cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

We are happy to announce the new Windchill Customization board! Learn more.

Upgrading Apache

gkemner
1-Newbie

Upgrading Apache

I have Apache version 2.2.15 that is running with Windchill 9.1 M060 on Windows Sever 2003 32bit. Our corporate IT says I have to upgrade to Apache version 2.2.22 or new to address certain security issues.

Can I upgrade just Apache without having to upgrade Windchill to a newer maintenance release? Any tricks or challenges to doing that? Or are there only certain Apache versions that work with specific Windchill releases?

Thanks!!
6 REPLIES 6

Greg,

This link<">http://www.ptc.com/appserver/wcms/standards/freefull.jsp?im_dbkey=73856&icg_dbkey=893> at PTC.com has the latest Windchill Apache versions available for each Windchill release. The latest Apache version posted for versions 9.1 and 10 is 2.2.21.

John M.
jessh
5-Regular Member
(To:gkemner)

There's an early access page on the technical support site for more
recent Apache releases from PTC
[

Hi Jess

I have the same issue as Greg, we had penetration tests done and they
found a list of apache vulnerabilities as they always do, this is because
we have an outward facing apache for internet access to Windchill

So I think the issue isn't Windchill use but that apache could be
compromised.. However, having said this could you expand on your comment
"One thing to note about Apache security issues -- most of them don't
apply to Windchill's usage of Apache" this sounds interesting

Cheers


Best Regards

Chris Collinson
CAD Administrator
jessh
5-Regular Member
(To:gkemner)

One of my colleagues gave a nice summary of the security issues that are
present in 2.2.21 and fixed in 2.2.22.

Unfortunately, it appears that his message did not reach the forum since
he does not subscribe to it. Not realizing this, I deleted his reply
already.

The gist was that none of these security issues apply to Windchill's use
of Apache except possibly:

* SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
could cause the parent to crash at shutdown rather than terminate
cleanly.

I'm not at all sure that this applies to Windchill's use of Apache
either -- but unlike the others it can't quickly be ruled out.

--
Jess Holle

Hello,
We are alo planning to move to Apache 2.2.21 . Request you to please share
all your experiences... comments.... suggestions.

Thanks
Mayur

jessh
5-Regular Member
(To:gkemner)

FYI, here's the detailed response that didn't get through:

Apache 2.2.22 is in process for being validated for the early
release page.
The latest version the is currently 2.2.21.
As Jess noted, not all security issues apply to windchill use:
Top Tags