How to upgrade Apache Tomcat version used by Bamboo
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
The information in this page relates to customizations in Bamboo. Consequently, Atlassian Support cannot guarantee to provide any support for the steps described on this page as customizations are not covered under Atlassian Support Offerings. Please be aware that this material is provided for your information only and that you use it at your own risk.
Also, please be aware that customizations done by directly modifying files are not included in the upgrade process. These modifications will need to be reapplied manually on the upgraded instance.
Summary
This article explains how to upgrade the version of Apache Tomcat used by Bamboo. It is mainly for users who are using the latest version of Bamboo but need to upgrade Apache Tomcat due to a security vulnerability that wasn't addressed yet.
If you are not using the latest version of Bamboo, please upgrade Bamboo first as there's a chance the security vulnerability you're looking to get fixed was already addressed and you won't have to manually upgrade Apache Tomcat.
Solution
We strongly encourage everyone to test the following steps in a staging environment to make sure everything is working as expected before doing it in a production environment.
If you are running Bamboo Data Center you'll need to follow the steps below for each node in your cluster.
- Stop Bamboo.
- Backup your Bamboo instance using one of the following options:
- Exporting data for backup + compress the original <bamboo-install> directory into a .zip file.
- Embedded DB – Compress the original <bamboo-install>, <bamboo-home> and <bamboo-shared-home> (in case you're running Bamboo 8 or higher) directories into .zip files. The embedded database will be included in the <bamboo-home> directory if you're running Bamboo 7 or lower and <bamboo-shared-home> in case you're running Bamboo 8 or higher.
- External DB – Compress the original <bamboo-install>, <bamboo-home> and <bamboo-shared-home> (in case you're running Bamboo 8 or higher) directories into .zip files. Create a database backup with your DBMS native tools.
Download the new version of Apache Tomcat to a location of your choice.
- If you're using Windows, you'll want to make sure you download either the 64-bit or 32-bit zip option.
- Copy everything from <tomcat>/bin to <bamboo-install>/bin, but do not replace any
.shor.batfiles - these have to stay the same. - Copy everything from <tomcat>/lib to <bamboo-install>/lib and replace all the files - we need to ensure that we have the latest and compatible libraries that are shipped with Tomcat.
- Start Bamboo.
- Confirm that you're running the new version of Apache Tomcat using one of the following options:
Execute the version.sh or version.bat inside the <bamboo-install>/bin folder. This will print out the version of Apache Tomcat. Here's example:
bin % ./version.sh | grep "Apache Tomcat" Server version: Apache Tomcat/8.5.75Search the <bamboo-install>/logs/catalina.out logs for the keywords Apache Tomcat. You'll find the version right next to it. Here's an example:
logs % grep "Apache Tomcat" catalina.out 15-Feb-2022 10:54:28.719 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.75]This will be logged inside the catalina logs every time you start up Bamboo.
If you're upgrading to Tomcat 8.5.51 or higher and using an AJP connector, you need to inform a secret on the AJP connector or disable this requirement by specifying secretRequired="false" (not recommended) as instructed on Tomcat Changelog. Failing to do this will prevent Tomcat from starting up with the following error message:
The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid.If anything goes wrong, please revert the changes using the backup files taken in the second step of the Solution section.