Installation Instructions for Hot Fix "tomcat-4.1.18-hotfix1" on Unix
BEFORE DOWNLOADING:
The hot fix "tomcat-4.1.18-hotfix1" addresses the issue(s) in Version 4.1.18 of
Tomcat as documented in SAS Note(s):
SN-011132 Potential security/data integrity issues when using Tomcat 4.1.18
which may be reviewed at:
http://support.sas.com/techsup/unotes/SN/011/011132.html
The hot fix package that is downloaded is in tar format. The name of the file
is tomcat-4.1.18-hotfix1.tar and it contains the following file:
* server/classes/org/apache/catalina/session/StandardSession.class
IMPORTANT NOTE(S):
1. You must have Tomcat 4.1.18 installed on your system before applying this hot fix.
AFTER DOWNLOADING:
The following instructions describe the steps for installing the files listed
above. In this example, $CATALINA_HOME, the directory where Tomcat 4.1.18 is
installed, for example:
/usr/local/jakarta-tomcat-4.1.18-LE-jdk14
STEP 1:
Assuming the tar file is downloaded to the user's HOME directory, follow
these procedures to install the package.
$> cd $CATALINA_HOME
$> tar xf $HOME/tomcat-4.1.18-hotfix1.tar
STEP 2:
Check to be sure the necessary class file exists:
$> ls $CATALINA_HOME/server/classes/org/apache/catalina/session/StandardSession.class
STEP 3 (optional):
To verify that the patch has been installed correctly, use the following
procedure. The following assumes the "examples" Web application is still
available in the Tomcat 4.1.18 installation. If this is not the case,
any Web application containing a JSP file that creates a session may be
substituted. Just specify the appropriate docBase attribute in the
first step and an appropriate URL in the third step.
1. In a Tomcat 4.1.18 or 4.1.18-LE-jdk14 installation, under the
$CATALINA_HOME/webapps directory, create the following file:
This will serve the "examples" Web application under the context
name "patchtest".
2. Be sure that you have the environment variable JAVA_HOME set to
the root directory of your JDK installation directory. For example
if your JDK is installed in /bin/java/j2sdk1.4.1_02, JAVA_HOME would
be must be set to that directory.
3. Start Tomcat from the CATALINA_HOME directory using the command:
bin/startup.sh
4. Access a JSP page in the "patchtest" context, for example:
http://localhost:8080/patchtest/jsp/snp/snoop.jsp
Note: The JSP file accessed must create a session. This excludes the
Date example found in the "examples" web application.
5. Stop Tomcat from the CATALINA_HOME directory using the command;
bin/shutdown.sh
6. Examine the "patchtest_log..txt" file in the $CATALINA_HOME/logs
directory. Verify the following text:
Using modified version of StandardSession that disables session recycling.
appears in this file. Its presence indicates the patch is successfully
installed.
7. Delete the patchtest.xml and patchtest_log..txt files.
This completes the installation of hot fix "tomcat-4.1.18-hotfix1" on Unix.