Skip to main content
1-Visitor
March 6, 2012
Question

Upgrading Apache

  • March 6, 2012
  • 6 replies
  • 1740 views
I have Apache version 2.2.15 that is running with Windchill 9.1 M060 on Windows Sever 2003 32bit. Our corporate IT says I have to upgrade to Apache version 2.2.22 or new to address certain security issues.

Can I upgrade just Apache without having to upgrade Windchill to a newer maintenance release? Any tricks or challenges to doing that? Or are there only certain Apache versions that work with specific Windchill releases?

Thanks!!

6 replies

1-Visitor
March 6, 2012
Greg,

This link<">http://www.ptc.com/appserver/wcms/standards/freefull.jsp?im_dbkey=73856&icg_dbkey=893> at PTC.com has the latest Windchill Apache versions available for each Windchill release. The latest Apache version posted for versions 9.1 and 10 is 2.2.21.

John M.
12-Amethyst
March 6, 2012
There's an early access page on the technical support site for more
recent Apache releases from PTC
[
12-Amethyst
March 7, 2012
Hi Jess

I have the same issue as Greg, we had penetration tests done and they
found a list of apache vulnerabilities as they always do, this is because
we have an outward facing apache for internet access to Windchill

So I think the issue isn't Windchill use but that apache could be
compromised.. However, having said this could you expand on your comment
"One thing to note about Apache security issues -- most of them don't
apply to Windchill's usage of Apache" this sounds interesting

Cheers


Best Regards

Chris Collinson
CAD Administrator
12-Amethyst
March 7, 2012
One of my colleagues gave a nice summary of the security issues that are
present in 2.2.21 and fixed in 2.2.22.

Unfortunately, it appears that his message did not reach the forum since
he does not subscribe to it. Not realizing this, I deleted his reply
already.

The gist was that none of these security issues apply to Windchill's use
of Apache except possibly:

* SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
could cause the parent to crash at shutdown rather than terminate
cleanly.

I'm not at all sure that this applies to Windchill's use of Apache
either -- but unlike the others it can't quickly be ruled out.

--
Jess Holle

1-Visitor
March 7, 2012
Hello,
We are alo planning to move to Apache 2.2.21 . Request you to please share
all your experiences... comments.... suggestions.

Thanks
Mayur

12-Amethyst
March 7, 2012
FYI, here's the detailed response that didn't get through:

Apache 2.2.22 is in process for being validated for the early
release page.
The latest version the is currently 2.2.21.
As Jess noted, not all security issues apply to windchill use: