[WG: Sakai QA] sakai-2.6.3: test/recommend deployers use Tomcat 5.5.28+?
Anthony Whyte
arwhyte at umich.edu
Mon Jun 28 09:36:11 PDT 2010
We are now at work on readying the 2.6.x branch for a sakai-2.6.3 maintenance release (release date is yet to be determined). The current recommended version of Tomcat for Sakai 2.6 is Tomcat 5.5.26 (released Feb 2008). Both Alan and I think it worth discussing whether or not we should consider releasing sakai-2.6.3 with an updated Tomcat 5.5 version recommendation (5.5.28 or 5.5.29). Alan is prepared to test 2.6.x using Tomcat 5.5.28 (released Sep 2009) or 5.5.29 (released Apr 2010). Sakai 2.7.0 was tested against Tomcat 5.5.28.
One change for 2.6 deployers who choose to run Sakai in Tomcat 5.5.27+ is the requirement to add the following system property in order to disable strict quote escaping, a change in Tomcat *.jsp handling that has yet to be addressed in certain tools such as portfolios (see SAK-15736).
-Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false
This workaround has been noted in the 2.6 install guides for quite some time and is by no means a surprise requirement.
Tomcat 5.5.27-29 contain a number of security fixes that improve upon Tomcat 5.5.26 (see link below). Looking over the Tomcat change log I don't see anything that raises any red flags (see link below). But others should review the changes and raise any potential concerns.
Finally if you are running a Sakai 2.6 tag or 2.6.x in production using Tomcat 5.5.27+ please let us know whether or not based on your experience you think we should test 2.6.x against an upgraded version of Tomcat.
Cheers,
Anthony
_____________________________
Tomcat Security
Tomcat 5.5 security fixes: http://tomcat.apache.org/security-5.html
Tomcat change log
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
Tomcat Release Notes
5.5.29 http://tomcat.apache.org/tomcat-5.5-doc/RELEASE-NOTES.txt
5.5.28 http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.28/RELEASE-NOTES
5.5.27 http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.27/RELEASE-NOTES
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-qa/attachments/20100628/af05358b/attachment.html
More information about the sakai-qa
mailing list