[WG: Sakai QA] sakai-2.6.3: test/recommend deployers use Tomcat 5.5.28+?

Anthony Whyte arwhyte at umich.edu
Mon Jun 28 09:36:11 PDT 2010


We are now at work on readying the 2.6.x branch for a sakai-2.6.3 maintenance release (release date is yet to be determined).  The current recommended version of Tomcat for Sakai 2.6 is Tomcat 5.5.26 (released Feb 2008).  Both Alan and I think it worth discussing whether or not we should consider releasing sakai-2.6.3 with an updated Tomcat 5.5 version recommendation (5.5.28 or 5.5.29).  Alan is prepared to test 2.6.x using Tomcat 5.5.28 (released Sep 2009) or 5.5.29 (released Apr 2010).  Sakai 2.7.0 was tested against Tomcat 5.5.28.

One change for 2.6 deployers who choose to run Sakai in Tomcat 5.5.27+ is the requirement to add the following system property in order to disable strict quote escaping, a change in Tomcat *.jsp handling that has yet to be addressed in certain tools such as portfolios (see SAK-15736).

-Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false

This workaround has been noted in the 2.6 install guides for quite some time and is by no means a surprise requirement.

Tomcat 5.5.27-29 contain a number of security fixes that improve upon Tomcat 5.5.26 (see link below).   Looking over the Tomcat change log I don't see anything that raises any red flags (see link below).  But others should review the changes and raise any potential concerns.  

Finally if you are running a Sakai 2.6 tag or 2.6.x in production using Tomcat 5.5.27+ please let us know whether or not based on your experience you think we should test 2.6.x against an upgraded version of Tomcat.

Cheers,

Anthony

_____________________________

Tomcat Security

Tomcat 5.5 security fixes: http://tomcat.apache.org/security-5.html 

Tomcat change log

http://tomcat.apache.org/tomcat-5.5-doc/changelog.html

Tomcat Release Notes

5.5.29 http://tomcat.apache.org/tomcat-5.5-doc/RELEASE-NOTES.txt
5.5.28 http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.28/RELEASE-NOTES
5.5.27 http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.27/RELEASE-NOTES

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-qa/attachments/20100628/af05358b/attachment.html 


More information about the sakai-qa mailing list