Yellowfin 7.4.8 and supported tomcat release

Ravi Shankar shared this question 2 months ago
Answered

Hi

There is vulnerability "CVE-2019-0199" reported on tomcat shipped with Yellowfin 7.4.8. I know tomcat in yellowfin can be upgraded manually by following steps mentioned here (https://community.yellowfinbi.com/knowledge-base/article/how-to-upgrade-tomcat)

Before upgrade i need to know whether latest tomcat (8.5.39 and 9.0.17) are compatible or not.


Thanks

Ravi S Gupta

Comments (8)

photo
1

Hi Ravi,

Thanks for getting in touch. We have not had any reports of Yellowfin not working with either of these versions. It is always our recommendation however to test this out completely in a DEV or TEST enivronment first, but I do not see any specific issues going forward.

Regards,

Paul

photo
1

Thanks Paul, did you test these version in your lab or relying just on users to report any issue?

photo
photo
1

Hi Ravi,

The Dev team generally test with a single version for some time and then release. There have been 10 updates since the current Tomcat released with Yellowfin so it is impossible for team to test all of these. We do rely on our internal testers and in some part our customers, however upgrading to an 8.5.x release (in particular) should not cause you any issues and in most cases, should make the system run better as Apache fix issues and provide enhancements to each new revision.

Hopefully this clarifies this a little more,

Thank you,

Paul

photo
1

Thanks, this will help

photo
photo
1

Hi Ravi,

That's great. Please let me know if you need anything else?

Cheers,

Paul

photo
1

Hi Ravi,

Just checking in again on this ticket to see if you need anything else?

Regards,

Paul

photo
1

No Paul


Thanks

Ravi S Gupta

photo
1

Hi Ravi,

No problems at all. I will close this off for now, but if something does come up and you need more help, please get back in touch.

Regards,

Paul

photo