Support for the tomcat8 package












0















On Ubuntu 16.04 I've been using the tomcat8 package. I enjoyed an automatic installation process and was guaranteed to receive packaged security updates for 5 years courtesy of Canonical. So, even though version 8.0 has been declared EOL, I can still use it on my Ubuntu server knowing that any vulnerabilities are going to be addressed.



$ ubuntu-support-status --show-supported
Supported until April 2021 (Canonical - 5y):
tomcat8 tomcat8-admin tomcat8-common


Much to my dismay, on Ubuntu 18.04 the tomcat8 package has been moved to Universe. In my understanding, there is no support guarantee and security patches may or may not be distributed as long as the mainstream product is supported by the Apache Foundation.



Is my understanding of things correct? Is there a convenient way to keep tomcat patched with security updates on Ubuntu 18.04 as easily as with 16.04?



Update: To be clearer, with 16.04 I could simply run apt update tomcat8 and be sure that there would be no vulnerabilities left unpatched. Running the same command today on 18.04, I get version 8.5.30-1ubuntu1 which is behind the latest available (8.5.37) and apparently affected by more than one known vulnerabilities.










share|improve this question





























    0















    On Ubuntu 16.04 I've been using the tomcat8 package. I enjoyed an automatic installation process and was guaranteed to receive packaged security updates for 5 years courtesy of Canonical. So, even though version 8.0 has been declared EOL, I can still use it on my Ubuntu server knowing that any vulnerabilities are going to be addressed.



    $ ubuntu-support-status --show-supported
    Supported until April 2021 (Canonical - 5y):
    tomcat8 tomcat8-admin tomcat8-common


    Much to my dismay, on Ubuntu 18.04 the tomcat8 package has been moved to Universe. In my understanding, there is no support guarantee and security patches may or may not be distributed as long as the mainstream product is supported by the Apache Foundation.



    Is my understanding of things correct? Is there a convenient way to keep tomcat patched with security updates on Ubuntu 18.04 as easily as with 16.04?



    Update: To be clearer, with 16.04 I could simply run apt update tomcat8 and be sure that there would be no vulnerabilities left unpatched. Running the same command today on 18.04, I get version 8.5.30-1ubuntu1 which is behind the latest available (8.5.37) and apparently affected by more than one known vulnerabilities.










    share|improve this question



























      0












      0








      0








      On Ubuntu 16.04 I've been using the tomcat8 package. I enjoyed an automatic installation process and was guaranteed to receive packaged security updates for 5 years courtesy of Canonical. So, even though version 8.0 has been declared EOL, I can still use it on my Ubuntu server knowing that any vulnerabilities are going to be addressed.



      $ ubuntu-support-status --show-supported
      Supported until April 2021 (Canonical - 5y):
      tomcat8 tomcat8-admin tomcat8-common


      Much to my dismay, on Ubuntu 18.04 the tomcat8 package has been moved to Universe. In my understanding, there is no support guarantee and security patches may or may not be distributed as long as the mainstream product is supported by the Apache Foundation.



      Is my understanding of things correct? Is there a convenient way to keep tomcat patched with security updates on Ubuntu 18.04 as easily as with 16.04?



      Update: To be clearer, with 16.04 I could simply run apt update tomcat8 and be sure that there would be no vulnerabilities left unpatched. Running the same command today on 18.04, I get version 8.5.30-1ubuntu1 which is behind the latest available (8.5.37) and apparently affected by more than one known vulnerabilities.










      share|improve this question
















      On Ubuntu 16.04 I've been using the tomcat8 package. I enjoyed an automatic installation process and was guaranteed to receive packaged security updates for 5 years courtesy of Canonical. So, even though version 8.0 has been declared EOL, I can still use it on my Ubuntu server knowing that any vulnerabilities are going to be addressed.



      $ ubuntu-support-status --show-supported
      Supported until April 2021 (Canonical - 5y):
      tomcat8 tomcat8-admin tomcat8-common


      Much to my dismay, on Ubuntu 18.04 the tomcat8 package has been moved to Universe. In my understanding, there is no support guarantee and security patches may or may not be distributed as long as the mainstream product is supported by the Apache Foundation.



      Is my understanding of things correct? Is there a convenient way to keep tomcat patched with security updates on Ubuntu 18.04 as easily as with 16.04?



      Update: To be clearer, with 16.04 I could simply run apt update tomcat8 and be sure that there would be no vulnerabilities left unpatched. Running the same command today on 18.04, I get version 8.5.30-1ubuntu1 which is behind the latest available (8.5.37) and apparently affected by more than one known vulnerabilities.







      server package-management updates security tomcat






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 2 days ago







      simlev

















      asked Jan 15 at 14:18









      simlevsimlev

      1582212




      1582212






















          1 Answer
          1






          active

          oldest

          votes


















          1















          In my understanding, there is no support guarantee and security patches may or may not be distributed as long as the mainstream product is supported by the Apache Foundation.




          Correct but it is in their best interest to keep support up as long as possible.




          Is there a convenient way to keep tomcat patched with security updates on Ubuntu 18.04 as easily as with 16.04?




          Nothing changes for you; it only comes from a more direct channel so if anything you should see updates appear quicker and not just security updates.



          Old: update tomcat by Apache -> Ubuntu security team evaluates changes and adds patches if that specific package has Ubuntu related changes -> update to you.



          New: update tomcat by Apache -> update to you.



          Canonical decided to kill the changes made to the package and as such could take it out of security. The fewer the changes to our default install means fewer issues. It is likely to happen and has happened with lots of other software since Canonical stopped with Unity: we are going back to the original source for our software.






          share|improve this answer
























          • Thank you for the answer. I don't see it as an improvement, though, since in practice I end up having insecure tomcat versions. I'm thinking of a way of always having the latest version, maybe Docker can help...

            – simlev
            Jan 15 at 15:10











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1109961%2fsupport-for-the-tomcat8-package%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1















          In my understanding, there is no support guarantee and security patches may or may not be distributed as long as the mainstream product is supported by the Apache Foundation.




          Correct but it is in their best interest to keep support up as long as possible.




          Is there a convenient way to keep tomcat patched with security updates on Ubuntu 18.04 as easily as with 16.04?




          Nothing changes for you; it only comes from a more direct channel so if anything you should see updates appear quicker and not just security updates.



          Old: update tomcat by Apache -> Ubuntu security team evaluates changes and adds patches if that specific package has Ubuntu related changes -> update to you.



          New: update tomcat by Apache -> update to you.



          Canonical decided to kill the changes made to the package and as such could take it out of security. The fewer the changes to our default install means fewer issues. It is likely to happen and has happened with lots of other software since Canonical stopped with Unity: we are going back to the original source for our software.






          share|improve this answer
























          • Thank you for the answer. I don't see it as an improvement, though, since in practice I end up having insecure tomcat versions. I'm thinking of a way of always having the latest version, maybe Docker can help...

            – simlev
            Jan 15 at 15:10
















          1















          In my understanding, there is no support guarantee and security patches may or may not be distributed as long as the mainstream product is supported by the Apache Foundation.




          Correct but it is in their best interest to keep support up as long as possible.




          Is there a convenient way to keep tomcat patched with security updates on Ubuntu 18.04 as easily as with 16.04?




          Nothing changes for you; it only comes from a more direct channel so if anything you should see updates appear quicker and not just security updates.



          Old: update tomcat by Apache -> Ubuntu security team evaluates changes and adds patches if that specific package has Ubuntu related changes -> update to you.



          New: update tomcat by Apache -> update to you.



          Canonical decided to kill the changes made to the package and as such could take it out of security. The fewer the changes to our default install means fewer issues. It is likely to happen and has happened with lots of other software since Canonical stopped with Unity: we are going back to the original source for our software.






          share|improve this answer
























          • Thank you for the answer. I don't see it as an improvement, though, since in practice I end up having insecure tomcat versions. I'm thinking of a way of always having the latest version, maybe Docker can help...

            – simlev
            Jan 15 at 15:10














          1












          1








          1








          In my understanding, there is no support guarantee and security patches may or may not be distributed as long as the mainstream product is supported by the Apache Foundation.




          Correct but it is in their best interest to keep support up as long as possible.




          Is there a convenient way to keep tomcat patched with security updates on Ubuntu 18.04 as easily as with 16.04?




          Nothing changes for you; it only comes from a more direct channel so if anything you should see updates appear quicker and not just security updates.



          Old: update tomcat by Apache -> Ubuntu security team evaluates changes and adds patches if that specific package has Ubuntu related changes -> update to you.



          New: update tomcat by Apache -> update to you.



          Canonical decided to kill the changes made to the package and as such could take it out of security. The fewer the changes to our default install means fewer issues. It is likely to happen and has happened with lots of other software since Canonical stopped with Unity: we are going back to the original source for our software.






          share|improve this answer














          In my understanding, there is no support guarantee and security patches may or may not be distributed as long as the mainstream product is supported by the Apache Foundation.




          Correct but it is in their best interest to keep support up as long as possible.




          Is there a convenient way to keep tomcat patched with security updates on Ubuntu 18.04 as easily as with 16.04?




          Nothing changes for you; it only comes from a more direct channel so if anything you should see updates appear quicker and not just security updates.



          Old: update tomcat by Apache -> Ubuntu security team evaluates changes and adds patches if that specific package has Ubuntu related changes -> update to you.



          New: update tomcat by Apache -> update to you.



          Canonical decided to kill the changes made to the package and as such could take it out of security. The fewer the changes to our default install means fewer issues. It is likely to happen and has happened with lots of other software since Canonical stopped with Unity: we are going back to the original source for our software.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jan 15 at 14:33









          RinzwindRinzwind

          205k28390526




          205k28390526













          • Thank you for the answer. I don't see it as an improvement, though, since in practice I end up having insecure tomcat versions. I'm thinking of a way of always having the latest version, maybe Docker can help...

            – simlev
            Jan 15 at 15:10



















          • Thank you for the answer. I don't see it as an improvement, though, since in practice I end up having insecure tomcat versions. I'm thinking of a way of always having the latest version, maybe Docker can help...

            – simlev
            Jan 15 at 15:10

















          Thank you for the answer. I don't see it as an improvement, though, since in practice I end up having insecure tomcat versions. I'm thinking of a way of always having the latest version, maybe Docker can help...

          – simlev
          Jan 15 at 15:10





          Thank you for the answer. I don't see it as an improvement, though, since in practice I end up having insecure tomcat versions. I'm thinking of a way of always having the latest version, maybe Docker can help...

          – simlev
          Jan 15 at 15:10


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1109961%2fsupport-for-the-tomcat8-package%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          數位音樂下載

          When can things happen in Etherscan, such as the picture below?

          格利澤436b