How to upgrade Apache Tomcat version in JIRA 7.x

Still need help?

The Atlassian Community is here for you.

Ask the community

This article only applies to Atlassian's server products. Learn more about the differences between cloud and server.

The information in this page relates to customisations in JIRA. Consequently, Atlassian Support cannot guarantee to provide any support for the steps described on this page as customisations are not covered under Atlassian Support Offerings. Please be aware that this material is provided for your information only and that you use it at your own risk.

Also, please be aware that customisations done by directly modifying files are not included in the upgrade process. These modifications will need to be reapplied manually on the upgraded instance.

Purpose

This article is mainly for users who are using the latest JIRA version and encounter security vulnerability from Apache Tomcat. If you are not using our latest JIRA version, please upgrade JIRA to have the latest fix instead of referring to the steps here.

Solution

We strongly recommend testing this in a JIRA staging environment to make sure everything is working and stable before applying it to production.

  1. Create a Backup for  JIRA application installation directory and JIRA application home directory.
  2. Shutdown JIRA

    We recommend taking a full backup of the database

  3. Download the Apache Tomcat fix version zip file to a location of your choosing. 
    • If you're using Windows, you'll want to make sure you download the 64 or 32bit zip as appropriate (as that contains the windows binaries).
  4. Copy everything from tomcat/bin to jira-install/bin, but do not replace any \*.sh or \*.bat files - we want to make sure these stay the same.
  5. Copy everything from tomcat/lib to jira-install/lib and replace any files that exist - we want to ensure that we have the latest and compatible libraries that are shipped with Tomcat.
  6. If going to Tomcat 8.5.32 or newer, perform the server.xml change described in Changing server.xml to handle requests with special characters
  7. Start JIRA, and confirm from System Information that JIRA is running the Apache Tomcat fixed version.

 If anything goes wrong, please revert the changes from the backup directories.

Description This article is mainly for users who are using the latest JIRA version and encounter security vulnerability from Apache Tomcat. If you are not using our latest JIRA version, please upgrade JIRA to have the latest fix instead of referring to the steps here.
Product Jira
Platform Server
Last modified on Nov 28, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.