Upgrade Tomcat embed version #6028

nvazquez · 2022-02-22T14:41:13Z

Description

This PR upgrades Tomcat embed version to the closest patched version according to the CVE
Fixes: #5969

Types of changes

Breaking change (fix or feature that would cause existing functionality to change)
New feature (non-breaking change which adds functionality)
Bug fix (non-breaking change which fixes an issue)
Enhancement (improves an existing feature and functionality)
Cleanup (Code refactoring and cleanup, that may add test cases)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

Major
Minor

Bug Severity

Screenshots (if appropriate):

How Has This Been Tested?

nvazquez · 2022-02-22T14:41:29Z

@blueorangutan package

blueorangutan · 2022-02-22T14:42:03Z

@nvazquez a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

blueorangutan · 2022-02-22T15:17:19Z

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian ✔️ suse15. SL-JID 2686

nvazquez · 2022-02-22T15:19:23Z

@blueorangutan test

blueorangutan · 2022-02-22T15:20:03Z

@nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

weizhouapache · 2022-02-22T15:28:43Z

tomcat is only used by rdpconsole. it has minor impact.
we can upgrade to latest tomcat 10.x or 8.5.75

nvazquez · 2022-02-22T15:48:34Z

I can explore the upgrade to 10.0.2 - had chosen 8.5.63 as its the closest patched version according to the CVE: GHSA-j39c-c8hj-x4j3

blueorangutan · 2022-02-23T00:16:07Z

Trillian test result (tid-3411)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 30786 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6028-t3411-kvm-centos7.zip
Smoke tests completed. 90 look OK, 2 have errors
Only failed tests results shown below:

Test	Result	Time (s)	Test File
test_08_arping_in_ssvm	`Failure`	5.18	test_diagnostics.py
test_09_arping_in_cpvm	`Failure`	5.17	test_diagnostics.py
test_hostha_enable_ha_when_host_disabled	`Error`	2.62	test_hostha_kvm.py
test_hostha_enable_ha_when_host_in_maintenance	`Error`	306.03	test_hostha_kvm.py

nvazquez · 2022-02-23T06:29:53Z

@blueorangutan package

blueorangutan · 2022-02-23T06:31:02Z

@nvazquez a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

blueorangutan · 2022-02-23T07:26:12Z

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian ✔️ suse15. SL-JID 2692

weizhouapache · 2022-02-23T08:33:31Z

@blueorangutan test

blueorangutan · 2022-02-23T08:34:03Z

@weizhouapache a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

weizhouapache · 2022-02-23T14:57:00Z

@nvazquez
do you know a way to test console proxy rdp client ?
it seems only available in hyperv environment.

nvazquez · 2022-02-23T16:49:57Z

Not aware @weizhouapache - checked and it seems to be only available on hyperv as you said

blueorangutan · 2022-02-23T17:49:41Z

Trillian test result (tid-3417)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 32021 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6028-t3417-kvm-centos7.zip
Smoke tests completed. 92 look OK, 0 have errors
Only failed tests results shown below:

Test	Result	Time (s)	Test File

weizhouapache

code lgtm
I have no chance to test rdp client for hyperv which is the only component using tomcat in cloudstack.

yadvr

Lgtm me need to check if this causes any regression in cpvm

yadvr · 2022-02-24T17:05:53Z

@nvazquez @weizhouapache this will require manual testing of console for the main three hypervisors

weizhouapache · 2022-03-02T07:40:54Z

@blueorangutan package

blueorangutan · 2022-03-02T07:42:02Z

@weizhouapache a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

blueorangutan · 2022-03-02T08:29:45Z

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian ✔️ suse15. SL-JID 2744

weizhouapache · 2022-03-02T09:24:04Z

@blueorangutan test matrix keepEnv

blueorangutan · 2022-03-02T09:25:03Z

@weizhouapache a Trillian-Jenkins matrix job (centos7 mgmt + xs71, centos7 mgmt + vmware65, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests

blueorangutan · 2022-03-02T19:17:23Z

Trillian test result (tid-3453)
Environment: xenserver-71 (x2), Advanced Networking with Mgmt server 7
Total time taken: 34162 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6028-t3453-xenserver-71.zip
Smoke tests completed. 92 look OK, 0 have errors
Only failed tests results shown below:

Test	Result	Time (s)	Test File

blueorangutan · 2022-03-02T19:35:06Z

Trillian test result (tid-3454)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 35166 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6028-t3454-kvm-centos7.zip
Smoke tests completed. 88 look OK, 4 have errors
Only failed tests results shown below:

Test	Result	Time (s)	Test File
test_01_add_primary_storage_disabled_host	`Error`	0.56	test_primary_storage.py
test_01_primary_storage_nfs	`Error`	0.11	test_primary_storage.py
ContextSuite context=TestStorageTags>:setup	`Error`	0.20	test_primary_storage.py
test_01_secure_vm_migration	`Error`	149.21	test_vm_life_cycle.py
test_02_unsecure_vm_migration	`Error`	270.02	test_vm_life_cycle.py
test_03_secured_to_nonsecured_vm_migration	`Error`	141.89	test_vm_life_cycle.py
test_08_migrate_vm	`Error`	41.73	test_vm_life_cycle.py
test_02_list_snapshots_with_removed_data_store	`Error`	8.47	test_snapshots.py
test_02_list_snapshots_with_removed_data_store	`Error`	8.47	test_snapshots.py
test_hostha_kvm_host_degraded	`Error`	692.07	test_hostha_kvm.py
test_hostha_kvm_host_fencing	`Error`	682.73	test_hostha_kvm.py

blueorangutan · 2022-03-02T19:37:08Z

Trillian test result (tid-3455)
Environment: vmware-65u2 (x2), Advanced Networking with Mgmt server 7
Total time taken: 35467 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6028-t3455-vmware-65u2.zip
Smoke tests completed. 92 look OK, 0 have errors
Only failed tests results shown below:

Test	Result	Time (s)	Test File

nvazquez · 2022-03-02T19:58:55Z

@blueorangutan test

blueorangutan · 2022-03-02T20:00:03Z

@nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

weizhouapache · 2022-03-03T14:50:30Z

@blueorangutan test centos7 vmware-70u3 keepEnv

blueorangutan · 2022-03-03T14:51:03Z

@weizhouapache a Trillian-Jenkins test job (centos7 mgmt + vmware-70u3) has been kicked to run smoke tests

weizhouapache · 2022-03-03T18:32:52Z

@blueorangutan test centos7 vmware-70u3 keepEnv

vm console works well

blueorangutan · 2022-03-03T18:34:03Z

@weizhouapache a Trillian-Jenkins test job (centos7 mgmt + vmware-70u3) has been kicked to run smoke tests

blueorangutan · 2022-03-04T13:04:06Z

Trillian test result (tid-3474)
Environment: vmware-70u3 (x2), Advanced Networking with Mgmt server 7
Total time taken: 34925 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6028-t3474-vmware-70u3.zip
Smoke tests completed. 92 look OK, 0 have errors
Only failed tests results shown below:

Test	Result	Time (s)	Test File

Upgrade Tomcat embed version

d2db191

nvazquez added the type:security label Feb 22, 2022

nvazquez added this to the 4.17.0.0 milestone Feb 22, 2022

nvazquez requested review from DaanHoogland, weizhouapache and yadvr February 22, 2022 15:15

Update to newest patched version

5d35031

nvazquez marked this pull request as ready for review February 23, 2022 16:49

weizhouapache approved these changes Feb 24, 2022

View reviewed changes

yadvr approved these changes Feb 24, 2022

View reviewed changes

DaanHoogland approved these changes Feb 25, 2022

View reviewed changes

weizhouapache approved these changes Mar 3, 2022

View reviewed changes

nvazquez merged commit ef5c1df into apache:main Mar 4, 2022

Upgrade Tomcat embed version #6028

Upgrade Tomcat embed version #6028

Uh oh!

Conversation

nvazquez commented Feb 22, 2022

Description

Types of changes

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

Bug Severity

Screenshots (if appropriate):

How Has This Been Tested?

Uh oh!

nvazquez commented Feb 22, 2022

Uh oh!

blueorangutan commented Feb 22, 2022

Uh oh!

blueorangutan commented Feb 22, 2022

Uh oh!

nvazquez commented Feb 22, 2022

Uh oh!

blueorangutan commented Feb 22, 2022

Uh oh!

weizhouapache commented Feb 22, 2022

Uh oh!

nvazquez commented Feb 22, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

blueorangutan commented Feb 23, 2022

Uh oh!

nvazquez commented Feb 23, 2022

Uh oh!

blueorangutan commented Feb 23, 2022

Uh oh!

blueorangutan commented Feb 23, 2022

Uh oh!

weizhouapache commented Feb 23, 2022

Uh oh!

blueorangutan commented Feb 23, 2022

Uh oh!

weizhouapache commented Feb 23, 2022

Uh oh!

nvazquez commented Feb 23, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

blueorangutan commented Feb 23, 2022

Uh oh!

weizhouapache left a comment

Choose a reason for hiding this comment

Uh oh!

yadvr left a comment

Choose a reason for hiding this comment

Uh oh!

yadvr commented Feb 24, 2022

Uh oh!

weizhouapache commented Mar 2, 2022

Uh oh!

blueorangutan commented Mar 2, 2022

Uh oh!

blueorangutan commented Mar 2, 2022

Uh oh!

weizhouapache commented Mar 2, 2022

Uh oh!

blueorangutan commented Mar 2, 2022

Uh oh!

blueorangutan commented Mar 2, 2022

Uh oh!

blueorangutan commented Mar 2, 2022

Uh oh!

blueorangutan commented Mar 2, 2022

Uh oh!

nvazquez commented Mar 2, 2022

Uh oh!

blueorangutan commented Mar 2, 2022

Uh oh!

weizhouapache commented Mar 3, 2022

Uh oh!

blueorangutan commented Mar 3, 2022

Uh oh!

weizhouapache commented Mar 3, 2022

nvazquez commented Feb 22, 2022 •

edited

Loading

nvazquez commented Feb 23, 2022 •

edited

Loading