https://community.cloudera.com/t5/Support-Questions/Cloudera-5-16-2-Tomcat-upgrade/m-p/289539#M214329 <P>Hello&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/26024">@StevenOD</a>,</P><P>&nbsp;</P><P>Thanks for the reply. We have considered this but at the moment, the client requirements limits our usage to 5.16.x</P> Tue, 11 Feb 2020 17:37:14 GMT CaptainJa 2020-02-11T17:37:14Z https://community.cloudera.com/t5/Support-Questions/Cloudera-5-16-2-Tomcat-upgrade/m-p/289498#M214300 <P>Hello,</P> <P>&nbsp;</P> <P>After running a security tool on our cluster, a report found the tomcat version as outdated and vulnerable to certain threats. We have tried to find ways to upgrade Tomcat on our cluster but are not having any success with it.</P> <P>&nbsp;</P> <P>I realize this is similar to a post&nbsp;<FONT><A href="https://community.cloudera.com/t5/Support-Questions/Apache-tomcat-compatibility/m-p/159988" target="_blank" rel="noopener">https://community.cloudera.com/t5/Support-Questions/Apache-tomcat-compatibility/m-p/159988</A></FONT> which concerns HDP but there are no responses on that post either.</P> <P>&nbsp;</P> <P>Does anyone have some experience with this? If so, I would be grateful for some pointers.</P> <P>Thanks.</P> <P>&nbsp;</P> <P>Regards,</P> <P>CaptainJay</P> Tue, 11 Feb 2020 09:39:14 GMT https://community.cloudera.com/t5/Support-Questions/Cloudera-5-16-2-Tomcat-upgrade/m-p/289498#M214300 CaptainJa 2020-02-11T09:39:14Z https://community.cloudera.com/t5/Support-Questions/Cloudera-5-16-2-Tomcat-upgrade/m-p/289523#M214317 <P>Hi&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/71343">@CaptainJa</a>&nbsp;</P><P>&nbsp;</P><P>Are you able to upgrade your environment to CDH 6? In CDH 6 Tomcat is replaced by Jetty. Please take a look at this post:</P><P>&nbsp;</P><P><A href="https://blog.cloudera.com/third-party-libraries-in-c6/" target="_blank">https://blog.cloudera.com/third-party-libraries-in-c6/</A></P><P>&nbsp;</P><P>Regards,</P><P>Steve</P> Tue, 11 Feb 2020 13:53:05 GMT https://community.cloudera.com/t5/Support-Questions/Cloudera-5-16-2-Tomcat-upgrade/m-p/289523#M214317 StevenOD 2020-02-11T13:53:05Z https://community.cloudera.com/t5/Support-Questions/Cloudera-5-16-2-Tomcat-upgrade/m-p/289539#M214329 <P>Hello&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/26024">@StevenOD</a>,</P><P>&nbsp;</P><P>Thanks for the reply. We have considered this but at the moment, the client requirements limits our usage to 5.16.x</P> Tue, 11 Feb 2020 17:37:14 GMT https://community.cloudera.com/t5/Support-Questions/Cloudera-5-16-2-Tomcat-upgrade/m-p/289539#M214329 CaptainJa 2020-02-11T17:37:14Z https://community.cloudera.com/t5/Support-Questions/Cloudera-5-16-2-Tomcat-upgrade/m-p/289807#M214479 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/71343">@CaptainJa</a>&nbsp; The version of Tomcat used in CDH 5.16.2 should not have any vulnerabilities. Could you share the CVE that is reported CDH is vulnerable to?</P><P>&nbsp;</P><P>Per the notice [1] independent upgrade of Tomcat is not supported and we are moving towards newer versions in CDH6 =&gt; Cloudera Enterprise 6 has replaced Tomcat 6 with Jetty 9 and is not susceptible to Tomcat security issues.</P><P>&nbsp;</P><P>LINKS: [1] <A href="https://community.cloudera.com/t5/Customer/CDH-5-support-for-Tomcat-6/ta-p/73655" target="_blank">https://community.cloudera.com/t5/Customer/CDH-5-support-for-Tomcat-6/ta-p/73655</A></P> Fri, 14 Feb 2020 13:56:44 GMT https://community.cloudera.com/t5/Support-Questions/Cloudera-5-16-2-Tomcat-upgrade/m-p/289807#M214479 GangWar 2020-02-14T13:56:44Z