gz -``` + - +4. Change to the Tomcat installation directory: -Replace `USERNAME` and `PASSWORD` with your actual credentials, and adjust the version number as needed. + -### Extract the Archive + ```text + cd /opt/tomcat + ``` -**Linux/macOS:** + -Unpack the downloaded file into a directory of your choice (e.g., `/opt/tomcat`). +### Step 4: Configure Permissions - +Update permissions so that the `tomcat` user has access to the Tomcat installation. -```text -sudo tar -xvzf ~/v8.5.100-tuxcare.3/bin/apache-tomcat-8.5.100-tuxcare.3.tar.gz -C /opt/tomcat --strip-components=1 -``` +1. Change ownership to the `tomcat` group: - + -**Windows:** + ```text + sudo chgrp -R tomcat /opt/tomcat + ``` -Extract the downloaded `.zip` file to your desired location (e.g., `C:\Tomcat`). + -### Update Permissions +2. Give the `tomcat` group read access to the `conf` directory and its contents, and execute access to the directory itself: -The tomcat user that we set up needs to have access to the Tomcat installation. We’ll set that up now. + -Change to the directory where we unpacked the Tomcat installation: + ```text + sudo chmod -R g+r conf + sudo chmod g+x conf + ``` - + -```text -cd /opt/tomcat -``` +3. Give the `tomcat` user write access to the `webapps`, `work`, `temp`, and `logs` directories: - + -Give the tomcat group ownership over the entire installation directory: + ```text + sudo chown -R tomcat webapps/ work/ temp/ logs/ + ``` - + -```text -sudo chgrp -R tomcat /opt/tomcat -``` +### Step 5: Configure Environment Variables - +1. Add the following line at the end of your `~/.bashrc` file, updating the path if needed: -Next, give the tomcat group read access to the conf directory and all of its contents, and execute access to the directory itself: + - + ```text + export CATALINA_HOME=/opt/tomcat + ``` -```text -sudo chmod -R g+r conf -sudo chmod g+x conf -``` + - + :::tip + If you're using a different shell, you may need to edit `~/.bash_profile` instead. + ::: -Make the tomcat user the owner of the webapps, work, temp, and logs directories: +2. Then reload: - + -```text -sudo chown -R tomcat webapps/ work/ temp/ logs/ -``` + ```text + source ~/.bashrc + ``` - + -### Configure Environment Variables +3. Verify the changes: -**Linux/macOS:** + -Add the following to your `~/.bashrc` or `~/.bash_profile`: + ```text + echo $CATALINA_HOME + ``` - + -```text -export CATALINA_HOME=/opt/tomcat -export JAVA_HOME=/usr/lib/jvm/java-11-openjdk -``` +### Step 6: Run Tomcat - +1. To start Tomcat run: -Then reload: + - + ```text + sudo -u tomcat /opt/tomcat/bin/startup.sh + ``` -```text -source ~/.bashrc -``` + - +2. Verify installation. -**Windows:** + * Go to [http://localhost:8080/](http://localhost:8080/) in your browser. You should see the default Tomcat homepage. -1. Right-click *This PC* → *Properties* → *Advanced system settings* → *Environment Variables* -2. Add new system variable: - - Variable name: `CATALINA_HOME` - - Variable value: `C:\Tomcat` (or your installation path) + * Or check from the terminal: -### Start Tomcat + -**Linux/macOS:** + ```text + curl http://localhost:8080 + ``` - + -```text -sudo -u tomcat /opt/tomcat/bin/startup.sh -``` + Successful output should include: - + ```text +

If you're seeing this, you've successfully installed Tomcat.

+ ``` -**Windows:** +3. To stop Tomcat run: -Double-click `startup.bat` in the `bin` directory. + -### Verify Installation + ```text + sudo -u tomcat /opt/tomcat/bin/shutdown.sh + ``` -Open a web browser and visit `http://localhost:8080/`. You should see the default Tomcat homepage. + -Alternatively, use curl: +## Windows Installation - +### Step 1: Download Apache Tomcat -```text -curl http://localhost:8080 -``` +Download the Apache Tomcat archive from [https://nexus.repo.tuxcare.com/repository/els_tomcat/](https://nexus.repo.tuxcare.com/repository/els_tomcat/) using your credentials. The archive provided by TuxCare contains a container archive with metadata and the actual Tomcat package. - +### Step 2: Extract and Install -You should see HTML output containing: +1. Extract the downloaded archive. - +2. Inside the extracted directory, find the actual Tomcat archive, for example, version 8.5.100: -```text -

If you're seeing this, you've successfully installed Tomcat. Congratulations!

-``` + ```text + bin\apache-tomcat-8.5.100-tuxcare.3.zip + ``` - +3. Extract it to the installation directory, e.g., `C:\Tomcat`. -### Stop Tomcat +### Step 3: Configure Environment Variables -**Linux/macOS:** +1. Right-click *This PC* → *Properties* → *Advanced system settings* → *Environment Variables*. - +2. Add a new system variable named `CATALINA_HOME` with the value `C:\Tomcat` (or your installation path). -```text -sudo -u tomcat /opt/tomcat/bin/shutdown.sh -``` +### Step 4: Run Tomcat - +1. Start Tomcat by double-clicking `C:\Tomcat\bin\startup.bat` -**Windows:** +2. Verify installation. Go to [http://localhost:8080/](http://localhost:8080/) in your browser. You should see the default Tomcat homepage. -Double-click `shutdown.bat` in the `bin` directory. +3. Stop Tomcat by double-clicking `C:\Tomcat\bin\shutdown.bat`. ## Upgrading to a Newer TuxCare Version To upgrade to a newer TuxCare release (e.g., from `tuxcare.1` to `tuxcare.3`): -1. **Download and extract new version** following Steps 2-3 in the Installation section. +1. Download and extract a new version of the Apache Tomcat archive from TuxCare using the instructions above. -2. **Start Tomcat:** +2. Start Tomcat by running the startup script. - +## Logs Location - ```text - sudo -u tomcat /opt/tomcat/bin/startup.sh - ``` +Check logs for detailed error information: - +* **Linux:** + + + + ```text + /opt/tomcat/logs/catalina.out + ``` -### Logs Location + -Check logs for detailed error information: -- **Linux/macOS:** `/opt/tomcat/logs/catalina.out` -- **Windows:** `C:\Tomcat\logs\catalina.[date].log` +* **Windows:** + + + + ```text + C:\Tomcat\logs\catalina.[date].log + ``` + + ## Vulnerability Exploitability eXchange (VEX) -VEX is a machine-readable format that indicates whether a known vulnerability is actually exploitable in your product. It reduces false positives and helps prioritize real risks. +VEX is a machine-readable format that indicates whether a known vulnerability is actually exploitable in your product. It helps reduce false positives and prioritize real risks. -TuxCare provides VEX for Apache Tomcat ELS versions: [security.tuxcare.com/vex/cyclonedx/els_lang_java/](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/). +TuxCare provides VEX data for Apache Tomcat ELS versions at: [security.tuxcare.com/vex/cyclonedx/els_lang_java/](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/). ## Resolved CVEs in ELS for Apache Tomcat diff --git a/docs/els-for-libraries/apache-tomcat/README.md b/docs/els-for-libraries/apache-tomcat/README.md index 4684c161d..f80d8b1f9 100644 --- a/docs/els-for-libraries/apache-tomcat/README.md +++ b/docs/els-for-libraries/apache-tomcat/README.md @@ -5,7 +5,7 @@ Our ELS for Apache Tomcat service is designed to provide solutions for organizat ## Supported Versions -* Apache Tomcat 9.0.75, 9.0.83, 8.5.100 +* Apache Tomcat 8.5.100, 9.0.75, 9.0.83 ## Connection to ELS for Apache Tomcat Repository From f86c70ec898faa571d16d097dffb06b059e03455 Mon Sep 17 00:00:00 2001 From: Sofia Boldyreva Date: Tue, 2 Dec 2025 15:51:03 +0100 Subject: [PATCH 3/3] updates --- .../apache-tomcat/README.md | 46 +++++-------------- 1 file changed, 12 insertions(+), 34 deletions(-) diff --git a/docs/els-for-applications/apache-tomcat/README.md b/docs/els-for-applications/apache-tomcat/README.md index 77aa67227..1aeead16a 100644 --- a/docs/els-for-applications/apache-tomcat/README.md +++ b/docs/els-for-applications/apache-tomcat/README.md @@ -11,7 +11,7 @@ Apache Tomcat is also available for installation as a library for Maven and Grad ## Supported Versions -* Apache Tomcat 8.5.100, 9.0.75, 9.0.83 +* Apache Tomcat 8.5.100, 9.0.50, 9.0.83 ## Prerequisites @@ -36,7 +36,7 @@ Apache Tomcat is also available for installation as a library for Maven and Grad You need username and password to access the TuxCare ELS Apache Tomcat repository. Anonymous access is disabled. To obtain credentials, please contact [sales@tuxcare.com](mailto:sales@tuxcare.com). -Once you have credentials, you can access the repository at: [https://nexus.repo.tuxcare.com/repository/els_tomcat/](https://nexus.repo.tuxcare.com/repository/els_tomcat/) +Once you have credentials, you can access the repository at: [nexus.repo.tuxcare.com/repository/els_tomcat/](https://nexus.repo.tuxcare.com/repository/els_tomcat/). ## Linux Installation @@ -69,35 +69,25 @@ Once you have credentials, you can access the repository at: [https://nexus.repo ```text - curl -u USERNAME:PASSWORD -O https://nexus.repo.tuxcare.com/repository/els_tomcat/org/apache/tomcat/tomcat/8.5.100-tuxcare.3/apache-tomcat-8.5.100-tuxcare.3.tar.gz + curl -u USERNAME:PASSWORD -O https://nexus.repo.tuxcare.com/repository/els_tomcat/org/apache/tomcat/tomcat/8.5.100-tuxcare.3/tomcat-8.5.100-tuxcare.3.tar.gz ``` Replace `USERNAME` and `PASSWORD` with your actual credentials. -2. The archive provided by TuxCare contains a container archive with metadata and the actual Tomcat package. Extract the container archive: - - - - ```text - tar -xvzf v8.5.100-tuxcare.3.tar.gz - ``` - - - -3. Create the `/opt/tomcat` directory and extract the Apache Tomcat archive into it: +2. Create the `/opt/tomcat` directory and extract the Apache Tomcat archive into it: ```text sudo mkdir -p /opt/tomcat - sudo tar -xvzf v8.5.100-tuxcare.3/bin/apache-tomcat-8.5.100-tuxcare.3.tar.gz -C /opt/tomcat --strip-components=1 + sudo tar -xvzf tomcat-8.5.100-tuxcare.3.tar.gz -C /opt/tomcat --strip-components=1 ``` -4. Change to the Tomcat installation directory: +3. Change to the Tomcat installation directory: @@ -204,11 +194,7 @@ Update permissions so that the `tomcat` user has access to the Tomcat installati - Successful output should include: - - ```text -

If you're seeing this, you've successfully installed Tomcat.

- ``` + Successful output will be an HTML page from Tomcat. 3. To stop Tomcat run: @@ -224,33 +210,25 @@ Update permissions so that the `tomcat` user has access to the Tomcat installati ### Step 1: Download Apache Tomcat -Download the Apache Tomcat archive from [https://nexus.repo.tuxcare.com/repository/els_tomcat/](https://nexus.repo.tuxcare.com/repository/els_tomcat/) using your credentials. The archive provided by TuxCare contains a container archive with metadata and the actual Tomcat package. +Download the Apache Tomcat .zip archive from [https://nexus.repo.tuxcare.com/repository/els_tomcat/](https://nexus.repo.tuxcare.com/repository/els_tomcat/) using your credentials. ### Step 2: Extract and Install -1. Extract the downloaded archive. - -2. Inside the extracted directory, find the actual Tomcat archive, for example, version 8.5.100: - - ```text - bin\apache-tomcat-8.5.100-tuxcare.3.zip - ``` - -3. Extract it to the installation directory, e.g., `C:\Tomcat`. +1. Extract the downloaded archive, for example, apache-tomcat-8.5.100-tuxcare.3.zip, to the installation directory, e.g., `C:\Tomcat`. ### Step 3: Configure Environment Variables 1. Right-click *This PC* → *Properties* → *Advanced system settings* → *Environment Variables*. -2. Add a new system variable named `CATALINA_HOME` with the value `C:\Tomcat` (or your installation path). +2. Add a new system variable named `CATALINA_HOME` with the value `C:\Tomcat\apache-tomcat-8.5.100-tuxcare.3` (or your installation path). ### Step 4: Run Tomcat -1. Start Tomcat by double-clicking `C:\Tomcat\bin\startup.bat` +1. Start Tomcat by double-clicking `C:\Tomcat\apache-tomcat-8.5.100-tuxcare.3\bin\startup.bat`. 2. Verify installation. Go to [http://localhost:8080/](http://localhost:8080/) in your browser. You should see the default Tomcat homepage. -3. Stop Tomcat by double-clicking `C:\Tomcat\bin\shutdown.bat`. +3. Stop Tomcat by double-clicking `C:\Tomcat\apache-tomcat-8.5.100-tuxcare.3\bin\shutdown.bat`. ## Upgrading to a Newer TuxCare Version