We just recieved a threat scan from an outside company which requires us to update Tomcat in order to continue processing credit card orders. Initially this seemed simple. Tomcat says we need either version 5.0.SVN or 5.5.26.
Our vendor (Adobe Live Cycle) claims that we shouldn't touch Tomcat directly and requires JBoss 3.2.5 to work properly.
Would you please provide simple steps and guidelines for how to patch Tomcat without breaking everything else? We need to act ASAP!!
Installed Versions:
JBoss 3.2.5
Tomcat 5.0.26
Java VM 1.4.2_12-b03
A similar question was answered here http://www.jboss.com/index.html?module=bb&op=viewtopic&t=137963.
I guess, you will have a better chance of getting this question answered in the Tomcat sub-forum http://www.jboss.com/index.html?module=bb&op=viewforum&f=50